000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000020000001b0000f4"], 0xec}}, 0x0) 11:03:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 6) 11:03:08 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000681e0001"], 0xec}}, 0x0) [ 1546.477210] FAULT_INJECTION: forcing a failure. [ 1546.477210] name failslab, interval 1, probability 0, space 0, times 0 [ 1546.478584] CPU: 0 PID: 8989 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1546.479366] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.480293] Call Trace: [ 1546.480609] dump_stack+0x107/0x167 [ 1546.481018] should_fail.cold+0x5/0xa [ 1546.481455] ? create_object.isra.0+0x3a/0xa30 [ 1546.481967] should_failslab+0x5/0x20 [ 1546.482399] kmem_cache_alloc+0x5b/0x310 [ 1546.482861] create_object.isra.0+0x3a/0xa30 [ 1546.483362] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1546.483952] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1546.484526] ? netlink_sendmsg+0x998/0xe00 [ 1546.485018] __alloc_skb+0xb1/0x5b0 [ 1546.485430] netlink_sendmsg+0x998/0xe00 [ 1546.485886] ? netlink_unicast+0xa00/0xa00 [ 1546.486370] ? netlink_unicast+0xa00/0xa00 [ 1546.486845] __sock_sendmsg+0x154/0x190 [ 1546.487299] ____sys_sendmsg+0x70d/0x870 [ 1546.487757] ? sock_write_iter+0x3d0/0x3d0 [ 1546.488229] ? do_recvmmsg+0x6d0/0x6d0 [ 1546.488684] ? lock_downgrade+0x6d0/0x6d0 [ 1546.489154] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1546.489742] ___sys_sendmsg+0xf3/0x170 [ 1546.490181] ? sendmsg_copy_msghdr+0x160/0x160 [ 1546.490702] ? __fget_files+0x2cf/0x520 [ 1546.491149] ? lock_downgrade+0x6d0/0x6d0 [ 1546.491616] ? find_held_lock+0x2c/0x110 [ 1546.492075] ? __fget_files+0x2f8/0x520 [ 1546.492538] ? __fget_light+0xea/0x290 [ 1546.493011] __sys_sendmsg+0xe5/0x1b0 [ 1546.493458] ? __sys_sendmsg_sock+0x40/0x40 [ 1546.493959] ? rcu_read_lock_any_held+0x75/0xa0 [ 1546.494511] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1546.495118] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1546.495718] ? trace_hardirqs_on+0x5b/0x180 [ 1546.496212] do_syscall_64+0x33/0x40 [ 1546.496664] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.497247] RIP: 0033:0x7f3f36935b19 [ 1546.497674] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.499779] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1546.500664] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1546.501482] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1546.502314] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1546.503144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1546.503960] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 11:03:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:03:08 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 30) 11:03:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000f0000001b0000f4"], 0xec}}, 0x0) 11:03:08 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 99) [ 1546.566932] FAULT_INJECTION: forcing a failure. [ 1546.566932] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1546.568394] CPU: 0 PID: 8998 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1546.569196] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.570156] Call Trace: [ 1546.570465] dump_stack+0x107/0x167 [ 1546.570888] should_fail.cold+0x5/0xa [ 1546.571336] _copy_from_user+0x2e/0x1b0 [ 1546.571808] memdup_user+0x65/0xd0 [ 1546.572223] strndup_user+0x74/0xe0 [ 1546.572652] __x64_sys_mount+0x133/0x300 [ 1546.573115] ? copy_mnt_ns+0xa00/0xa00 [ 1546.573581] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1546.574185] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1546.574773] do_syscall_64+0x33/0x40 [ 1546.575216] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.575815] RIP: 0033:0x7f07d2d5a04a [ 1546.576247] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.578379] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1546.579270] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1546.580100] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1546.580942] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1546.581761] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1546.582589] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:03:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00006c1e0001"], 0xec}}, 0x0) [ 1546.632602] FAULT_INJECTION: forcing a failure. [ 1546.632602] name failslab, interval 1, probability 0, space 0, times 0 [ 1546.633992] CPU: 0 PID: 9002 Comm: syz-executor.4 Not tainted 5.10.247 #1 [ 1546.634783] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1546.635743] Call Trace: [ 1546.636060] dump_stack+0x107/0x167 [ 1546.636492] should_fail.cold+0x5/0xa [ 1546.636955] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1546.637537] should_failslab+0x5/0x20 [ 1546.637973] kmem_cache_alloc_trace+0x55/0x320 [ 1546.638497] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1546.639076] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1546.639646] __list_lru_init+0x44d/0x890 [ 1546.640118] alloc_super+0x8b8/0xa90 [ 1546.640550] sget_fc+0x110/0x860 [ 1546.640947] ? set_anon_super+0xc0/0xc0 [ 1546.641414] ? shmem_put_link+0x120/0x120 [ 1546.641887] get_tree_nodev+0x24/0x1d0 [ 1546.642328] vfs_get_tree+0x8e/0x300 [ 1546.642754] path_mount+0x1490/0x21e0 [ 1546.643190] ? strncpy_from_user+0x9e/0x470 [ 1546.643680] ? finish_automount+0xa90/0xa90 [ 1546.644171] ? getname_flags.part.0+0x1dd/0x4f0 [ 1546.644720] __x64_sys_mount+0x282/0x300 [ 1546.645179] ? copy_mnt_ns+0xa00/0xa00 [ 1546.645644] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1546.646252] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1546.646839] do_syscall_64+0x33/0x40 [ 1546.647264] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1546.647849] RIP: 0033:0x7fb764f6304a [ 1546.648271] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1546.650410] RSP: 002b:00007fb7624d6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1546.651296] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb764f6304a [ 1546.652129] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1546.652971] RBP: 00007fb7624d7040 R08: 00007fb7624d7040 R09: 0000000020000080 [ 1546.653807] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1546.654637] R13: 00000000200000c0 R14: 00007fb7624d7000 R15: 00000000200008c0 11:03:08 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:21 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 31) 11:03:21 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 100) 11:03:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000741e0001"], 0xec}}, 0x0) [ 1560.053475] FAULT_INJECTION: forcing a failure. [ 1560.053475] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.056573] CPU: 1 PID: 9016 Comm: syz-executor.4 Not tainted 5.10.247 #1 11:03:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 7) 11:03:21 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) [ 1560.058383] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.060693] Call Trace: [ 1560.061403] dump_stack+0x107/0x167 [ 1560.062340] should_fail.cold+0x5/0xa [ 1560.063340] ? create_object.isra.0+0x3a/0xa30 [ 1560.064538] should_failslab+0x5/0x20 [ 1560.065547] kmem_cache_alloc+0x5b/0x310 [ 1560.066613] ? mark_held_locks+0x9e/0xe0 11:03:21 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1560.067681] create_object.isra.0+0x3a/0xa30 [ 1560.068951] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1560.070299] kmem_cache_alloc_trace+0x151/0x320 [ 1560.071527] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1560.072829] __list_lru_init+0x44d/0x890 [ 1560.073901] alloc_super+0x8b8/0xa90 [ 1560.074882] sget_fc+0x110/0x860 [ 1560.075763] ? set_anon_super+0xc0/0xc0 [ 1560.076811] ? shmem_put_link+0x120/0x120 [ 1560.077884] get_tree_nodev+0x24/0x1d0 11:03:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000ffffff9e0000001b0000f4"], 0xec}}, 0x0) 11:03:21 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1560.078897] vfs_get_tree+0x8e/0x300 [ 1560.080001] path_mount+0x1490/0x21e0 [ 1560.081017] ? strncpy_from_user+0x9e/0x470 [ 1560.082145] ? finish_automount+0xa90/0xa90 [ 1560.083273] ? getname_flags.part.0+0x1dd/0x4f0 [ 1560.084499] __x64_sys_mount+0x282/0x300 [ 1560.085570] ? copy_mnt_ns+0xa00/0xa00 [ 1560.086590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.087955] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.089311] do_syscall_64+0x33/0x40 [ 1560.090281] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.091617] RIP: 0033:0x7fb764f6304a [ 1560.092587] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.097365] RSP: 002b:00007fb7624d6fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1560.099351] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fb764f6304a [ 1560.101223] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1560.103084] RBP: 00007fb7624d7040 R08: 00007fb7624d7040 R09: 0000000020000080 [ 1560.104950] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1560.106794] R13: 00000000200000c0 R14: 00007fb7624d7000 R15: 00000000200008c0 [ 1560.108206] FAULT_INJECTION: forcing a failure. [ 1560.108206] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.110230] CPU: 0 PID: 9026 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1560.111134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.112223] Call Trace: [ 1560.112575] dump_stack+0x107/0x167 [ 1560.113069] should_fail.cold+0x5/0xa [ 1560.113579] ? copy_mount_options+0x55/0x180 [ 1560.114157] should_failslab+0x5/0x20 [ 1560.114667] kmem_cache_alloc_trace+0x55/0x320 [ 1560.115268] copy_mount_options+0x55/0x180 [ 1560.115823] __x64_sys_mount+0x1a8/0x300 [ 1560.116346] ? copy_mnt_ns+0xa00/0xa00 [ 1560.116872] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.117567] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.118248] do_syscall_64+0x33/0x40 [ 1560.118754] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.119435] RIP: 0033:0x7f07d2d5a04a [ 1560.119931] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.122385] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1560.123396] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1560.124332] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1560.125263] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1560.126190] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1560.127130] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:03:22 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1560.136352] FAULT_INJECTION: forcing a failure. [ 1560.136352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1560.139087] CPU: 1 PID: 9027 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1560.140640] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.142539] Call Trace: [ 1560.143147] dump_stack+0x107/0x167 [ 1560.143982] should_fail.cold+0x5/0xa [ 1560.144866] _copy_from_iter_full+0x201/0xa60 [ 1560.145891] ? __virt_addr_valid+0x170/0x5d0 [ 1560.146892] ? __check_object_size+0x319/0x440 [ 1560.147935] netlink_sendmsg+0x879/0xe00 [ 1560.148877] ? netlink_unicast+0xa00/0xa00 [ 1560.149848] ? netlink_unicast+0xa00/0xa00 [ 1560.150811] __sock_sendmsg+0x154/0x190 [ 1560.151718] ____sys_sendmsg+0x70d/0x870 [ 1560.152645] ? sock_write_iter+0x3d0/0x3d0 [ 1560.153618] ? do_recvmmsg+0x6d0/0x6d0 [ 1560.154511] ? lock_downgrade+0x6d0/0x6d0 [ 1560.155457] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1560.156650] ___sys_sendmsg+0xf3/0x170 [ 1560.157547] ? sendmsg_copy_msghdr+0x160/0x160 [ 1560.158590] ? __fget_files+0x2cf/0x520 [ 1560.159495] ? lock_downgrade+0x6d0/0x6d0 [ 1560.160442] ? find_held_lock+0x2c/0x110 [ 1560.161386] ? __fget_files+0x2f8/0x520 [ 1560.162300] ? __fget_light+0xea/0x290 [ 1560.163191] __sys_sendmsg+0xe5/0x1b0 [ 1560.164055] ? __sys_sendmsg_sock+0x40/0x40 [ 1560.165047] ? rcu_read_lock_any_held+0x75/0xa0 [ 1560.166122] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.167320] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.168489] ? trace_hardirqs_on+0x5b/0x180 [ 1560.169481] do_syscall_64+0x33/0x40 [ 1560.170330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.171500] RIP: 0033:0x7f3f36935b19 [ 1560.172346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.176572] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1560.178317] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1560.179942] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1560.181583] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1560.183219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1560.184860] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 11:03:22 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 32) 11:03:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000cf0000001b0000f4"], 0xec}}, 0x0) 11:03:22 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:22 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1560.231029] FAULT_INJECTION: forcing a failure. [ 1560.231029] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.232345] CPU: 0 PID: 9036 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1560.233162] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.234129] Call Trace: [ 1560.234443] dump_stack+0x107/0x167 [ 1560.234867] should_fail.cold+0x5/0xa [ 1560.235316] ? create_object.isra.0+0x3a/0xa30 [ 1560.235856] should_failslab+0x5/0x20 [ 1560.236311] kmem_cache_alloc+0x5b/0x310 [ 1560.236800] create_object.isra.0+0x3a/0xa30 [ 1560.237321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1560.237920] kmem_cache_alloc_trace+0x151/0x320 [ 1560.238478] copy_mount_options+0x55/0x180 [ 1560.238979] __x64_sys_mount+0x1a8/0x300 [ 1560.239458] ? copy_mnt_ns+0xa00/0xa00 [ 1560.239922] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.240545] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.241167] do_syscall_64+0x33/0x40 [ 1560.241608] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.242216] RIP: 0033:0x7f07d2d5a04a [ 1560.242656] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.244831] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1560.245690] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1560.246501] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1560.247305] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1560.248111] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1560.248927] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:03:22 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00'}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:03:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00007a1e0001"], 0xec}}, 0x0) 11:03:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 8) 11:03:22 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1560.304056] FAULT_INJECTION: forcing a failure. [ 1560.304056] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.305393] CPU: 0 PID: 9044 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1560.306168] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.307102] Call Trace: [ 1560.307408] dump_stack+0x107/0x167 [ 1560.307858] should_fail.cold+0x5/0xa [ 1560.308294] ? __alloc_skb+0x6d/0x5b0 [ 1560.308743] should_failslab+0x5/0x20 [ 1560.309179] kmem_cache_alloc_node+0x55/0x330 [ 1560.309688] __alloc_skb+0x6d/0x5b0 [ 1560.310101] netlink_ack+0x1ed/0xab0 [ 1560.310536] ? netlink_sendmsg+0xe00/0xe00 [ 1560.311017] ? lock_acquire+0x197/0x470 [ 1560.311467] ? netlink_deliver_tap+0xf4/0xcc0 [ 1560.311976] netlink_rcv_skb+0x348/0x430 [ 1560.312438] ? rtnl_getlink+0xaa0/0xaa0 [ 1560.312899] ? netlink_ack+0xab0/0xab0 [ 1560.313337] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1560.313855] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1560.314372] ? is_vmalloc_addr+0x7b/0xb0 [ 1560.314833] netlink_unicast+0x6ce/0xa00 [ 1560.315294] ? netlink_attachskb+0xab0/0xab0 [ 1560.315805] netlink_sendmsg+0x90f/0xe00 [ 1560.316265] ? netlink_unicast+0xa00/0xa00 [ 1560.316755] ? netlink_unicast+0xa00/0xa00 [ 1560.317237] __sock_sendmsg+0x154/0x190 [ 1560.317685] ____sys_sendmsg+0x70d/0x870 [ 1560.318147] ? sock_write_iter+0x3d0/0x3d0 [ 1560.318621] ? do_recvmmsg+0x6d0/0x6d0 [ 1560.319062] ? lock_downgrade+0x6d0/0x6d0 [ 1560.319535] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1560.320131] ___sys_sendmsg+0xf3/0x170 [ 1560.320568] ? sendmsg_copy_msghdr+0x160/0x160 [ 1560.321108] ? __fget_files+0x2cf/0x520 [ 1560.321569] ? lock_downgrade+0x6d0/0x6d0 [ 1560.322039] ? find_held_lock+0x2c/0x110 [ 1560.322502] ? __fget_files+0x2f8/0x520 [ 1560.322957] ? __fget_light+0xea/0x290 [ 1560.323399] __sys_sendmsg+0xe5/0x1b0 [ 1560.323827] ? __sys_sendmsg_sock+0x40/0x40 [ 1560.324317] ? rcu_read_lock_any_held+0x75/0xa0 [ 1560.324862] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.325456] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.326037] ? trace_hardirqs_on+0x5b/0x180 [ 1560.326526] do_syscall_64+0x33/0x40 [ 1560.326955] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.327535] RIP: 0033:0x7f3f36935b19 [ 1560.327963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.330061] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1560.330931] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1560.331743] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1560.332551] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1560.333365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1560.334173] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 11:03:22 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:22 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(0xffffffffffffffff, r2, 0x0, 0x500000001) dup2(r0, r1) 11:03:22 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 33) [ 1560.407799] FAULT_INJECTION: forcing a failure. [ 1560.407799] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.409134] CPU: 0 PID: 9054 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1560.409909] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1560.410844] Call Trace: [ 1560.411150] dump_stack+0x107/0x167 [ 1560.411566] should_fail.cold+0x5/0xa [ 1560.412000] ? create_object.isra.0+0x3a/0xa30 [ 1560.412517] should_failslab+0x5/0x20 [ 1560.412959] kmem_cache_alloc+0x5b/0x310 [ 1560.413420] create_object.isra.0+0x3a/0xa30 [ 1560.413914] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1560.414493] kmem_cache_alloc_trace+0x151/0x320 [ 1560.415017] ? _copy_from_user+0xfb/0x1b0 [ 1560.415492] copy_mount_options+0x55/0x180 [ 1560.415972] __x64_sys_mount+0x1a8/0x300 [ 1560.416430] ? copy_mnt_ns+0xa00/0xa00 [ 1560.416884] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1560.417481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1560.418066] do_syscall_64+0x33/0x40 [ 1560.418488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1560.419075] RIP: 0033:0x7f07d2d5a04a [ 1560.419496] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1560.421580] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1560.422443] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1560.423250] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1560.424057] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1560.424876] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1560.425684] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:03:35 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000fffffff00000001b0000f4"], 0xec}}, 0x0) 11:03:35 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:35 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(0xffffffffffffffff, r2, 0x0, 0x500000001) dup2(r0, r1) 11:03:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 9) 11:03:35 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}]}}) 11:03:35 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 34) 11:03:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000811e0001"], 0xec}}, 0x0) [ 1573.832780] FAULT_INJECTION: forcing a failure. [ 1573.832780] name failslab, interval 1, probability 0, space 0, times 0 [ 1573.835186] CPU: 0 PID: 9074 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1573.836632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1573.838383] Call Trace: [ 1573.838941] dump_stack+0x107/0x167 [ 1573.839712] should_fail.cold+0x5/0xa [ 1573.840515] ? create_object.isra.0+0x3a/0xa30 [ 1573.841480] should_failslab+0x5/0x20 [ 1573.842281] kmem_cache_alloc+0x5b/0x310 [ 1573.843139] create_object.isra.0+0x3a/0xa30 [ 1573.844066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1573.845158] kmem_cache_alloc_node+0x169/0x330 [ 1573.846127] __alloc_skb+0x6d/0x5b0 [ 1573.846898] netlink_ack+0x1ed/0xab0 [ 1573.847687] ? netlink_sendmsg+0xe00/0xe00 [ 1573.848577] ? lock_acquire+0x197/0x470 [ 1573.849424] ? netlink_deliver_tap+0xf4/0xcc0 [ 1573.850373] netlink_rcv_skb+0x348/0x430 [ 1573.851234] ? rtnl_getlink+0xaa0/0xaa0 [ 1573.852102] ? netlink_ack+0xab0/0xab0 [ 1573.853043] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1573.854149] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1573.855254] ? is_vmalloc_addr+0x7b/0xb0 [ 1573.856240] netlink_unicast+0x6ce/0xa00 [ 1573.857246] ? netlink_attachskb+0xab0/0xab0 [ 1573.858322] netlink_sendmsg+0x90f/0xe00 [ 1573.859305] ? netlink_unicast+0xa00/0xa00 [ 1573.860334] ? netlink_unicast+0xa00/0xa00 [ 1573.861365] __sock_sendmsg+0x154/0x190 [ 1573.862322] ____sys_sendmsg+0x70d/0x870 [ 1573.863309] ? sock_write_iter+0x3d0/0x3d0 [ 1573.864332] ? do_recvmmsg+0x6d0/0x6d0 [ 1573.865279] ? lock_downgrade+0x6d0/0x6d0 [ 1573.866283] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1573.867548] ___sys_sendmsg+0xf3/0x170 [ 1573.868465] ? sendmsg_copy_msghdr+0x160/0x160 [ 1573.869557] ? __fget_files+0x2cf/0x520 [ 1573.870490] ? lock_downgrade+0x6d0/0x6d0 [ 1573.871473] ? find_held_lock+0x2c/0x110 [ 1573.872436] ? __fget_files+0x2f8/0x520 [ 1573.873396] ? __fget_light+0xea/0x290 [ 1573.874333] __sys_sendmsg+0xe5/0x1b0 [ 1573.875238] ? __sys_sendmsg_sock+0x40/0x40 [ 1573.876262] ? rcu_read_lock_any_held+0x75/0xa0 [ 1573.877397] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1573.878650] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1573.879884] ? trace_hardirqs_on+0x5b/0x180 [ 1573.880924] do_syscall_64+0x33/0x40 [ 1573.881818] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1573.883048] RIP: 0033:0x7f3f36935b19 [ 1573.883930] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1573.888318] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1573.890154] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1573.891867] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1573.893601] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1573.895300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1573.897023] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 [ 1573.919764] FAULT_INJECTION: forcing a failure. 11:03:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000f0ffff0000001b0000f4"], 0xec}}, 0x0) 11:03:35 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1573.919764] name failslab, interval 1, probability 0, space 0, times 0 [ 1573.922718] CPU: 0 PID: 9081 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1573.924324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1573.926274] Call Trace: [ 1573.926896] dump_stack+0x107/0x167 [ 1573.927760] should_fail.cold+0x5/0xa [ 1573.928662] ? getname_flags.part.0+0x50/0x4f0 [ 1573.929732] should_failslab+0x5/0x20 11:03:35 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(0xffffffffffffffff, r2, 0x0, 0x500000001) dup2(r0, r1) [ 1573.930631] kmem_cache_alloc+0x5b/0x310 [ 1573.931623] getname_flags.part.0+0x50/0x4f0 [ 1573.932664] user_path_at_empty+0xa1/0x100 [ 1573.933667] __x64_sys_mount+0x1e9/0x300 [ 1573.934598] ? copy_mnt_ns+0xa00/0xa00 [ 1573.935507] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1573.936749] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1573.937971] do_syscall_64+0x33/0x40 [ 1573.938839] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1573.940029] RIP: 0033:0x7f07d2d5a04a [ 1573.940900] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1573.945177] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1573.946938] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1573.948599] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1573.950276] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1573.951922] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1573.953584] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:03:35 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}]}}) 11:03:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000f01e0001"], 0xec}}, 0x0) 11:03:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 10) 11:03:50 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 11:03:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100007fffffff0000001b0000f4"], 0xec}}, 0x0) 11:03:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:50 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 35) 11:03:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, 0xffffffffffffffff, 0x0, 0x500000001) dup2(r0, r1) [ 1588.323081] FAULT_INJECTION: forcing a failure. [ 1588.323081] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.325568] CPU: 0 PID: 9108 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1588.326986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.328688] Call Trace: [ 1588.329249] dump_stack+0x107/0x167 [ 1588.329998] should_fail.cold+0x5/0xa [ 1588.330778] should_failslab+0x5/0x20 [ 1588.331558] __kmalloc_node_track_caller+0x74/0x3b0 [ 1588.332576] ? netlink_ack+0x1ed/0xab0 [ 1588.333394] __alloc_skb+0xb1/0x5b0 [ 1588.334140] netlink_ack+0x1ed/0xab0 [ 1588.334905] ? netlink_sendmsg+0xe00/0xe00 [ 1588.335783] ? lock_acquire+0x197/0x470 [ 1588.336587] ? netlink_deliver_tap+0xf4/0xcc0 [ 1588.337519] netlink_rcv_skb+0x348/0x430 [ 1588.338352] ? rtnl_getlink+0xaa0/0xaa0 [ 1588.338454] FAULT_INJECTION: forcing a failure. [ 1588.338454] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.339160] ? netlink_ack+0xab0/0xab0 [ 1588.339179] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1588.339202] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1588.339231] ? is_vmalloc_addr+0x7b/0xb0 [ 1588.345480] netlink_unicast+0x6ce/0xa00 [ 1588.346322] ? netlink_attachskb+0xab0/0xab0 [ 1588.347226] netlink_sendmsg+0x90f/0xe00 [ 1588.348061] ? netlink_unicast+0xa00/0xa00 [ 1588.348932] ? netlink_unicast+0xa00/0xa00 [ 1588.349807] __sock_sendmsg+0x154/0x190 [ 1588.350620] ____sys_sendmsg+0x70d/0x870 [ 1588.351449] ? sock_write_iter+0x3d0/0x3d0 [ 1588.352304] ? do_recvmmsg+0x6d0/0x6d0 [ 1588.353109] ? lock_downgrade+0x6d0/0x6d0 [ 1588.353953] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1588.355018] ___sys_sendmsg+0xf3/0x170 [ 1588.355811] ? sendmsg_copy_msghdr+0x160/0x160 [ 1588.356743] ? __fget_files+0x2cf/0x520 [ 1588.357560] ? lock_downgrade+0x6d0/0x6d0 [ 1588.358403] ? find_held_lock+0x2c/0x110 [ 1588.359233] ? __fget_files+0x2f8/0x520 [ 1588.360054] ? __fget_light+0xea/0x290 [ 1588.360843] __sys_sendmsg+0xe5/0x1b0 [ 1588.361614] ? __sys_sendmsg_sock+0x40/0x40 [ 1588.362488] ? rcu_read_lock_any_held+0x75/0xa0 [ 1588.363438] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.364498] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.365540] ? trace_hardirqs_on+0x5b/0x180 [ 1588.366403] do_syscall_64+0x33/0x40 [ 1588.367154] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.368188] RIP: 0033:0x7f3f36935b19 [ 1588.368949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.372680] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1588.374222] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1588.375661] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1588.377111] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1588.378552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.379994] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 [ 1588.381484] CPU: 1 PID: 9109 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1588.382965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.384700] Call Trace: [ 1588.385288] dump_stack+0x107/0x167 [ 1588.386050] should_fail.cold+0x5/0xa [ 1588.386854] ? create_object.isra.0+0x3a/0xa30 [ 1588.387811] should_failslab+0x5/0x20 [ 1588.388618] kmem_cache_alloc+0x5b/0x310 [ 1588.389486] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.390594] create_object.isra.0+0x3a/0xa30 [ 1588.391513] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.392587] kmem_cache_alloc+0x159/0x310 [ 1588.393470] getname_flags.part.0+0x50/0x4f0 [ 1588.394399] user_path_at_empty+0xa1/0x100 [ 1588.395281] __x64_sys_mount+0x1e9/0x300 [ 1588.396125] ? copy_mnt_ns+0xa00/0xa00 [ 1588.396946] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.398052] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.399136] do_syscall_64+0x33/0x40 [ 1588.399911] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.400989] RIP: 0033:0x7f07d2d5a04a [ 1588.401774] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.405627] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1588.407226] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1588.408728] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1588.410226] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1588.411720] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1588.413218] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1588.426121] 9pnet: Insufficient options for proto=fd 11:03:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000000f0001"], 0xec}}, 0x0) 11:03:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100009effffff0000001b0000f4"], 0xec}}, 0x0) [ 1588.482749] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=9115 comm=syz-executor.7 11:03:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:03:50 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 11:03:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, 0xffffffffffffffff, 0x0, 0x500000001) dup2(r0, r1) 11:03:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000110001"], 0xec}}, 0x0) 11:03:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000f0ffffff0000001b0000f4"], 0xec}}, 0x0) 11:03:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1588.586032] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. 11:04:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000120001"], 0xec}}, 0x0) 11:04:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, 0xffffffffffffffff, 0x0, 0x500000001) dup2(r0, r1) 11:04:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 36) 11:04:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 11) 11:04:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}]}}) 11:04:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000000810000f4"], 0xec}}, 0x0) [ 1602.802316] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1602.812820] FAULT_INJECTION: forcing a failure. [ 1602.812820] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.815523] CPU: 1 PID: 9152 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1602.817115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.819039] Call Trace: [ 1602.819656] dump_stack+0x107/0x167 [ 1602.820508] should_fail.cold+0x5/0xa [ 1602.821409] ? create_object.isra.0+0x3a/0xa30 [ 1602.822469] should_failslab+0x5/0x20 [ 1602.823357] kmem_cache_alloc+0x5b/0x310 [ 1602.824306] create_object.isra.0+0x3a/0xa30 [ 1602.825332] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1602.826518] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1602.827683] ? netlink_ack+0x1ed/0xab0 [ 1602.828581] __alloc_skb+0xb1/0x5b0 [ 1602.829438] netlink_ack+0x1ed/0xab0 [ 1602.830295] ? netlink_sendmsg+0xe00/0xe00 [ 1602.831266] ? lock_acquire+0x197/0x470 [ 1602.832174] ? netlink_deliver_tap+0xf4/0xcc0 [ 1602.833210] netlink_rcv_skb+0x348/0x430 [ 1602.834151] ? rtnl_getlink+0xaa0/0xaa0 [ 1602.835062] ? netlink_ack+0xab0/0xab0 [ 1602.835958] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1602.837010] ? netlink_deliver_tap+0x1c4/0xcc0 [ 1602.838070] ? is_vmalloc_addr+0x7b/0xb0 [ 1602.839002] netlink_unicast+0x6ce/0xa00 [ 1602.839937] ? netlink_attachskb+0xab0/0xab0 [ 1602.840957] netlink_sendmsg+0x90f/0xe00 [ 1602.841899] ? netlink_unicast+0xa00/0xa00 [ 1602.842877] ? netlink_unicast+0xa00/0xa00 [ 1602.843847] __sock_sendmsg+0x154/0x190 [ 1602.844767] ____sys_sendmsg+0x70d/0x870 [ 1602.845740] ? sock_write_iter+0x3d0/0x3d0 [ 1602.846739] ? do_recvmmsg+0x6d0/0x6d0 [ 1602.847661] ? lock_downgrade+0x6d0/0x6d0 [ 1602.848647] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1602.849894] ___sys_sendmsg+0xf3/0x170 [ 1602.850814] ? sendmsg_copy_msghdr+0x160/0x160 [ 1602.851902] ? __fget_files+0x2cf/0x520 [ 1602.852838] ? lock_downgrade+0x6d0/0x6d0 [ 1602.853827] ? find_held_lock+0x2c/0x110 [ 1602.854796] ? __fget_files+0x2f8/0x520 [ 1602.855742] ? __fget_light+0xea/0x290 [ 1602.856669] __sys_sendmsg+0xe5/0x1b0 [ 1602.857576] ? __sys_sendmsg_sock+0x40/0x40 [ 1602.858603] ? rcu_read_lock_any_held+0x75/0xa0 [ 1602.859720] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.860960] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.862186] ? trace_hardirqs_on+0x5b/0x180 [ 1602.863179] do_syscall_64+0x33/0x40 [ 1602.864061] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.865273] RIP: 0033:0x7f3f36935b19 [ 1602.866162] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.870529] RSP: 002b:00007f3f33eab188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1602.872327] RAX: ffffffffffffffda RBX: 00007f3f36a48f60 RCX: 00007f3f36935b19 [ 1602.874012] RDX: 0000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 [ 1602.875693] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1602.877384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1602.879056] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 [ 1602.882402] FAULT_INJECTION: forcing a failure. [ 1602.882402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1602.884513] CPU: 0 PID: 9151 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1602.885683] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1602.887104] Call Trace: [ 1602.887555] dump_stack+0x107/0x167 [ 1602.888176] should_fail.cold+0x5/0xa [ 1602.888834] strncpy_from_user+0x34/0x470 [ 1602.889550] getname_flags.part.0+0x95/0x4f0 [ 1602.890308] user_path_at_empty+0xa1/0x100 [ 1602.891026] __x64_sys_mount+0x1e9/0x300 [ 1602.891711] ? copy_mnt_ns+0xa00/0xa00 [ 1602.892377] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1602.893300] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1602.894177] do_syscall_64+0x33/0x40 [ 1602.894823] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1602.895705] RIP: 0033:0x7f07d2d5a04a [ 1602.896330] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1602.899470] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1602.900756] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1602.901960] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1602.903171] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1602.904385] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1602.905599] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000130001"], 0xec}}, 0x0) 11:04:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xd, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000200000000001b0000f4"], 0xec}}, 0x0) [ 1602.968738] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. 11:04:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x0) dup2(r0, r1) 11:04:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 37) 11:04:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000140001"], 0xec}}, 0x0) 11:04:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) 11:04:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) (fail_nth: 12) 11:04:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000800000000001b0000f4"], 0xec}}, 0x0) [ 1603.100572] FAULT_INJECTION: forcing a failure. [ 1603.100572] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.103181] FAULT_INJECTION: forcing a failure. [ 1603.103181] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1603.103411] CPU: 1 PID: 9170 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1603.106975] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.109007] Call Trace: [ 1603.109713] dump_stack+0x107/0x167 [ 1603.110608] should_fail.cold+0x5/0xa [ 1603.111529] ? alloc_fs_context+0x57/0x840 [ 1603.112551] should_failslab+0x5/0x20 [ 1603.113492] kmem_cache_alloc_trace+0x55/0x320 [ 1603.114608] alloc_fs_context+0x57/0x840 [ 1603.115608] path_mount+0xab1/0x21e0 [ 1603.116517] ? strncpy_from_user+0x9e/0x470 [ 1603.117576] ? finish_automount+0xa90/0xa90 [ 1603.118621] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.119746] __x64_sys_mount+0x282/0x300 [ 1603.120725] ? copy_mnt_ns+0xa00/0xa00 [ 1603.121684] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.122948] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.124204] do_syscall_64+0x33/0x40 [ 1603.125093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.126343] RIP: 0033:0x7f07d2d5a04a [ 1603.127233] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.131685] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1603.133518] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1603.135209] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1603.136905] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1603.138605] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1603.140296] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1603.142026] CPU: 0 PID: 9173 Comm: syz-executor.5 Not tainted 5.10.247 #1 [ 1603.143210] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.144608] Call Trace: [ 1603.145080] dump_stack+0x107/0x167 [ 1603.145712] should_fail.cold+0x5/0xa [ 1603.146370] _copy_to_user+0x2e/0x180 [ 1603.147017] simple_read_from_buffer+0xcc/0x160 [ 1603.147805] proc_fail_nth_read+0x198/0x230 [ 1603.148540] ? proc_sessionid_read+0x230/0x230 [ 1603.149325] ? security_file_permission+0xb1/0xe0 [ 1603.150122] ? proc_sessionid_read+0x230/0x230 [ 1603.150871] vfs_read+0x228/0x620 [ 1603.151456] ksys_read+0x12d/0x260 11:04:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1603.152045] ? vfs_write+0xb10/0xb10 [ 1603.152843] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.153749] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.154639] do_syscall_64+0x33/0x40 [ 1603.155281] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.156165] RIP: 0033:0x7f3f368e869c [ 1603.156805] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1603.159964] RSP: 002b:00007f3f33eab170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1603.161290] RAX: ffffffffffffffda RBX: 00000000000000ec RCX: 00007f3f368e869c [ 1603.162515] RDX: 000000000000000f RSI: 00007f3f33eab1e0 RDI: 0000000000000004 [ 1603.163736] RBP: 00007f3f33eab1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1603.164959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1603.166181] R13: 00007fff7f30379f R14: 00007f3f33eab300 R15: 0000000000022000 11:04:18 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 38) 11:04:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}]}}) [ 1616.928385] FAULT_INJECTION: forcing a failure. [ 1616.928385] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.930975] CPU: 1 PID: 9195 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1616.932492] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1616.934357] Call Trace: [ 1616.934955] dump_stack+0x107/0x167 [ 1616.935762] should_fail.cold+0x5/0xa [ 1616.936609] ? create_object.isra.0+0x3a/0xa30 [ 1616.937645] should_failslab+0x5/0x20 [ 1616.938495] kmem_cache_alloc+0x5b/0x310 [ 1616.939405] create_object.isra.0+0x3a/0xa30 [ 1616.940380] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1616.941538] kmem_cache_alloc_trace+0x151/0x320 [ 1616.942577] alloc_fs_context+0x57/0x840 [ 1616.943490] path_mount+0xab1/0x21e0 11:04:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000f00000000001b0000f4"], 0xec}}, 0x0) 11:04:18 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:18 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x0) dup2(r0, r1) 11:04:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000150001"], 0xec}}, 0x0) 11:04:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) [ 1616.944328] ? strncpy_from_user+0x9e/0x470 [ 1616.945539] ? finish_automount+0xa90/0xa90 [ 1616.946498] ? getname_flags.part.0+0x1dd/0x4f0 [ 1616.947537] __x64_sys_mount+0x282/0x300 [ 1616.948436] ? copy_mnt_ns+0xa00/0xa00 [ 1616.949317] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1616.950484] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1616.951624] do_syscall_64+0x33/0x40 [ 1616.952453] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1616.953608] RIP: 0033:0x7f07d2d5a04a [ 1616.954430] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1616.958504] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1616.960180] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1616.961770] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1616.963360] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1616.964935] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1616.966523] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}]}}) 11:04:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 39) 11:04:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000160001"], 0xec}}, 0x0) 11:04:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000cf00000000001b0000f4"], 0xec}}, 0x0) 11:04:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x0) dup2(r0, r1) [ 1630.097676] FAULT_INJECTION: forcing a failure. [ 1630.097676] name failslab, interval 1, probability 0, space 0, times 0 [ 1630.099144] CPU: 0 PID: 9224 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1630.099983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1630.100997] Call Trace: [ 1630.101324] dump_stack+0x107/0x167 [ 1630.101776] should_fail.cold+0x5/0xa [ 1630.102249] ? shmem_init_fs_context+0x41/0x280 [ 1630.102815] should_failslab+0x5/0x20 [ 1630.103281] kmem_cache_alloc_trace+0x55/0x320 [ 1630.103839] ? lockdep_init_map_type+0x2c7/0x780 [ 1630.104413] ? shmem_create+0x30/0x30 [ 1630.104874] shmem_init_fs_context+0x41/0x280 [ 1630.105418] ? shmem_create+0x30/0x30 [ 1630.105885] alloc_fs_context+0x4fd/0x840 [ 1630.106393] path_mount+0xab1/0x21e0 [ 1630.106850] ? strncpy_from_user+0x9e/0x470 [ 1630.107370] ? finish_automount+0xa90/0xa90 [ 1630.107895] ? getname_flags.part.0+0x1dd/0x4f0 [ 1630.108466] __x64_sys_mount+0x282/0x300 [ 1630.108958] ? copy_mnt_ns+0xa00/0xa00 [ 1630.109434] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1630.110075] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1630.110701] do_syscall_64+0x33/0x40 [ 1630.111168] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1630.111789] RIP: 0033:0x7f07d2d5a04a [ 1630.112240] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1630.114469] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1630.115389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1630.116253] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1630.117114] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1630.117980] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1630.118841] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000f000000000001b0000f4"], 0xec}}, 0x0) 11:04:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000180001"], 0xec}}, 0x0) 11:04:32 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000f000000001b0000f4"], 0xec}}, 0x0) 11:04:32 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:32 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 40) 11:04:32 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(0xffffffffffffffff, r0) 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000cf000000001b0000f4"], 0xec}}, 0x0) 11:04:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000190001"], 0xec}}, 0x0) 11:04:32 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}]}}) 11:04:32 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000f0000000001b0000f4"], 0xec}}, 0x0) [ 1630.342418] FAULT_INJECTION: forcing a failure. [ 1630.342418] name failslab, interval 1, probability 0, space 0, times 0 [ 1630.343774] CPU: 0 PID: 9248 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1630.344562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1630.345508] Call Trace: [ 1630.345822] dump_stack+0x107/0x167 [ 1630.346238] should_fail.cold+0x5/0xa [ 1630.346673] ? create_object.isra.0+0x3a/0xa30 [ 1630.347193] should_failslab+0x5/0x20 [ 1630.347626] kmem_cache_alloc+0x5b/0x310 [ 1630.348092] create_object.isra.0+0x3a/0xa30 [ 1630.348593] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1630.349175] kmem_cache_alloc_trace+0x151/0x320 [ 1630.349711] alloc_fs_context+0x57/0x840 [ 1630.350176] path_mount+0xab1/0x21e0 [ 1630.350601] ? strncpy_from_user+0x9e/0x470 [ 1630.351092] ? finish_automount+0xa90/0xa90 [ 1630.351589] ? getname_flags.part.0+0x1dd/0x4f0 [ 1630.352120] __x64_sys_mount+0x282/0x300 [ 1630.352579] ? copy_mnt_ns+0xa00/0xa00 [ 1630.353025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1630.353632] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1630.354221] do_syscall_64+0x33/0x40 [ 1630.354652] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1630.355237] RIP: 0033:0x7f07d2d5a04a [ 1630.355660] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1630.357753] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1630.358617] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1630.359425] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1630.360232] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1630.361046] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1630.361869] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001a0001"], 0xec}}, 0x0) 11:04:32 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001c0001"], 0xec}}, 0x0) 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000080000001b0000f4"], 0xec}}, 0x0) 11:04:32 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 41) [ 1630.454020] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:04:32 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x8, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000fffff00000001b0000f4"], 0xec}}, 0x0) 11:04:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) [ 1630.570895] FAULT_INJECTION: forcing a failure. [ 1630.570895] name failslab, interval 1, probability 0, space 0, times 0 [ 1630.572292] CPU: 0 PID: 9272 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1630.573072] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1630.574022] Call Trace: [ 1630.574330] dump_stack+0x107/0x167 [ 1630.574745] should_fail.cold+0x5/0xa [ 1630.575179] should_failslab+0x5/0x20 [ 1630.575613] __kmalloc_track_caller+0x79/0x370 [ 1630.576132] ? vfs_parse_fs_string+0xc0/0x150 [ 1630.576641] kmemdup_nul+0x2d/0xa0 [ 1630.577050] vfs_parse_fs_string+0xc0/0x150 [ 1630.577535] ? vfs_parse_fs_param+0x560/0x560 [ 1630.578058] shmem_parse_options+0x160/0x250 [ 1630.578563] path_mount+0x1448/0x21e0 [ 1630.579002] ? strncpy_from_user+0x9e/0x470 [ 1630.579491] ? finish_automount+0xa90/0xa90 [ 1630.579984] ? getname_flags.part.0+0x1dd/0x4f0 [ 1630.580515] __x64_sys_mount+0x282/0x300 [ 1630.580973] ? copy_mnt_ns+0xa00/0xa00 [ 1630.581418] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1630.582022] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1630.582609] do_syscall_64+0x33/0x40 [ 1630.583037] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1630.583619] RIP: 0033:0x7f07d2d5a04a [ 1630.584040] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1630.586139] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1630.587002] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1630.587817] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1630.588627] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1630.589442] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1630.590258] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000100001b0000f4"], 0xec}}, 0x0) 11:04:44 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc1, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000021e0001"], 0xec}}, 0x0) 11:04:44 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:44 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(0xffffffffffffffff, r0) 11:04:44 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 42) 11:04:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) [ 1642.641416] FAULT_INJECTION: forcing a failure. [ 1642.641416] name failslab, interval 1, probability 0, space 0, times 0 [ 1642.644030] CPU: 0 PID: 9288 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1642.645562] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1642.647445] Call Trace: [ 1642.648044] dump_stack+0x107/0x167 [ 1642.648870] should_fail.cold+0x5/0xa 11:04:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000031e0001"], 0xec}}, 0x0) [ 1642.649800] ? create_object.isra.0+0x3a/0xa30 [ 1642.650843] should_failslab+0x5/0x20 [ 1642.651695] kmem_cache_alloc+0x5b/0x310 [ 1642.652611] create_object.isra.0+0x3a/0xa30 [ 1642.653603] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1642.654756] __kmalloc_track_caller+0x177/0x370 [ 1642.655796] ? vfs_parse_fs_string+0xc0/0x150 [ 1642.656803] kmemdup_nul+0x2d/0xa0 [ 1642.657594] vfs_parse_fs_string+0xc0/0x150 [ 1642.658565] ? vfs_parse_fs_param+0x560/0x560 [ 1642.659583] shmem_parse_options+0x160/0x250 [ 1642.660584] path_mount+0x1448/0x21e0 [ 1642.661445] ? strncpy_from_user+0x9e/0x470 [ 1642.662423] ? finish_automount+0xa90/0xa90 [ 1642.663400] ? getname_flags.part.0+0x1dd/0x4f0 [ 1642.664454] __x64_sys_mount+0x282/0x300 [ 1642.665362] ? copy_mnt_ns+0xa00/0xa00 [ 1642.666254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1642.667428] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1642.668589] do_syscall_64+0x33/0x40 [ 1642.669423] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1642.670587] RIP: 0033:0x7f07d2d5a04a [ 1642.671420] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1642.675539] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1642.677263] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1642.678882] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1642.680485] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1642.682097] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1642.683704] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:59 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r0 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(0xffffffffffffffff, r0) 11:04:59 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:04:59 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:59 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000041e0001"], 0xec}}, 0x0) 11:04:59 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:59 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc4, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:04:59 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 43) 11:04:59 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000200001b0000f4"], 0xec}}, 0x0) [ 1658.024364] FAULT_INJECTION: forcing a failure. [ 1658.024364] name failslab, interval 1, probability 0, space 0, times 0 [ 1658.027258] CPU: 0 PID: 9319 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1658.028951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1658.031027] Call Trace: [ 1658.031691] dump_stack+0x107/0x167 [ 1658.032599] should_fail.cold+0x5/0xa [ 1658.033552] ? create_object.isra.0+0x3a/0xa30 [ 1658.034704] should_failslab+0x5/0x20 [ 1658.035662] kmem_cache_alloc+0x5b/0x310 [ 1658.036677] create_object.isra.0+0x3a/0xa30 [ 1658.037759] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1658.039025] __kmalloc_track_caller+0x177/0x370 [ 1658.040146] ? vfs_parse_fs_string+0xc0/0x150 [ 1658.041251] kmemdup_nul+0x2d/0xa0 [ 1658.042007] vfs_parse_fs_string+0xc0/0x150 [ 1658.043074] ? vfs_parse_fs_param+0x560/0x560 [ 1658.044196] shmem_parse_options+0x160/0x250 [ 1658.045277] path_mount+0x1448/0x21e0 [ 1658.046234] ? strncpy_from_user+0x9e/0x470 [ 1658.047317] ? finish_automount+0xa90/0xa90 [ 1658.048365] ? getname_flags.part.0+0x1dd/0x4f0 [ 1658.049523] __x64_sys_mount+0x282/0x300 [ 1658.050528] ? copy_mnt_ns+0xa00/0xa00 [ 1658.051492] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1658.052576] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1658.053836] do_syscall_64+0x33/0x40 [ 1658.054767] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1658.056022] RIP: 0033:0x7f07d2d5a04a [ 1658.056933] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1658.061414] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1658.063300] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1658.065060] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1658.066816] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1658.068553] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1658.070300] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:04:59 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000051e0001"], 0xec}}, 0x0) 11:05:00 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x351, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000f00001b0000f4"], 0xec}}, 0x0) 11:05:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x233, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:00 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:00 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x300, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000061e0001"], 0xec}}, 0x0) 11:05:13 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 44) 11:05:13 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(r0, 0xffffffffffffffff) 11:05:13 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x480, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:13 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000ffffff9e00001b0000f4"], 0xec}}, 0x0) 11:05:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf00, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:13 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:13 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000071e0001"], 0xec}}, 0x0) 11:05:13 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x480, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1671.229655] FAULT_INJECTION: forcing a failure. [ 1671.229655] name failslab, interval 1, probability 0, space 0, times 0 [ 1671.232090] CPU: 1 PID: 9362 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1671.233534] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1671.235297] Call Trace: [ 1671.235858] dump_stack+0x107/0x167 [ 1671.236630] should_fail.cold+0x5/0xa [ 1671.237436] ? create_object.isra.0+0x3a/0xa30 [ 1671.238405] should_failslab+0x5/0x20 [ 1671.239203] kmem_cache_alloc+0x5b/0x310 [ 1671.240065] create_object.isra.0+0x3a/0xa30 [ 1671.240991] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1671.242058] __kmalloc_track_caller+0x177/0x370 [ 1671.243048] ? vfs_parse_fs_string+0xc0/0x150 [ 1671.243990] kmemdup_nul+0x2d/0xa0 [ 1671.244735] vfs_parse_fs_string+0xc0/0x150 [ 1671.245641] ? vfs_parse_fs_param+0x560/0x560 [ 1671.246615] shmem_parse_options+0x160/0x250 [ 1671.247541] path_mount+0x1448/0x21e0 [ 1671.248355] ? strncpy_from_user+0x9e/0x470 [ 1671.249258] ? finish_automount+0xa90/0xa90 [ 1671.250185] ? getname_flags.part.0+0x1dd/0x4f0 [ 1671.251177] __x64_sys_mount+0x282/0x300 [ 1671.252024] ? copy_mnt_ns+0xa00/0xa00 [ 1671.252847] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1671.253944] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1671.255041] do_syscall_64+0x33/0x40 [ 1671.255822] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1671.256898] RIP: 0033:0x7f07d2d5a04a [ 1671.257687] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1671.261558] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1671.263166] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1671.264652] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1671.266163] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1671.267660] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1671.269157] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:05:13 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000091e0001"], 0xec}}, 0x0) 11:05:13 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3302, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:13 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:13 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000cf00001b0000f4"], 0xec}}, 0x0) 11:05:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00000a1e0001"], 0xec}}, 0x0) 11:05:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(r0, 0xffffffffffffffff) 11:05:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x8100, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:26 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 45) 11:05:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000fffffff000001b0000f4"], 0xec}}, 0x0) [ 1684.421780] FAULT_INJECTION: forcing a failure. [ 1684.421780] name failslab, interval 1, probability 0, space 0, times 0 [ 1684.423168] CPU: 0 PID: 9396 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1684.423976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1684.424963] Call Trace: [ 1684.425286] dump_stack+0x107/0x167 [ 1684.425720] should_fail.cold+0x5/0xa [ 1684.426177] ? mpol_new+0x11f/0x2d0 [ 1684.426618] should_failslab+0x5/0x20 [ 1684.427073] kmem_cache_alloc+0x5b/0x310 [ 1684.427560] mpol_new+0x11f/0x2d0 [ 1684.427977] mpol_parse_str+0x427/0xac0 [ 1684.428455] ? fs_param_is_string+0x136/0x1a0 [ 1684.428984] ? numa_default_policy+0x10/0x10 [ 1684.429519] shmem_parse_one+0x625/0xbd0 [ 1684.430006] ? selinux_key_getsecurity+0x190/0x190 [ 1684.430599] ? shmem_parse_options+0x250/0x250 [ 1684.431144] ? trace_hardirqs_on+0x5b/0x180 [ 1684.431665] ? shmem_parse_options+0x250/0x250 [ 1684.432210] vfs_parse_fs_param+0x20d/0x560 [ 1684.432725] vfs_parse_fs_string+0xe6/0x150 [ 1684.433239] ? vfs_parse_fs_param+0x560/0x560 [ 1684.433780] shmem_parse_options+0x160/0x250 [ 1684.434316] path_mount+0x1448/0x21e0 [ 1684.434773] ? strncpy_from_user+0x9e/0x470 [ 1684.435287] ? finish_automount+0xa90/0xa90 [ 1684.435796] ? getname_flags.part.0+0x1dd/0x4f0 [ 1684.436354] __x64_sys_mount+0x282/0x300 [ 1684.436842] ? copy_mnt_ns+0xa00/0xa00 [ 1684.437308] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1684.437937] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1684.438554] do_syscall_64+0x33/0x40 [ 1684.438989] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1684.439599] RIP: 0033:0x7f07d2d5a04a [ 1684.440033] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1684.442221] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1684.443132] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1684.443986] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1684.444831] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1684.445680] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1684.446528] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1684.447436] tmpfs: Bad value for 'mpol' 11:05:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00000f1e0001"], 0xec}}, 0x0) 11:05:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000f0ffff00001b0000f4"], 0xec}}, 0x0) 11:05:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000481e0001"], 0xec}}, 0x0) 11:05:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:26 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 46) [ 1684.607398] 9pnet: Insufficient options for proto=fd [ 1684.613411] FAULT_INJECTION: forcing a failure. [ 1684.613411] name failslab, interval 1, probability 0, space 0, times 0 [ 1684.615830] CPU: 1 PID: 9414 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1684.617246] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1684.618975] Call Trace: [ 1684.619536] dump_stack+0x107/0x167 [ 1684.620336] should_fail.cold+0x5/0xa [ 1684.621150] ? alloc_super+0x52/0xa90 [ 1684.621957] should_failslab+0x5/0x20 [ 1684.622762] kmem_cache_alloc_trace+0x55/0x320 [ 1684.623714] ? do_raw_spin_lock+0x121/0x260 [ 1684.624621] alloc_super+0x52/0xa90 [ 1684.625387] sget_fc+0x110/0x860 [ 1684.626096] ? set_anon_super+0xc0/0xc0 [ 1684.626955] ? shmem_put_link+0x120/0x120 [ 1684.627829] get_tree_nodev+0x24/0x1d0 [ 1684.628650] vfs_get_tree+0x8e/0x300 [ 1684.629439] path_mount+0x1490/0x21e0 [ 1684.630272] ? strncpy_from_user+0x9e/0x470 [ 1684.631199] ? finish_automount+0xa90/0xa90 [ 1684.632105] ? getname_flags.part.0+0x1dd/0x4f0 [ 1684.633103] __x64_sys_mount+0x282/0x300 [ 1684.633939] ? copy_mnt_ns+0xa00/0xa00 [ 1684.634775] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1684.635877] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1684.636962] do_syscall_64+0x33/0x40 [ 1684.637745] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1684.638858] RIP: 0033:0x7f07d2d5a04a [ 1684.639641] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1684.643518] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1684.645111] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1684.646613] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1684.648104] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1684.649597] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1684.651098] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:05:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000007fffffff00001b0000f4"], 0xec}}, 0x0) 11:05:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x80000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r2, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r2, r1, 0x0, 0x500000001) dup2(r0, 0xffffffffffffffff) 11:05:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00004c1e0001"], 0xec}}, 0x0) [ 1684.695590] 9pnet: Insufficient options for proto=fd 11:05:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:39 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:39 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 47) 11:05:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf0ffff, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000681e0001"], 0xec}}, 0x0) 11:05:39 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000009effffff00001b0000f4"], 0xec}}, 0x0) 11:05:39 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 1) dup2(r0, r1) [ 1697.616837] 9pnet: Insufficient options for proto=fd [ 1697.630454] FAULT_INJECTION: forcing a failure. [ 1697.630454] name failslab, interval 1, probability 0, space 0, times 0 [ 1697.630823] FAULT_INJECTION: forcing a failure. [ 1697.630823] name failslab, interval 1, probability 0, space 0, times 0 [ 1697.632794] CPU: 0 PID: 9451 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1697.632811] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1697.638240] Call Trace: [ 1697.638819] dump_stack+0x107/0x167 [ 1697.639597] should_fail.cold+0x5/0xa [ 1697.640414] ? selinux_sb_alloc_security+0x41/0x220 [ 1697.641481] should_failslab+0x5/0x20 [ 1697.642309] kmem_cache_alloc_trace+0x55/0x320 [ 1697.643312] ? down_write_nested+0xe4/0x160 [ 1697.644255] selinux_sb_alloc_security+0x41/0x220 [ 1697.645298] security_sb_alloc+0x46/0xa0 [ 1697.646179] alloc_super+0x1ed/0xa90 [ 1697.647001] sget_fc+0x110/0x860 [ 1697.647735] ? set_anon_super+0xc0/0xc0 [ 1697.648600] ? shmem_put_link+0x120/0x120 [ 1697.649496] get_tree_nodev+0x24/0x1d0 [ 1697.650338] vfs_get_tree+0x8e/0x300 [ 1697.651152] path_mount+0x1490/0x21e0 [ 1697.651988] ? strncpy_from_user+0x9e/0x470 [ 1697.652922] ? finish_automount+0xa90/0xa90 [ 1697.653857] ? getname_flags.part.0+0x1dd/0x4f0 [ 1697.654881] __x64_sys_mount+0x282/0x300 [ 1697.655758] ? copy_mnt_ns+0xa00/0xa00 [ 1697.656607] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1697.657746] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1697.658880] do_syscall_64+0x33/0x40 [ 1697.659687] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1697.660797] RIP: 0033:0x7f07d2d5a04a [ 1697.661602] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1697.665604] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1697.667281] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1697.668846] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1697.670408] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1697.671980] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1697.673540] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1697.675144] CPU: 1 PID: 9444 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1697.676651] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1697.678453] Call Trace: [ 1697.679036] dump_stack+0x107/0x167 [ 1697.679825] should_fail.cold+0x5/0xa [ 1697.680646] ? alloc_pipe_info+0x10a/0x590 [ 1697.681557] should_failslab+0x5/0x20 [ 1697.682380] kmem_cache_alloc_trace+0x55/0x320 [ 1697.683372] ? avc_has_perm+0x108/0x1b0 [ 1697.684233] alloc_pipe_info+0x10a/0x590 [ 1697.685115] splice_direct_to_actor+0x774/0x980 [ 1697.686124] ? pipe_to_sendpage+0x380/0x380 [ 1697.687067] ? selinux_file_permission+0x92/0x520 [ 1697.688107] ? do_splice_to+0x160/0x160 [ 1697.688964] ? security_file_permission+0xb1/0xe0 [ 1697.690025] do_splice_direct+0x1c4/0x290 [ 1697.690930] ? splice_direct_to_actor+0x980/0x980 [ 1697.691974] ? security_file_permission+0xb1/0xe0 [ 1697.693026] do_sendfile+0x553/0x11e0 [ 1697.693857] ? do_pwritev+0x270/0x270 [ 1697.694687] ? wait_for_completion_io+0x270/0x270 [ 1697.695731] ? rcu_read_lock_any_held+0x75/0xa0 [ 1697.696733] ? vfs_write+0x354/0xb10 [ 1697.697538] __x64_sys_sendfile64+0x1d1/0x210 [ 1697.698512] ? __ia32_sys_sendfile+0x220/0x220 [ 1697.699500] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1697.700631] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1697.701741] do_syscall_64+0x33/0x40 [ 1697.702553] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1697.703655] RIP: 0033:0x7f122aa69b19 [ 1697.704455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1697.708445] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1697.710104] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1697.711651] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1697.713197] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1697.714751] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1697.716299] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:05:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000f0ffffff00001b0000f4"], 0xec}}, 0x0) 11:05:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x1000000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00006c1e0001"], 0xec}}, 0x0) 11:05:39 executing program 6: pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:39 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 2) dup2(r0, r1) 11:05:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000741e0001"], 0xec}}, 0x0) 11:05:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x2000000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000002000000001b0000f4"], 0xec}}, 0x0) 11:05:50 executing program 6: pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:50 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 48) [ 1708.673269] FAULT_INJECTION: forcing a failure. [ 1708.673269] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.674595] CPU: 1 PID: 9475 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1708.675364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1708.676287] Call Trace: [ 1708.676576] dump_stack+0x107/0x167 [ 1708.676977] should_fail.cold+0x5/0xa [ 1708.677405] ? create_object.isra.0+0x3a/0xa30 [ 1708.677901] should_failslab+0x5/0x20 [ 1708.678336] kmem_cache_alloc+0x5b/0x310 [ 1708.678805] create_object.isra.0+0x3a/0xa30 [ 1708.679282] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1708.679852] kmem_cache_alloc_trace+0x151/0x320 [ 1708.680361] ? avc_has_perm+0x108/0x1b0 [ 1708.680800] alloc_pipe_info+0x10a/0x590 [ 1708.681262] splice_direct_to_actor+0x774/0x980 [ 1708.681764] ? pipe_to_sendpage+0x380/0x380 [ 1708.682248] ? selinux_file_permission+0x92/0x520 [ 1708.682803] ? do_splice_to+0x160/0x160 [ 1708.683252] ? security_file_permission+0xb1/0xe0 [ 1708.683793] do_splice_direct+0x1c4/0x290 [ 1708.684254] ? splice_direct_to_actor+0x980/0x980 [ 1708.684801] ? security_file_permission+0xb1/0xe0 [ 1708.685332] do_sendfile+0x553/0x11e0 [ 1708.685764] ? do_pwritev+0x270/0x270 [ 1708.686197] ? wait_for_completion_io+0x270/0x270 [ 1708.686748] ? rcu_read_lock_any_held+0x75/0xa0 [ 1708.687264] ? vfs_write+0x354/0xb10 [ 1708.687679] __x64_sys_sendfile64+0x1d1/0x210 [ 1708.688186] ? __ia32_sys_sendfile+0x220/0x220 [ 1708.688686] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1708.689269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1708.689836] do_syscall_64+0x33/0x40 [ 1708.690255] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1708.690809] FAULT_INJECTION: forcing a failure. [ 1708.690809] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.690851] RIP: 0033:0x7f122aa69b19 [ 1708.690872] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1708.695695] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1708.696559] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1708.697397] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1708.698221] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1708.699045] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1708.699851] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1708.700675] CPU: 0 PID: 9482 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1708.702102] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1708.703827] Call Trace: [ 1708.704382] dump_stack+0x107/0x167 [ 1708.705149] should_fail.cold+0x5/0xa [ 1708.705943] ? create_object.isra.0+0x3a/0xa30 [ 1708.706891] should_failslab+0x5/0x20 [ 1708.707688] kmem_cache_alloc+0x5b/0x310 [ 1708.708531] create_object.isra.0+0x3a/0xa30 [ 1708.709436] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1708.710491] kmem_cache_alloc_trace+0x151/0x320 [ 1708.711471] ? down_write_nested+0xe4/0x160 [ 1708.712378] selinux_sb_alloc_security+0x41/0x220 [ 1708.713371] security_sb_alloc+0x46/0xa0 [ 1708.714221] alloc_super+0x1ed/0xa90 [ 1708.715021] sget_fc+0x110/0x860 [ 1708.715723] ? set_anon_super+0xc0/0xc0 [ 1708.716552] ? shmem_put_link+0x120/0x120 [ 1708.717411] get_tree_nodev+0x24/0x1d0 [ 1708.718217] vfs_get_tree+0x8e/0x300 [ 1708.718995] path_mount+0x1490/0x21e0 [ 1708.719789] ? strncpy_from_user+0x9e/0x470 [ 1708.720670] ? finish_automount+0xa90/0xa90 [ 1708.721562] ? getname_flags.part.0+0x1dd/0x4f0 [ 1708.722535] __x64_sys_mount+0x282/0x300 [ 1708.723381] ? copy_mnt_ns+0xa00/0xa00 [ 1708.724192] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1708.725277] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1708.726346] do_syscall_64+0x33/0x40 [ 1708.727125] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1708.728182] RIP: 0033:0x7f07d2d5a04a [ 1708.728946] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1708.732806] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1708.734399] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1708.735888] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1708.737362] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1708.738840] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1708.740320] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:05:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x3000000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:05:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xd00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1708.869881] FAULT_INJECTION: forcing a failure. [ 1708.869881] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.871230] CPU: 1 PID: 9497 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1708.872000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1708.872948] Call Trace: [ 1708.873253] dump_stack+0x107/0x167 [ 1708.873664] should_fail.cold+0x5/0xa [ 1708.874097] ? alloc_pipe_info+0x1e5/0x590 [ 1708.874575] should_failslab+0x5/0x20 [ 1708.875014] __kmalloc+0x72/0x390 [ 1708.875409] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1708.875985] alloc_pipe_info+0x1e5/0x590 [ 1708.876423] splice_direct_to_actor+0x774/0x980 [ 1708.876951] ? pipe_to_sendpage+0x380/0x380 [ 1708.877417] ? selinux_file_permission+0x92/0x520 [ 1708.877969] ? do_splice_to+0x160/0x160 [ 1708.878398] ? security_file_permission+0xb1/0xe0 [ 1708.878962] do_splice_direct+0x1c4/0x290 [ 1708.879410] ? splice_direct_to_actor+0x980/0x980 [ 1708.879962] ? security_file_permission+0xb1/0xe0 [ 1708.880488] do_sendfile+0x553/0x11e0 [ 1708.880932] ? do_pwritev+0x270/0x270 [ 1708.881363] ? wait_for_completion_io+0x270/0x270 [ 1708.881917] ? rcu_read_lock_any_held+0x75/0xa0 [ 1708.882444] ? vfs_write+0x354/0xb10 [ 1708.882872] __x64_sys_sendfile64+0x1d1/0x210 [ 1708.883378] ? __ia32_sys_sendfile+0x220/0x220 [ 1708.883899] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1708.884494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1708.885047] do_syscall_64+0x33/0x40 [ 1708.885473] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1708.886022] RIP: 0033:0x7f122aa69b19 [ 1708.886447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1708.888420] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1708.889286] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1708.890095] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1708.890918] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1708.891730] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1708.892543] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1708.903156] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=97 sclass=netlink_route_socket pid=9501 comm=syz-executor.7 11:05:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 3) dup2(r0, r1) 11:05:50 executing program 6: pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:05:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00007a1e0001"], 0xec}}, 0x0) 11:05:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000008000000001b0000f4"], 0xec}}, 0x0) 11:05:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:05:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000610001"], 0xec}}, 0x0) 11:06:03 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf000000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:03 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 49) 11:06:03 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:03 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:03 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000730001"], 0xec}}, 0x0) 11:06:03 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 4) dup2(r0, r1) 11:06:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000f000000001b0000f4"], 0xec}}, 0x0) [ 1721.701787] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=9522 comm=syz-executor.7 [ 1721.713078] FAULT_INJECTION: forcing a failure. [ 1721.713078] name failslab, interval 1, probability 0, space 0, times 0 [ 1721.715639] CPU: 1 PID: 9523 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1721.717126] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1721.718925] Call Trace: [ 1721.719486] dump_stack+0x107/0x167 [ 1721.720279] should_fail.cold+0x5/0xa [ 1721.721121] ? create_object.isra.0+0x3a/0xa30 [ 1721.722097] should_failslab+0x5/0x20 [ 1721.722935] kmem_cache_alloc+0x5b/0x310 [ 1721.723812] create_object.isra.0+0x3a/0xa30 [ 1721.724770] kmemleak_alloc_percpu+0xa0/0x100 [ 1721.725755] pcpu_alloc+0x4e2/0x1240 [ 1721.726589] __percpu_init_rwsem+0x22/0x150 [ 1721.727530] alloc_super+0x232/0xa90 [ 1721.728318] sget_fc+0x110/0x860 [ 1721.729055] ? set_anon_super+0xc0/0xc0 [ 1721.729920] ? shmem_put_link+0x120/0x120 [ 1721.730811] get_tree_nodev+0x24/0x1d0 [ 1721.731643] vfs_get_tree+0x8e/0x300 [ 1721.732448] path_mount+0x1490/0x21e0 [ 1721.733331] ? strncpy_from_user+0x9e/0x470 [ 1721.734490] ? finish_automount+0xa90/0xa90 [ 1721.735448] ? getname_flags.part.0+0x1dd/0x4f0 [ 1721.736468] __x64_sys_mount+0x282/0x300 [ 1721.737347] ? copy_mnt_ns+0xa00/0xa00 [ 1721.738180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1721.739321] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1721.740419] do_syscall_64+0x33/0x40 [ 1721.741306] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1721.742640] RIP: 0033:0x7f07d2d5a04a [ 1721.743476] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1721.747452] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1721.749097] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1721.750618] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1721.752323] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1721.754212] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1721.756098] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:06:03 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x33020000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) [ 1721.832049] FAULT_INJECTION: forcing a failure. [ 1721.832049] name failslab, interval 1, probability 0, space 0, times 0 [ 1721.834470] CPU: 1 PID: 9525 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1721.835934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1721.837674] Call Trace: [ 1721.838233] dump_stack+0x107/0x167 [ 1721.839024] should_fail.cold+0x5/0xa [ 1721.839833] ? create_object.isra.0+0x3a/0xa30 [ 1721.840868] should_failslab+0x5/0x20 [ 1721.841816] kmem_cache_alloc+0x5b/0x310 [ 1721.842833] create_object.isra.0+0x3a/0xa30 [ 1721.843859] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1721.845042] __kmalloc+0x16e/0x390 [ 1721.845836] alloc_pipe_info+0x1e5/0x590 [ 1721.846754] splice_direct_to_actor+0x774/0x980 [ 1721.847830] ? pipe_to_sendpage+0x380/0x380 [ 1721.848878] ? selinux_file_permission+0x92/0x520 [ 1721.850010] ? do_splice_to+0x160/0x160 [ 1721.850943] ? security_file_permission+0xb1/0xe0 [ 1721.852041] do_splice_direct+0x1c4/0x290 [ 1721.852967] ? splice_direct_to_actor+0x980/0x980 [ 1721.853984] ? security_file_permission+0xb1/0xe0 [ 1721.855014] do_sendfile+0x553/0x11e0 [ 1721.855805] ? do_pwritev+0x270/0x270 [ 1721.856606] ? wait_for_completion_io+0x270/0x270 [ 1721.857612] ? rcu_read_lock_any_held+0x75/0xa0 [ 1721.858578] ? vfs_write+0x354/0xb10 [ 1721.859365] __x64_sys_sendfile64+0x1d1/0x210 [ 1721.860306] ? __ia32_sys_sendfile+0x220/0x220 [ 1721.861265] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1721.862353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1721.863448] do_syscall_64+0x33/0x40 [ 1721.864222] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1721.865292] RIP: 0033:0x7f122aa69b19 [ 1721.866064] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1721.869917] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1721.871512] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1721.873021] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1721.874507] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1721.876001] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1721.877491] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:06:16 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000cf000000001b0000f4"], 0xec}}, 0x0) 11:06:16 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 5) dup2(r0, r1) 11:06:16 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 50) 11:06:16 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:16 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000000f0001"], 0xec}}, 0x0) 11:06:16 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1800, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:16 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x81000000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:16 executing program 6: openat(0xffffffffffffff9c, 0x0, 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1735.043019] FAULT_INJECTION: forcing a failure. [ 1735.043019] name failslab, interval 1, probability 0, space 0, times 0 [ 1735.044619] CPU: 0 PID: 9551 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1735.045551] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1735.046676] Call Trace: [ 1735.047055] dump_stack+0x107/0x167 [ 1735.047553] should_fail.cold+0x5/0xa [ 1735.048071] ? create_object.isra.0+0x3a/0xa30 [ 1735.048693] should_failslab+0x5/0x20 [ 1735.049212] kmem_cache_alloc+0x5b/0x310 [ 1735.049764] create_object.isra.0+0x3a/0xa30 [ 1735.050358] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1735.051059] kmem_cache_alloc_trace+0x151/0x320 [ 1735.051699] alloc_super+0x52/0xa90 [ 1735.052193] sget_fc+0x110/0x860 [ 1735.052661] ? set_anon_super+0xc0/0xc0 [ 1735.053216] ? shmem_put_link+0x120/0x120 [ 1735.053783] get_tree_nodev+0x24/0x1d0 [ 1735.054312] vfs_get_tree+0x8e/0x300 [ 1735.054819] path_mount+0x1490/0x21e0 [ 1735.055345] ? strncpy_from_user+0x9e/0x470 [ 1735.055943] ? finish_automount+0xa90/0xa90 [ 1735.056530] ? getname_flags.part.0+0x1dd/0x4f0 [ 1735.057171] __x64_sys_mount+0x282/0x300 [ 1735.057721] ? copy_mnt_ns+0xa00/0xa00 [ 1735.058262] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1735.058984] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1735.059704] do_syscall_64+0x33/0x40 [ 1735.060220] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1735.060671] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=9553 comm=syz-executor.7 [ 1735.060915] RIP: 0033:0x7f07d2d5a04a [ 1735.060935] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1735.066793] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1735.067838] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1735.068796] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1735.069772] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1735.070749] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1735.071714] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:06:16 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1735.087769] FAULT_INJECTION: forcing a failure. [ 1735.087769] name failslab, interval 1, probability 0, space 0, times 0 [ 1735.089357] CPU: 0 PID: 9550 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1735.090284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1735.091420] Call Trace: [ 1735.091780] dump_stack+0x107/0x167 [ 1735.092268] should_fail.cold+0x5/0xa [ 1735.092777] ? __alloc_skb+0x6d/0x5b0 [ 1735.093290] should_failslab+0x5/0x20 [ 1735.093802] kmem_cache_alloc_node+0x55/0x330 [ 1735.094406] __alloc_skb+0x6d/0x5b0 [ 1735.094902] alloc_skb_with_frags+0x92/0x570 [ 1735.095505] ? mark_lock+0xf5/0x2df0 [ 1735.096012] sock_alloc_send_pskb+0x7af/0x930 [ 1735.096615] ? lock_acquire+0x197/0x470 [ 1735.097153] ? sk_alloc+0x350/0x350 [ 1735.097640] ? mark_lock+0xf5/0x2df0 [ 1735.098144] ? mark_lock+0xf5/0x2df0 [ 1735.098656] packet_sendmsg+0x189a/0x5370 [ 1735.099224] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.099931] ? sock_has_perm+0x1ea/0x280 [ 1735.100473] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1735.101161] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.101866] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1735.102501] ? lock_downgrade+0x6d0/0x6d0 [ 1735.103077] sock_sendmsg+0x319/0x390 [ 1735.103585] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1735.104223] ? ____sys_sendmsg+0x870/0x870 [ 1735.104799] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.105498] ? timestamp_truncate+0x2f0/0x2f0 [ 1735.106103] ? find_get_entry+0x2c8/0x740 [ 1735.106666] ? iov_iter_kvec+0x3c/0x130 [ 1735.107209] sock_no_sendpage+0x12c/0x1a0 [ 1735.107763] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1735.108391] ? init_special_inode+0x1f0/0x1f0 [ 1735.108997] kernel_sendpage.part.0+0x146/0x290 [ 1735.109625] sock_sendpage+0xe5/0x140 [ 1735.110138] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1735.110808] pipe_to_sendpage+0x2af/0x380 [ 1735.111374] ? propagate_umount+0x1550/0x1550 [ 1735.111983] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1735.112699] __splice_from_pipe+0x43d/0x890 [ 1735.113277] ? propagate_umount+0x1550/0x1550 [ 1735.113899] generic_splice_sendpage+0xd5/0x140 [ 1735.114528] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1735.115130] ? security_file_permission+0xb1/0xe0 [ 1735.115771] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1735.116359] direct_splice_actor+0x10f/0x170 [ 1735.116941] splice_direct_to_actor+0x387/0x980 [ 1735.117565] ? pipe_to_sendpage+0x380/0x380 [ 1735.118143] ? do_splice_to+0x160/0x160 [ 1735.118681] ? security_file_permission+0xb1/0xe0 [ 1735.119339] do_splice_direct+0x1c4/0x290 [ 1735.119889] ? splice_direct_to_actor+0x980/0x980 [ 1735.120539] ? security_file_permission+0xb1/0xe0 [ 1735.121190] do_sendfile+0x553/0x11e0 [ 1735.121707] ? do_pwritev+0x270/0x270 [ 1735.122214] ? wait_for_completion_io+0x270/0x270 [ 1735.122854] ? rcu_read_lock_any_held+0x75/0xa0 [ 1735.123536] ? vfs_write+0x354/0xb10 [ 1735.124041] __x64_sys_sendfile64+0x1d1/0x210 [ 1735.124641] ? __ia32_sys_sendfile+0x220/0x220 [ 1735.125249] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1735.125942] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1735.126632] do_syscall_64+0x33/0x40 [ 1735.127133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1735.127814] RIP: 0033:0x7f122aa69b19 [ 1735.128309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1735.130781] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1735.131819] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1735.132767] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1735.133711] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1735.134676] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1735.135636] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:06:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x9effffff, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000f0000000001b0000f4"], 0xec}}, 0x0) 11:06:17 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000100001"], 0xec}}, 0x0) 11:06:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000f0000001b0000f4"], 0xec}}, 0x0) 11:06:17 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1800, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:17 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 51) 11:06:17 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000cf0000001b0000f4"], 0xec}}, 0x0) [ 1735.233728] FAULT_INJECTION: forcing a failure. [ 1735.233728] name failslab, interval 1, probability 0, space 0, times 0 [ 1735.236225] CPU: 1 PID: 9567 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1735.237717] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1735.239565] Call Trace: [ 1735.240148] dump_stack+0x107/0x167 [ 1735.240949] should_fail.cold+0x5/0xa [ 1735.241790] ? create_object.isra.0+0x3a/0xa30 [ 1735.242793] should_failslab+0x5/0x20 [ 1735.243633] kmem_cache_alloc+0x5b/0x310 [ 1735.244528] create_object.isra.0+0x3a/0xa30 [ 1735.245495] kmemleak_alloc_percpu+0xa0/0x100 [ 1735.246480] pcpu_alloc+0x4e2/0x1240 [ 1735.247323] __percpu_init_rwsem+0x22/0x150 [ 1735.248269] alloc_super+0x232/0xa90 [ 1735.249086] sget_fc+0x110/0x860 [ 1735.249830] ? set_anon_super+0xc0/0xc0 [ 1735.250715] ? shmem_put_link+0x120/0x120 [ 1735.251628] get_tree_nodev+0x24/0x1d0 [ 1735.252476] vfs_get_tree+0x8e/0x300 [ 1735.253283] path_mount+0x1490/0x21e0 [ 1735.254117] ? strncpy_from_user+0x9e/0x470 [ 1735.255058] ? finish_automount+0xa90/0xa90 [ 1735.255997] ? getname_flags.part.0+0x1dd/0x4f0 [ 1735.257011] __x64_sys_mount+0x282/0x300 [ 1735.257887] ? copy_mnt_ns+0xa00/0xa00 [ 1735.258741] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1735.259889] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1735.261007] do_syscall_64+0x33/0x40 [ 1735.261815] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1735.262930] RIP: 0033:0x7f07d2d5a04a [ 1735.263748] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1735.267729] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1735.269386] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1735.270922] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1735.272471] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1735.274002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1735.275542] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1735.285977] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. 11:06:17 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 6) dup2(r0, r1) 11:06:17 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:17 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:17 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xf0ffffff, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:17 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000f00000001b0000f4"], 0xec}}, 0x0) 11:06:17 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000110001"], 0xec}}, 0x0) [ 1735.379721] FAULT_INJECTION: forcing a failure. [ 1735.379721] name failslab, interval 1, probability 0, space 0, times 0 [ 1735.381146] CPU: 0 PID: 9584 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1735.381951] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1735.382928] Call Trace: [ 1735.383253] dump_stack+0x107/0x167 [ 1735.383688] should_fail.cold+0x5/0xa [ 1735.384140] ? create_object.isra.0+0x3a/0xa30 [ 1735.384688] should_failslab+0x5/0x20 [ 1735.385135] kmem_cache_alloc+0x5b/0x310 [ 1735.385615] create_object.isra.0+0x3a/0xa30 [ 1735.386132] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1735.386738] kmem_cache_alloc_node+0x169/0x330 [ 1735.387290] __alloc_skb+0x6d/0x5b0 [ 1735.387721] alloc_skb_with_frags+0x92/0x570 [ 1735.388244] ? mark_lock+0xf5/0x2df0 [ 1735.388690] sock_alloc_send_pskb+0x7af/0x930 [ 1735.389219] ? lock_acquire+0x197/0x470 [ 1735.389698] ? sk_alloc+0x350/0x350 [ 1735.390125] ? mark_lock+0xf5/0x2df0 [ 1735.390563] ? mark_lock+0xf5/0x2df0 [ 1735.391019] packet_sendmsg+0x189a/0x5370 [ 1735.391523] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.392143] ? sock_has_perm+0x1ea/0x280 [ 1735.392616] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1735.393222] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.393840] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1735.394395] ? lock_downgrade+0x6d0/0x6d0 [ 1735.394884] sock_sendmsg+0x319/0x390 [ 1735.395337] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1735.395894] ? ____sys_sendmsg+0x870/0x870 [ 1735.396394] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1735.397005] ? timestamp_truncate+0x2f0/0x2f0 [ 1735.397536] ? find_get_entry+0x2c8/0x740 [ 1735.398030] ? iov_iter_kvec+0x3c/0x130 [ 1735.398500] sock_no_sendpage+0x12c/0x1a0 [ 1735.398997] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1735.399540] ? init_special_inode+0x1f0/0x1f0 [ 1735.400074] kernel_sendpage.part.0+0x146/0x290 [ 1735.400626] sock_sendpage+0xe5/0x140 [ 1735.401075] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1735.401659] pipe_to_sendpage+0x2af/0x380 [ 1735.402147] ? propagate_umount+0x1550/0x1550 [ 1735.402678] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1735.403308] __splice_from_pipe+0x43d/0x890 [ 1735.403818] ? propagate_umount+0x1550/0x1550 [ 1735.404344] generic_splice_sendpage+0xd5/0x140 [ 1735.404893] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1735.405417] ? security_file_permission+0xb1/0xe0 [ 1735.405984] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1735.406493] direct_splice_actor+0x10f/0x170 [ 1735.407017] splice_direct_to_actor+0x387/0x980 [ 1735.407557] ? pipe_to_sendpage+0x380/0x380 [ 1735.408065] ? do_splice_to+0x160/0x160 [ 1735.408525] ? security_file_permission+0xb1/0xe0 [ 1735.409093] do_splice_direct+0x1c4/0x290 [ 1735.409574] ? splice_direct_to_actor+0x980/0x980 [ 1735.410140] ? security_file_permission+0xb1/0xe0 [ 1735.410704] do_sendfile+0x553/0x11e0 [ 1735.411162] ? do_pwritev+0x270/0x270 [ 1735.411610] ? wait_for_completion_io+0x270/0x270 [ 1735.412181] ? rcu_read_lock_any_held+0x75/0xa0 [ 1735.412726] ? vfs_write+0x354/0xb10 [ 1735.413159] __x64_sys_sendfile64+0x1d1/0x210 [ 1735.413682] ? __ia32_sys_sendfile+0x220/0x220 [ 1735.414218] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1735.414838] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1735.415443] do_syscall_64+0x33/0x40 [ 1735.415882] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1735.416478] RIP: 0033:0x7f122aa69b19 [ 1735.416918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1735.419057] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1735.419945] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1735.420770] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1735.421595] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1735.422419] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1735.423259] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1735.429348] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. 11:06:29 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 7) dup2(r0, r1) 11:06:29 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:29 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000120001"], 0xec}}, 0x0) 11:06:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000800001b0000f4"], 0xec}}, 0x0) 11:06:29 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xfffff000, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:29 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:29 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 52) [ 1747.403269] FAULT_INJECTION: forcing a failure. [ 1747.403269] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.405407] CPU: 0 PID: 9598 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1747.406650] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.408115] Call Trace: [ 1747.408588] dump_stack+0x107/0x167 [ 1747.409199] should_fail.cold+0x5/0xa [ 1747.409872] ? create_object.isra.0+0x3a/0xa30 [ 1747.410685] should_failslab+0x5/0x20 [ 1747.411384] kmem_cache_alloc+0x5b/0x310 [ 1747.412109] ? mark_held_locks+0x9e/0xe0 [ 1747.412832] create_object.isra.0+0x3a/0xa30 [ 1747.413618] kmemleak_alloc_percpu+0xa0/0x100 [ 1747.414417] pcpu_alloc+0x4e2/0x1240 [ 1747.415122] __percpu_init_rwsem+0x22/0x150 [ 1747.415889] alloc_super+0x232/0xa90 [ 1747.416555] sget_fc+0x110/0x860 [ 1747.417161] ? set_anon_super+0xc0/0xc0 [ 1747.417870] ? shmem_put_link+0x120/0x120 [ 1747.418599] get_tree_nodev+0x24/0x1d0 [ 1747.419288] vfs_get_tree+0x8e/0x300 [ 1747.419951] path_mount+0x1490/0x21e0 [ 1747.420638] ? strncpy_from_user+0x9e/0x470 [ 1747.421401] ? finish_automount+0xa90/0xa90 [ 1747.422160] ? getname_flags.part.0+0x1dd/0x4f0 [ 1747.422997] __x64_sys_mount+0x282/0x300 [ 1747.423740] ? copy_mnt_ns+0xa00/0xa00 [ 1747.424442] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.425379] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.426310] do_syscall_64+0x33/0x40 [ 1747.426979] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.427908] RIP: 0033:0x7f07d2d5a04a [ 1747.428575] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.432376] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1747.434536] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1747.436465] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1747.437975] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1747.439526] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1747.441029] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1747.455009] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1747.482554] FAULT_INJECTION: forcing a failure. [ 1747.482554] name failslab, interval 1, probability 0, space 0, times 0 [ 1747.485151] CPU: 1 PID: 9609 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1747.486596] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1747.488344] Call Trace: [ 1747.488903] dump_stack+0x107/0x167 [ 1747.489673] should_fail.cold+0x5/0xa [ 1747.490478] ? __alloc_skb+0x6d/0x5b0 [ 1747.491288] should_failslab+0x5/0x20 [ 1747.492090] kmem_cache_alloc_node+0x55/0x330 [ 1747.493037] __alloc_skb+0x6d/0x5b0 [ 1747.493814] alloc_skb_with_frags+0x92/0x570 [ 1747.494751] ? mark_lock+0xf5/0x2df0 [ 1747.495551] sock_alloc_send_pskb+0x7af/0x930 [ 1747.496493] ? lock_acquire+0x197/0x470 [ 1747.497337] ? sk_alloc+0x350/0x350 [ 1747.498100] ? mark_lock+0xf5/0x2df0 [ 1747.498900] packet_sendmsg+0x189a/0x5370 [ 1747.499800] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1747.500906] ? sock_has_perm+0x1ea/0x280 [ 1747.501760] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1747.502880] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1747.504018] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1747.505030] ? lock_downgrade+0x6d0/0x6d0 [ 1747.505919] sock_sendmsg+0x319/0x390 [ 1747.506724] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1747.507732] ? ____sys_sendmsg+0x870/0x870 [ 1747.508632] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1747.509738] ? timestamp_truncate+0x2f0/0x2f0 [ 1747.510679] ? find_get_entry+0x2c8/0x740 [ 1747.511560] ? iov_iter_kvec+0x3c/0x130 [ 1747.512408] sock_no_sendpage+0x12c/0x1a0 [ 1747.513276] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1747.514242] ? init_special_inode+0x1f0/0x1f0 [ 1747.515213] kernel_sendpage.part.0+0x146/0x290 [ 1747.516184] sock_sendpage+0xe5/0x140 [ 1747.516983] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1747.518034] pipe_to_sendpage+0x2af/0x380 [ 1747.518911] ? propagate_umount+0x1550/0x1550 [ 1747.519860] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1747.520973] __splice_from_pipe+0x43d/0x890 [ 1747.521872] ? propagate_umount+0x1550/0x1550 [ 1747.522815] generic_splice_sendpage+0xd5/0x140 [ 1747.523800] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1747.524740] ? security_file_permission+0xb1/0xe0 [ 1747.525738] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1747.526656] direct_splice_actor+0x10f/0x170 [ 1747.527589] splice_direct_to_actor+0x387/0x980 [ 1747.528573] ? pipe_to_sendpage+0x380/0x380 [ 1747.529475] ? do_splice_to+0x160/0x160 [ 1747.530300] ? security_file_permission+0xb1/0xe0 [ 1747.531322] do_splice_direct+0x1c4/0x290 [ 1747.532185] ? splice_direct_to_actor+0x980/0x980 [ 1747.533214] ? security_file_permission+0xb1/0xe0 [ 1747.534215] do_sendfile+0x553/0x11e0 [ 1747.535019] ? do_pwritev+0x270/0x270 [ 1747.535820] ? wait_for_completion_io+0x270/0x270 [ 1747.536835] ? rcu_read_lock_any_held+0x75/0xa0 [ 1747.537816] ? vfs_write+0x354/0xb10 [ 1747.538603] __x64_sys_sendfile64+0x1d1/0x210 [ 1747.539544] ? __ia32_sys_sendfile+0x220/0x220 [ 1747.540493] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1747.541585] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1747.542664] do_syscall_64+0x33/0x40 [ 1747.543454] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1747.544529] RIP: 0033:0x7f122aa69b19 [ 1747.545309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1747.549169] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1747.550751] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1747.552250] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1747.553736] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1747.555263] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1747.556769] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:06:29 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xffffff7f, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:29 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000fffff000001b0000f4"], 0xec}}, 0x0) 11:06:29 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000130001"], 0xec}}, 0x0) 11:06:29 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1747.615975] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1747.632509] 9pnet: Insufficient options for proto=fd [ 1762.212026] FAULT_INJECTION: forcing a failure. [ 1762.212026] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.214434] CPU: 0 PID: 9631 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1762.215843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1762.217541] Call Trace: [ 1762.218085] dump_stack+0x107/0x167 [ 1762.218830] should_fail.cold+0x5/0xa [ 1762.219626] ? create_object.isra.0+0x3a/0xa30 [ 1762.220559] should_failslab+0x5/0x20 [ 1762.221332] kmem_cache_alloc+0x5b/0x310 [ 1762.222165] create_object.isra.0+0x3a/0xa30 11:06:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 8) dup2(r0, r1) 11:06:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:44 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000001001b0000f4"], 0xec}}, 0x0) 11:06:44 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:44 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 53) 11:06:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000140001"], 0xec}}, 0x0) 11:06:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xffffff9e, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) [ 1762.223073] kmemleak_alloc_percpu+0xa0/0x100 [ 1762.224218] pcpu_alloc+0x4e2/0x1240 [ 1762.224991] __percpu_init_rwsem+0x22/0x150 [ 1762.225868] alloc_super+0x232/0xa90 [ 1762.226635] sget_fc+0x110/0x860 [ 1762.227346] ? set_anon_super+0xc0/0xc0 [ 1762.228161] ? shmem_put_link+0x120/0x120 [ 1762.229003] get_tree_nodev+0x24/0x1d0 [ 1762.229809] vfs_get_tree+0x8e/0x300 [ 1762.230569] path_mount+0x1490/0x21e0 [ 1762.231372] ? strncpy_from_user+0x9e/0x470 [ 1762.232251] ? finish_automount+0xa90/0xa90 [ 1762.233131] ? getname_flags.part.0+0x1dd/0x4f0 [ 1762.234091] __x64_sys_mount+0x282/0x300 [ 1762.234920] ? copy_mnt_ns+0xa00/0xa00 [ 1762.235730] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1762.236801] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1762.237851] do_syscall_64+0x33/0x40 [ 1762.238618] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1762.239676] RIP: 0033:0x7f07d2d5a04a [ 1762.240435] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1762.244196] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1762.245735] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1762.247184] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1762.248622] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1762.250064] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1762.250348] 9pnet: Insufficient options for proto=fd [ 1762.251515] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1762.263459] FAULT_INJECTION: forcing a failure. [ 1762.263459] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.266293] CPU: 1 PID: 9628 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1762.267966] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1762.269973] Call Trace: [ 1762.270617] dump_stack+0x107/0x167 [ 1762.271507] should_fail.cold+0x5/0xa [ 1762.272441] ? __alloc_skb+0x6d/0x5b0 [ 1762.273358] should_failslab+0x5/0x20 [ 1762.274275] kmem_cache_alloc_node+0x55/0x330 [ 1762.275368] __alloc_skb+0x6d/0x5b0 [ 1762.276244] alloc_skb_with_frags+0x92/0x570 [ 1762.277332] ? mark_lock+0xf5/0x2df0 [ 1762.278277] sock_alloc_send_pskb+0x7af/0x930 [ 1762.279361] ? lock_acquire+0x197/0x470 [ 1762.280328] ? sk_alloc+0x350/0x350 [ 1762.281204] ? mark_lock+0xf5/0x2df0 [ 1762.282124] packet_sendmsg+0x189a/0x5370 [ 1762.283124] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1762.284412] ? sock_has_perm+0x1ea/0x280 [ 1762.285388] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1762.286629] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1762.287913] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1762.289053] ? lock_downgrade+0x6d0/0x6d0 [ 1762.290063] sock_sendmsg+0x319/0x390 [ 1762.290967] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1762.292118] ? ____sys_sendmsg+0x870/0x870 [ 1762.293208] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1762.294461] ? timestamp_truncate+0x2f0/0x2f0 [ 1762.295540] ? find_get_entry+0x2c8/0x740 [ 1762.296530] ? iov_iter_kvec+0x3c/0x130 [ 1762.297481] sock_no_sendpage+0x12c/0x1a0 [ 1762.298470] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1762.299586] ? init_special_inode+0x1f0/0x1f0 [ 1762.300668] kernel_sendpage.part.0+0x146/0x290 [ 1762.301777] sock_sendpage+0xe5/0x140 [ 1762.302684] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1762.303878] pipe_to_sendpage+0x2af/0x380 [ 1762.304859] ? propagate_umount+0x1550/0x1550 [ 1762.305913] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1762.307178] __splice_from_pipe+0x43d/0x890 [ 1762.308204] ? propagate_umount+0x1550/0x1550 [ 1762.309342] generic_splice_sendpage+0xd5/0x140 [ 1762.310452] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1762.311515] ? security_file_permission+0xb1/0xe0 [ 1762.312671] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1762.313712] direct_splice_actor+0x10f/0x170 [ 1762.314762] splice_direct_to_actor+0x387/0x980 [ 1762.315874] ? pipe_to_sendpage+0x380/0x380 [ 1762.316919] ? do_splice_to+0x160/0x160 [ 1762.317858] ? security_file_permission+0xb1/0xe0 [ 1762.318985] do_splice_direct+0x1c4/0x290 [ 1762.319966] ? splice_direct_to_actor+0x980/0x980 [ 1762.321099] ? security_file_permission+0xb1/0xe0 [ 1762.322246] do_sendfile+0x553/0x11e0 [ 1762.323144] ? do_pwritev+0x270/0x270 [ 1762.324058] ? wait_for_completion_io+0x270/0x270 [ 1762.325251] ? rcu_read_lock_any_held+0x75/0xa0 [ 1762.326342] ? vfs_write+0x354/0xb10 [ 1762.327215] __x64_sys_sendfile64+0x1d1/0x210 [ 1762.328281] ? __ia32_sys_sendfile+0x220/0x220 [ 1762.329346] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1762.330584] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1762.331790] do_syscall_64+0x33/0x40 [ 1762.332655] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1762.333852] RIP: 0033:0x7f122aa69b19 [ 1762.334730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1762.339018] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1762.340848] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1762.342483] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1762.344139] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1762.345785] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1762.347436] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:06:44 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xfffffff0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:06:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000150001"], 0xec}}, 0x0) 11:06:44 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 54) 11:06:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000002001b0000f4"], 0xec}}, 0x0) 11:06:44 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0xffffffff, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) [ 1762.493323] FAULT_INJECTION: forcing a failure. [ 1762.493323] name failslab, interval 1, probability 0, space 0, times 0 [ 1762.495498] CPU: 0 PID: 9655 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1762.496722] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1762.498198] Call Trace: [ 1762.498672] dump_stack+0x107/0x167 [ 1762.499334] should_fail.cold+0x5/0xa [ 1762.500009] ? create_object.isra.0+0x3a/0xa30 [ 1762.500824] should_failslab+0x5/0x20 [ 1762.501499] kmem_cache_alloc+0x5b/0x310 [ 1762.502222] create_object.isra.0+0x3a/0xa30 [ 1762.503007] kmemleak_alloc_percpu+0xa0/0x100 [ 1762.503819] pcpu_alloc+0x4e2/0x1240 [ 1762.504495] __percpu_init_rwsem+0x22/0x150 [ 1762.505261] alloc_super+0x232/0xa90 [ 1762.505928] sget_fc+0x110/0x860 [ 1762.506523] ? set_anon_super+0xc0/0xc0 [ 1762.507228] ? shmem_put_link+0x120/0x120 [ 1762.507970] get_tree_nodev+0x24/0x1d0 [ 1762.508661] vfs_get_tree+0x8e/0x300 [ 1762.509320] path_mount+0x1490/0x21e0 [ 1762.510003] ? strncpy_from_user+0x9e/0x470 [ 1762.510765] ? finish_automount+0xa90/0xa90 [ 1762.511532] ? getname_flags.part.0+0x1dd/0x4f0 [ 1762.512365] __x64_sys_mount+0x282/0x300 [ 1762.513080] ? copy_mnt_ns+0xa00/0xa00 [ 1762.513771] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1762.514701] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1762.515626] do_syscall_64+0x33/0x40 [ 1762.516284] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1762.517182] RIP: 0033:0x7f07d2d5a04a [ 1762.517826] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1762.521053] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1762.522373] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1762.523633] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1762.524441] 9pnet: Insufficient options for proto=fd [ 1762.524876] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1762.524892] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1762.528469] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:06:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000160001"], 0xec}}, 0x0) 11:06:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 9) dup2(r0, r1) 11:06:57 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 55) 11:06:57 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5103, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1775.982431] FAULT_INJECTION: forcing a failure. [ 1775.982431] name failslab, interval 1, probability 0, space 0, times 0 [ 1775.985028] CPU: 1 PID: 9671 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1775.986545] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1775.988387] Call Trace: [ 1775.988976] dump_stack+0x107/0x167 11:06:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000f001b0000f4"], 0xec}}, 0x0) 11:06:57 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1775.989778] should_fail.cold+0x5/0xa [ 1775.990760] ? create_object.isra.0+0x3a/0xa30 11:06:57 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="0f0000001d0001"], 0xec}}, 0x0) [ 1775.991779] should_failslab+0x5/0x20 [ 1775.992684] kmem_cache_alloc+0x5b/0x310 [ 1775.993584] create_object.isra.0+0x3a/0xa30 [ 1775.994558] kmemleak_alloc_percpu+0xa0/0x100 [ 1775.995558] pcpu_alloc+0x4e2/0x1240 [ 1775.996399] __percpu_init_rwsem+0x22/0x150 [ 1775.997351] alloc_super+0x232/0xa90 [ 1775.998176] sget_fc+0x110/0x860 [ 1775.998924] ? set_anon_super+0xc0/0xc0 [ 1775.999812] ? shmem_put_link+0x120/0x120 [ 1776.000720] get_tree_nodev+0x24/0x1d0 [ 1776.001576] vfs_get_tree+0x8e/0x300 [ 1776.002395] path_mount+0x1490/0x21e0 [ 1776.003240] ? strncpy_from_user+0x9e/0x470 [ 1776.004198] ? finish_automount+0xa90/0xa90 [ 1776.005149] ? getname_flags.part.0+0x1dd/0x4f0 [ 1776.006183] __x64_sys_mount+0x282/0x300 [ 1776.007080] ? copy_mnt_ns+0xa00/0xa00 [ 1776.007948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.009103] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.010241] do_syscall_64+0x33/0x40 [ 1776.011063] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.012194] RIP: 0033:0x7f07d2d5a04a [ 1776.013007] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.017059] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1776.018741] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1776.020312] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1776.021874] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1776.023431] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1776.024994] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1776.063041] FAULT_INJECTION: forcing a failure. [ 1776.063041] name failslab, interval 1, probability 0, space 0, times 0 11:06:57 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000ffffff9e001b0000f4"], 0xec}}, 0x0) [ 1776.065494] CPU: 1 PID: 9669 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1776.067143] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.068954] Call Trace: [ 1776.069534] dump_stack+0x107/0x167 [ 1776.070320] should_fail.cold+0x5/0xa [ 1776.071147] should_failslab+0x5/0x20 [ 1776.072077] __kmalloc_node_track_caller+0x74/0x3b0 [ 1776.073282] ? alloc_skb_with_frags+0x92/0x570 [ 1776.074389] __alloc_skb+0xb1/0x5b0 [ 1776.075277] alloc_skb_with_frags+0x92/0x570 [ 1776.076355] ? mark_lock+0xf5/0x2df0 [ 1776.077257] sock_alloc_send_pskb+0x7af/0x930 [ 1776.078335] ? lock_acquire+0x197/0x470 [ 1776.079300] ? sk_alloc+0x350/0x350 [ 1776.080184] ? mark_lock+0xf5/0x2df0 [ 1776.081096] packet_sendmsg+0x189a/0x5370 [ 1776.082108] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1776.083367] ? sock_has_perm+0x1ea/0x280 [ 1776.084352] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1776.085593] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1776.086858] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1776.088011] ? lock_downgrade+0x6d0/0x6d0 [ 1776.089024] sock_sendmsg+0x319/0x390 [ 1776.089937] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1776.091069] ? ____sys_sendmsg+0x870/0x870 [ 1776.092097] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1776.093346] ? timestamp_truncate+0x2f0/0x2f0 [ 1776.094417] ? find_get_entry+0x2c8/0x740 [ 1776.095410] ? iov_iter_kvec+0x3c/0x130 [ 1776.096377] sock_no_sendpage+0x12c/0x1a0 [ 1776.097369] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1776.098474] ? init_special_inode+0x1f0/0x1f0 [ 1776.099564] kernel_sendpage.part.0+0x146/0x290 [ 1776.100685] sock_sendpage+0xe5/0x140 [ 1776.101598] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1776.102787] pipe_to_sendpage+0x2af/0x380 [ 1776.103788] ? propagate_umount+0x1550/0x1550 [ 1776.104867] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1776.106145] __splice_from_pipe+0x43d/0x890 [ 1776.107181] ? propagate_umount+0x1550/0x1550 [ 1776.108263] generic_splice_sendpage+0xd5/0x140 [ 1776.109364] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1776.110413] ? security_file_permission+0xb1/0xe0 [ 1776.111568] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1776.112614] direct_splice_actor+0x10f/0x170 [ 1776.113663] splice_direct_to_actor+0x387/0x980 [ 1776.114771] ? pipe_to_sendpage+0x380/0x380 [ 1776.115807] ? do_splice_to+0x160/0x160 [ 1776.116752] ? security_file_permission+0xb1/0xe0 [ 1776.117902] do_splice_direct+0x1c4/0x290 [ 1776.118885] ? splice_direct_to_actor+0x980/0x980 [ 1776.120043] ? security_file_permission+0xb1/0xe0 [ 1776.121196] do_sendfile+0x553/0x11e0 [ 1776.122109] ? do_pwritev+0x270/0x270 [ 1776.123014] ? wait_for_completion_io+0x270/0x270 [ 1776.124169] ? rcu_read_lock_any_held+0x75/0xa0 [ 1776.125273] ? vfs_write+0x354/0xb10 [ 1776.126153] __x64_sys_sendfile64+0x1d1/0x210 [ 1776.127208] ? __ia32_sys_sendfile+0x220/0x220 [ 1776.128299] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.129536] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.130751] do_syscall_64+0x33/0x40 [ 1776.131639] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.132848] RIP: 0033:0x7f122aa69b19 [ 1776.133723] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.138070] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1776.139879] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1776.141554] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1776.143230] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1776.144906] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000001 [ 1776.146578] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:06:58 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000180001"], 0xec}}, 0x0) 11:06:58 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:06:58 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8004, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:58 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000cf001b0000f4"], 0xec}}, 0x0) 11:06:58 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="100000001d0001"], 0xec}}, 0x0) 11:06:58 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:06:58 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 56) [ 1776.340314] FAULT_INJECTION: forcing a failure. [ 1776.340314] name failslab, interval 1, probability 0, space 0, times 0 [ 1776.342829] CPU: 1 PID: 9704 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1776.344329] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1776.346152] Call Trace: [ 1776.346736] dump_stack+0x107/0x167 [ 1776.347547] should_fail.cold+0x5/0xa [ 1776.348388] ? create_object.isra.0+0x3a/0xa30 [ 1776.349392] should_failslab+0x5/0x20 [ 1776.350238] kmem_cache_alloc+0x5b/0x310 [ 1776.351141] ? mark_held_locks+0x9e/0xe0 [ 1776.352055] create_object.isra.0+0x3a/0xa30 [ 1776.353034] kmemleak_alloc_percpu+0xa0/0x100 [ 1776.354027] pcpu_alloc+0x4e2/0x1240 [ 1776.354868] __percpu_init_rwsem+0x22/0x150 [ 1776.355814] alloc_super+0x232/0xa90 [ 1776.356646] sget_fc+0x110/0x860 [ 1776.357400] ? set_anon_super+0xc0/0xc0 [ 1776.358289] ? shmem_put_link+0x120/0x120 [ 1776.359207] get_tree_nodev+0x24/0x1d0 [ 1776.360081] vfs_get_tree+0x8e/0x300 [ 1776.360913] path_mount+0x1490/0x21e0 [ 1776.361779] ? strncpy_from_user+0x9e/0x470 [ 1776.362713] ? finish_automount+0xa90/0xa90 [ 1776.363695] ? getname_flags.part.0+0x1dd/0x4f0 [ 1776.364749] __x64_sys_mount+0x282/0x300 [ 1776.365660] ? copy_mnt_ns+0xa00/0xa00 [ 1776.366540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1776.367736] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1776.368907] do_syscall_64+0x33/0x40 [ 1776.369751] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1776.370911] RIP: 0033:0x7f07d2d5a04a [ 1776.371764] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1776.375944] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1776.377705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1776.379360] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1776.381030] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1776.382692] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1776.384376] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:07:12 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 57) 11:07:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000190001"], 0xec}}, 0x0) 11:07:12 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:12 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:07:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="c00200001d0001"], 0xec}}, 0x0) 11:07:12 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 10) dup2(r0, r1) 11:07:12 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000fffffff0001b0000f4"], 0xec}}, 0x0) 11:07:12 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc100, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1790.588040] FAULT_INJECTION: forcing a failure. [ 1790.588040] name failslab, interval 1, probability 0, space 0, times 0 [ 1790.590556] CPU: 1 PID: 9721 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1790.591993] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1790.593729] Call Trace: [ 1790.594281] dump_stack+0x107/0x167 [ 1790.595043] should_fail.cold+0x5/0xa [ 1790.595858] ? __list_lru_init+0xcd/0x890 [ 1790.596720] should_failslab+0x5/0x20 [ 1790.597527] __kmalloc+0x72/0x390 [ 1790.598262] __list_lru_init+0xcd/0x890 [ 1790.599108] alloc_super+0x8b8/0xa90 [ 1790.599899] sget_fc+0x110/0x860 [ 1790.600600] ? set_anon_super+0xc0/0xc0 [ 1790.601437] ? shmem_put_link+0x120/0x120 [ 1790.602300] get_tree_nodev+0x24/0x1d0 [ 1790.603115] vfs_get_tree+0x8e/0x300 [ 1790.603906] path_mount+0x1490/0x21e0 [ 1790.604716] ? strncpy_from_user+0x9e/0x470 [ 1790.605623] ? finish_automount+0xa90/0xa90 [ 1790.606533] ? getname_flags.part.0+0x1dd/0x4f0 [ 1790.607527] __x64_sys_mount+0x282/0x300 [ 1790.608388] ? copy_mnt_ns+0xa00/0xa00 [ 1790.609212] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1790.610315] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1790.611403] do_syscall_64+0x33/0x40 [ 1790.612199] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1790.613283] RIP: 0033:0x7f07d2d5a04a [ 1790.614068] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1790.617961] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1790.619583] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1790.621102] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1790.622622] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1790.624135] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1790.625650] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1790.631347] FAULT_INJECTION: forcing a failure. [ 1790.631347] name failslab, interval 1, probability 0, space 0, times 0 [ 1790.633961] CPU: 0 PID: 9725 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1790.635407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1790.637174] Call Trace: [ 1790.637734] dump_stack+0x107/0x167 [ 1790.638508] should_fail.cold+0x5/0xa [ 1790.639307] ? lock_release+0x680/0x680 [ 1790.640149] ? skb_clone+0x14f/0x3d0 [ 1790.640934] should_failslab+0x5/0x20 [ 1790.641733] kmem_cache_alloc+0x5b/0x310 [ 1790.642589] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1790.643705] skb_clone+0x14f/0x3d0 [ 1790.644456] dev_queue_xmit_nit+0x3a7/0xb00 [ 1790.645379] dev_hard_start_xmit+0xab/0x6f0 [ 1790.646301] __dev_queue_xmit+0x179a/0x2690 [ 1790.647212] ? packet_parse_headers+0x42f/0x980 [ 1790.648200] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1790.649151] ? __check_object_size+0x319/0x440 [ 1790.650108] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 1790.651083] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1790.652194] packet_sendmsg+0x31f4/0x5370 [ 1790.653074] ? sock_has_perm+0x1ea/0x280 [ 1790.653941] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1790.655010] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1790.656138] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1790.657142] ? lock_downgrade+0x6d0/0x6d0 [ 1790.658027] sock_sendmsg+0x319/0x390 [ 1790.658821] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1790.659822] ? ____sys_sendmsg+0x870/0x870 [ 1790.660702] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1790.661789] ? timestamp_truncate+0x2f0/0x2f0 [ 1790.662725] ? find_get_entry+0x2c8/0x740 [ 1790.663601] ? iov_iter_kvec+0x3c/0x130 [ 1790.664474] sock_no_sendpage+0x12c/0x1a0 [ 1790.665345] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1790.666319] ? init_special_inode+0x1f0/0x1f0 [ 1790.667284] kernel_sendpage.part.0+0x146/0x290 [ 1790.668277] sock_sendpage+0xe5/0x140 [ 1790.669071] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1790.670121] pipe_to_sendpage+0x2af/0x380 [ 1790.670992] ? propagate_umount+0x1550/0x1550 [ 1790.671944] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1790.673061] __splice_from_pipe+0x43d/0x890 [ 1790.673974] ? propagate_umount+0x1550/0x1550 [ 1790.674927] generic_splice_sendpage+0xd5/0x140 [ 1790.675925] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1790.676854] ? security_file_permission+0xb1/0xe0 [ 1790.677867] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1790.678802] direct_splice_actor+0x10f/0x170 [ 1790.679739] splice_direct_to_actor+0x387/0x980 [ 1790.680716] ? pipe_to_sendpage+0x380/0x380 [ 1790.681631] ? do_splice_to+0x160/0x160 [ 1790.682464] ? security_file_permission+0xb1/0xe0 [ 1790.683480] do_splice_direct+0x1c4/0x290 [ 1790.684361] ? splice_direct_to_actor+0x980/0x980 [ 1790.685377] ? security_file_permission+0xb1/0xe0 [ 1790.686396] do_sendfile+0x553/0x11e0 [ 1790.687213] ? do_pwritev+0x270/0x270 [ 1790.688017] ? wait_for_completion_io+0x270/0x270 [ 1790.689026] ? rcu_read_lock_any_held+0x75/0xa0 [ 1790.689994] ? vfs_write+0x354/0xb10 [ 1790.690783] __x64_sys_sendfile64+0x1d1/0x210 [ 1790.691725] ? __ia32_sys_sendfile+0x220/0x220 [ 1790.692688] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1790.693804] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1790.694878] do_syscall_64+0x33/0x40 [ 1790.695667] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1790.696758] RIP: 0033:0x7f122aa69b19 [ 1790.697549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1790.701475] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1790.703102] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1790.704630] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1790.706150] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1790.707683] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1790.709202] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:07:12 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="c00e00001d0001"], 0xec}}, 0x0) 11:07:12 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:07:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001a0001"], 0xec}}, 0x0) 11:07:12 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000f0ffff001b0000f4"], 0xec}}, 0x0) 11:07:12 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8004, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:12 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:12 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001c0001"], 0xec}}, 0x0) [ 1790.861658] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:07:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 11) dup2(r0, r1) 11:07:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:07:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}}, 0x0) 11:07:26 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 58) 11:07:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="e03f03001d0001"], 0xec}}, 0x0) 11:07:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc400, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1804.289629] FAULT_INJECTION: forcing a failure. [ 1804.289629] name failslab, interval 1, probability 0, space 0, times 0 [ 1804.292147] CPU: 1 PID: 9758 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1804.293622] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.295416] Call Trace: [ 1804.296003] dump_stack+0x107/0x167 [ 1804.296792] should_fail.cold+0x5/0xa 11:07:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000007fffffff001b0000f4"], 0xec}}, 0x0) [ 1804.297617] ? create_object.isra.0+0x3a/0xa30 [ 1804.298700] should_failslab+0x5/0x20 [ 1804.299519] kmem_cache_alloc+0x5b/0x310 [ 1804.300411] create_object.isra.0+0x3a/0xa30 [ 1804.301356] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1804.302450] __kmalloc+0x16e/0x390 [ 1804.303224] prealloc_shrinker+0xb0/0x2f0 [ 1804.304121] ? __init_rwsem+0x129/0x1b0 [ 1804.304973] alloc_super+0x863/0xa90 [ 1804.305779] sget_fc+0x110/0x860 [ 1804.306502] ? set_anon_super+0xc0/0xc0 [ 1804.307361] ? shmem_put_link+0x120/0x120 [ 1804.308262] get_tree_nodev+0x24/0x1d0 [ 1804.309103] vfs_get_tree+0x8e/0x300 [ 1804.309906] path_mount+0x1490/0x21e0 [ 1804.310738] ? strncpy_from_user+0x9e/0x470 [ 1804.311664] ? finish_automount+0xa90/0xa90 [ 1804.312606] ? getname_flags.part.0+0x1dd/0x4f0 [ 1804.313616] __x64_sys_mount+0x282/0x300 [ 1804.314498] ? copy_mnt_ns+0xa00/0xa00 [ 1804.315341] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.316481] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.317597] do_syscall_64+0x33/0x40 [ 1804.318397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 11:07:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff03, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1804.319505] RIP: 0033:0x7f07d2d5a04a [ 1804.320427] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.324409] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1804.326067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1804.327624] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1804.329177] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1804.330723] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1804.332279] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1804.345409] FAULT_INJECTION: forcing a failure. [ 1804.345409] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 1804.348083] CPU: 0 PID: 9754 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1804.349581] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.351437] Call Trace: [ 1804.352039] dump_stack+0x107/0x167 [ 1804.352852] should_fail.cold+0x5/0xa [ 1804.353702] __alloc_pages_nodemask+0x182/0x600 [ 1804.354737] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1804.356080] ? __kmalloc_node_track_caller+0x2f8/0x3b0 [ 1804.357242] ? alloc_skb_with_frags+0x92/0x570 [ 1804.358274] alloc_pages_current+0x187/0x280 [ 1804.359261] alloc_skb_with_frags+0x1a6/0x570 [ 1804.360299] sock_alloc_send_pskb+0x7af/0x930 [ 1804.361300] ? lock_acquire+0x197/0x470 [ 1804.362174] ? sk_alloc+0x350/0x350 [ 1804.362956] ? mark_lock+0xf5/0x2df0 [ 1804.363774] packet_sendmsg+0x189a/0x5370 [ 1804.364686] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.365824] ? sock_has_perm+0x1ea/0x280 [ 1804.366697] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1804.367814] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.368950] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1804.369975] ? lock_downgrade+0x6d0/0x6d0 [ 1804.370880] sock_sendmsg+0x319/0x390 [ 1804.371701] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1804.372730] ? ____sys_sendmsg+0x870/0x870 [ 1804.373649] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.374776] ? timestamp_truncate+0x2f0/0x2f0 [ 1804.375741] ? find_get_entry+0x2c8/0x740 [ 1804.376644] ? iov_iter_kvec+0x3c/0x130 [ 1804.377506] sock_no_sendpage+0x12c/0x1a0 [ 1804.378399] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1804.379394] ? init_special_inode+0x1f0/0x1f0 [ 1804.380374] kernel_sendpage.part.0+0x146/0x290 [ 1804.381380] sock_sendpage+0xe5/0x140 [ 1804.382205] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1804.383276] pipe_to_sendpage+0x2af/0x380 [ 1804.384178] ? propagate_umount+0x1550/0x1550 [ 1804.385145] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1804.386300] __splice_from_pipe+0x43d/0x890 [ 1804.387231] ? propagate_umount+0x1550/0x1550 [ 1804.388214] generic_splice_sendpage+0xd5/0x140 [ 1804.389212] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1804.390166] ? security_file_permission+0xb1/0xe0 [ 1804.391203] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1804.392164] direct_splice_actor+0x10f/0x170 [ 1804.393114] splice_direct_to_actor+0x387/0x980 [ 1804.394123] ? pipe_to_sendpage+0x380/0x380 [ 1804.395058] ? do_splice_to+0x160/0x160 [ 1804.395924] ? security_file_permission+0xb1/0xe0 [ 1804.396972] do_splice_direct+0x1c4/0x290 [ 1804.397867] ? splice_direct_to_actor+0x980/0x980 [ 1804.398912] ? security_file_permission+0xb1/0xe0 [ 1804.399968] do_sendfile+0x553/0x11e0 [ 1804.400800] ? do_pwritev+0x270/0x270 [ 1804.401623] ? wait_for_completion_io+0x270/0x270 [ 1804.402668] ? rcu_read_lock_any_held+0x75/0xa0 [ 1804.403675] ? vfs_write+0x354/0xb10 [ 1804.404489] __x64_sys_sendfile64+0x1d1/0x210 [ 1804.405456] ? __ia32_sys_sendfile+0x220/0x220 [ 1804.406445] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.407578] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.408700] do_syscall_64+0x33/0x40 [ 1804.409502] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.410608] RIP: 0033:0x7f122aa69b19 [ 1804.411409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.415390] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1804.417036] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1804.418597] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1804.420278] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1804.421988] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1804.423525] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:07:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="6c0900201d0001"], 0xec}}, 0x0) 11:07:26 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 59) 11:07:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', 0x0, 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:07:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000009effffff001b0000f4"], 0xec}}, 0x0) 11:07:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="00f0ff7f1d0001"], 0xec}}, 0x0) 11:07:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000610001"], 0xec}}, 0x0) [ 1804.579987] FAULT_INJECTION: forcing a failure. [ 1804.579987] name failslab, interval 1, probability 0, space 0, times 0 [ 1804.582489] CPU: 1 PID: 9777 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1804.583982] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.584703] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=97 sclass=netlink_route_socket pid=9780 comm=syz-executor.7 [ 1804.585776] Call Trace: [ 1804.585803] dump_stack+0x107/0x167 [ 1804.585827] should_fail.cold+0x5/0xa [ 1804.585852] ? kvmalloc_node+0x119/0x170 [ 1804.591411] should_failslab+0x5/0x20 [ 1804.592239] __kmalloc_node+0x76/0x420 [ 1804.593081] ? lockdep_init_map_type+0x2c7/0x780 [ 1804.594111] kvmalloc_node+0x119/0x170 [ 1804.594951] __list_lru_init+0x511/0x890 [ 1804.595847] alloc_super+0x8b8/0xa90 [ 1804.596661] sget_fc+0x110/0x860 [ 1804.597390] ? set_anon_super+0xc0/0xc0 [ 1804.598252] ? shmem_put_link+0x120/0x120 [ 1804.599147] get_tree_nodev+0x24/0x1d0 [ 1804.599996] vfs_get_tree+0x8e/0x300 [ 1804.600800] path_mount+0x1490/0x21e0 [ 1804.601634] ? strncpy_from_user+0x9e/0x470 [ 1804.602565] ? finish_automount+0xa90/0xa90 [ 1804.603497] ? getname_flags.part.0+0x1dd/0x4f0 [ 1804.604518] __x64_sys_mount+0x282/0x300 [ 1804.605392] ? copy_mnt_ns+0xa00/0xa00 [ 1804.606236] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.607316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.608438] do_syscall_64+0x33/0x40 [ 1804.609239] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.610342] RIP: 0033:0x7f07d2d5a04a [ 1804.611149] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.615138] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1804.616800] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1804.618336] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1804.619882] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1804.621428] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1804.622975] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:07:26 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 12) dup2(r0, r1) 11:07:26 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000f0ffffff001b0000f4"], 0xec}}, 0x0) 11:07:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:26 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000730001"], 0xec}}, 0x0) [ 1804.749312] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=9790 comm=syz-executor.7 11:07:26 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="effdffff1d0001"], 0xec}}, 0x0) 11:07:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) 11:07:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff03, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1804.809774] FAULT_INJECTION: forcing a failure. [ 1804.809774] name failslab, interval 1, probability 0, space 0, times 0 [ 1804.812265] CPU: 0 PID: 9796 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1804.813749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1804.815551] Call Trace: [ 1804.816135] dump_stack+0x107/0x167 [ 1804.816925] should_fail.cold+0x5/0xa [ 1804.817752] ? lock_release+0x680/0x680 [ 1804.818611] ? skb_clone+0x14f/0x3d0 [ 1804.819449] should_failslab+0x5/0x20 [ 1804.820318] kmem_cache_alloc+0x5b/0x310 [ 1804.821225] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.822367] skb_clone+0x14f/0x3d0 [ 1804.823142] dev_queue_xmit_nit+0x3a7/0xb00 [ 1804.824101] dev_hard_start_xmit+0xab/0x6f0 [ 1804.825044] __dev_queue_xmit+0x179a/0x2690 [ 1804.825986] ? packet_parse_headers+0x42f/0x980 [ 1804.826994] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1804.827991] ? __check_object_size+0x319/0x440 [ 1804.828981] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 1804.829993] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1804.831162] packet_sendmsg+0x31f4/0x5370 [ 1804.832088] ? sock_has_perm+0x1ea/0x280 [ 1804.832966] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1804.834080] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.835222] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1804.836259] ? lock_downgrade+0x6d0/0x6d0 [ 1804.837164] sock_sendmsg+0x319/0x390 [ 1804.837984] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1804.839003] ? ____sys_sendmsg+0x870/0x870 [ 1804.839933] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1804.841060] ? timestamp_truncate+0x2f0/0x2f0 [ 1804.842030] ? find_get_entry+0x2c8/0x740 [ 1804.842932] ? iov_iter_kvec+0x3c/0x130 [ 1804.843802] sock_no_sendpage+0x12c/0x1a0 [ 1804.844716] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1804.845716] ? init_special_inode+0x1f0/0x1f0 [ 1804.846700] kernel_sendpage.part.0+0x146/0x290 [ 1804.847711] sock_sendpage+0xe5/0x140 [ 1804.848547] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1804.849623] pipe_to_sendpage+0x2af/0x380 [ 1804.850518] ? propagate_umount+0x1550/0x1550 [ 1804.851490] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1804.852656] __splice_from_pipe+0x43d/0x890 [ 1804.853593] ? propagate_umount+0x1550/0x1550 [ 1804.854569] generic_splice_sendpage+0xd5/0x140 [ 1804.855574] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1804.856538] ? security_file_permission+0xb1/0xe0 [ 1804.857584] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1804.858539] direct_splice_actor+0x10f/0x170 [ 1804.859493] splice_direct_to_actor+0x387/0x980 [ 1804.860506] ? pipe_to_sendpage+0x380/0x380 [ 1804.861441] ? do_splice_to+0x160/0x160 [ 1804.862298] ? security_file_permission+0xb1/0xe0 [ 1804.863348] do_splice_direct+0x1c4/0x290 [ 1804.864252] ? splice_direct_to_actor+0x980/0x980 [ 1804.865301] ? security_file_permission+0xb1/0xe0 [ 1804.866346] do_sendfile+0x553/0x11e0 [ 1804.867181] ? do_pwritev+0x270/0x270 [ 1804.868010] ? wait_for_completion_io+0x270/0x270 [ 1804.869054] ? rcu_read_lock_any_held+0x75/0xa0 [ 1804.870056] ? vfs_write+0x354/0xb10 [ 1804.870865] __x64_sys_sendfile64+0x1d1/0x210 [ 1804.871843] ? __ia32_sys_sendfile+0x220/0x220 [ 1804.872834] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1804.873965] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1804.875081] do_syscall_64+0x33/0x40 [ 1804.875894] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1804.877002] RIP: 0033:0x7f122aa69b19 [ 1804.877804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1804.881801] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1804.883445] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1804.884998] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1804.886535] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1804.888086] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1804.889623] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:07:26 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:26 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1fffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) 11:07:39 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 60) 11:07:39 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000020000001b0000f4"], 0xec}}, 0x0) 11:07:39 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0300"], 0xec}}, 0x0) 11:07:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000000f0001"], 0xec}}, 0x0) 11:07:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, 0x0) 11:07:39 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:39 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 13) dup2(r0, r1) [ 1817.672988] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=9821 comm=syz-executor.5 11:07:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000080000001b0000f4"], 0xec}}, 0x0) [ 1817.684899] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=798 sclass=netlink_route_socket pid=9825 comm=syz-executor.7 [ 1817.692482] FAULT_INJECTION: forcing a failure. [ 1817.692482] name failslab, interval 1, probability 0, space 0, times 0 [ 1817.694871] CPU: 1 PID: 9826 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1817.696327] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1817.698081] Call Trace: [ 1817.698647] dump_stack+0x107/0x167 [ 1817.699420] should_fail.cold+0x5/0xa [ 1817.700249] ? create_object.isra.0+0x3a/0xa30 [ 1817.701216] should_failslab+0x5/0x20 [ 1817.702021] kmem_cache_alloc+0x5b/0x310 [ 1817.702886] create_object.isra.0+0x3a/0xa30 [ 1817.703813] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1817.704895] __kmalloc_node+0x1ae/0x420 [ 1817.705740] ? lockdep_init_map_type+0x2c7/0x780 [ 1817.706743] kvmalloc_node+0x119/0x170 [ 1817.707569] __list_lru_init+0x511/0x890 [ 1817.708447] alloc_super+0x8b8/0xa90 [ 1817.709239] sget_fc+0x110/0x860 [ 1817.709954] ? set_anon_super+0xc0/0xc0 [ 1817.710800] ? shmem_put_link+0x120/0x120 [ 1817.711674] get_tree_nodev+0x24/0x1d0 [ 1817.712507] vfs_get_tree+0x8e/0x300 [ 1817.713293] path_mount+0x1490/0x21e0 [ 1817.714102] ? strncpy_from_user+0x9e/0x470 [ 1817.715016] ? finish_automount+0xa90/0xa90 [ 1817.715927] ? getname_flags.part.0+0x1dd/0x4f0 [ 1817.716927] __x64_sys_mount+0x282/0x300 [ 1817.717783] ? copy_mnt_ns+0xa00/0xa00 [ 1817.718616] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 11:07:39 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000100001"], 0xec}}, 0x0) [ 1817.719835] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1817.720954] do_syscall_64+0x33/0x40 [ 1817.721746] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1817.722830] RIP: 0033:0x7f07d2d5a04a 11:07:39 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1fffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1817.723620] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1817.727635] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1817.729274] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1817.730782] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1817.732302] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1817.733813] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1817.735322] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1817.760914] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:07:39 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000f0000001b0000f4"], 0xec}}, 0x0) 11:07:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1817.781366] FAULT_INJECTION: forcing a failure. [ 1817.781366] name failslab, interval 1, probability 0, space 0, times 0 [ 1817.782762] CPU: 0 PID: 9829 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1817.783567] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1817.784546] Call Trace: [ 1817.784871] dump_stack+0x107/0x167 [ 1817.785309] should_fail.cold+0x5/0xa [ 1817.785770] ? create_object.isra.0+0x3a/0xa30 [ 1817.786312] should_failslab+0x5/0x20 [ 1817.786773] kmem_cache_alloc+0x5b/0x310 [ 1817.787266] create_object.isra.0+0x3a/0xa30 [ 1817.787791] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1817.788411] kmem_cache_alloc_node+0x169/0x330 [ 1817.788963] __alloc_skb+0x6d/0x5b0 [ 1817.789410] alloc_skb_with_frags+0x92/0x570 [ 1817.789926] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1817.790525] ? __local_bh_enable_ip+0x9d/0x100 [ 1817.791047] ? trace_hardirqs_on+0x5b/0x180 [ 1817.791541] sock_alloc_send_pskb+0x7af/0x930 [ 1817.792062] ? lock_acquire+0x197/0x470 [ 1817.792523] ? sk_alloc+0x350/0x350 [ 1817.792942] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1817.793549] packet_sendmsg+0x189a/0x5370 [ 1817.794035] ? sock_has_perm+0x1ea/0x280 [ 1817.794502] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1817.795090] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1817.795690] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1817.796242] ? lock_downgrade+0x6d0/0x6d0 [ 1817.796719] sock_sendmsg+0x319/0x390 [ 1817.797154] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1817.797696] ? ____sys_sendmsg+0x870/0x870 [ 1817.798187] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1817.798784] ? timestamp_truncate+0x2f0/0x2f0 [ 1817.799293] ? find_get_entry+0x2c8/0x740 [ 1817.799771] ? iov_iter_kvec+0x3c/0x130 [ 1817.800236] sock_no_sendpage+0x12c/0x1a0 [ 1817.800712] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1817.801240] ? init_special_inode+0x1f0/0x1f0 [ 1817.801756] kernel_sendpage.part.0+0x146/0x290 [ 1817.802291] sock_sendpage+0xe5/0x140 [ 1817.802730] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1817.803305] pipe_to_sendpage+0x2af/0x380 [ 1817.803779] ? propagate_umount+0x1550/0x1550 [ 1817.804308] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1817.804938] __splice_from_pipe+0x43d/0x890 [ 1817.805434] ? propagate_umount+0x1550/0x1550 [ 1817.805955] generic_splice_sendpage+0xd5/0x140 [ 1817.806486] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1817.806990] ? security_file_permission+0xb1/0xe0 [ 1817.807546] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1817.808059] direct_splice_actor+0x10f/0x170 [ 1817.808564] splice_direct_to_actor+0x387/0x980 [ 1817.809096] ? pipe_to_sendpage+0x380/0x380 [ 1817.809589] ? do_splice_to+0x160/0x160 [ 1817.810044] ? security_file_permission+0xb1/0xe0 [ 1817.810599] do_splice_direct+0x1c4/0x290 [ 1817.811073] ? splice_direct_to_actor+0x980/0x980 [ 1817.811627] ? security_file_permission+0xb1/0xe0 [ 1817.812193] do_sendfile+0x553/0x11e0 [ 1817.812632] ? do_pwritev+0x270/0x270 [ 1817.813072] ? wait_for_completion_io+0x270/0x270 [ 1817.813629] ? rcu_read_lock_any_held+0x75/0xa0 [ 1817.814159] ? vfs_write+0x354/0xb10 [ 1817.814588] __x64_sys_sendfile64+0x1d1/0x210 [ 1817.815102] ? __ia32_sys_sendfile+0x220/0x220 [ 1817.815627] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1817.816234] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1817.816830] do_syscall_64+0x33/0x40 [ 1817.817259] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1817.817847] RIP: 0033:0x7f122aa69b19 [ 1817.818276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1817.820391] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1817.821266] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1817.822079] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1817.822893] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1817.823709] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1817.824534] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:07:39 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1817.854453] 9pnet: Insufficient options for proto=fd 11:07:52 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 61) 11:07:52 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 14) dup2(r0, r1) 11:07:52 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000cf0000001b0000f4"], 0xec}}, 0x0) 11:07:52 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:07:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0400"], 0xec}}, 0x0) 11:07:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000110001"], 0xec}}, 0x0) 11:07:52 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:07:52 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1830.883727] 9pnet: Insufficient options for proto=fd [ 1830.910855] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1054 sclass=netlink_route_socket pid=9862 comm=syz-executor.7 [ 1830.915054] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:07:52 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1830.919946] FAULT_INJECTION: forcing a failure. [ 1830.919946] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.922560] CPU: 1 PID: 9860 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1830.924093] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.925963] Call Trace: [ 1830.926560] dump_stack+0x107/0x167 [ 1830.927382] should_fail.cold+0x5/0xa [ 1830.928252] ? kvmalloc_node+0x119/0x170 [ 1830.929169] should_failslab+0x5/0x20 11:07:52 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1830.930026] __kmalloc_node+0x76/0x420 [ 1830.931030] ? lockdep_init_map_type+0x2c7/0x780 [ 1830.932089] kvmalloc_node+0x119/0x170 [ 1830.932979] __list_lru_init+0x511/0x890 [ 1830.933894] alloc_super+0x8b8/0xa90 11:07:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0201"], 0xec}}, 0x0) [ 1830.934732] sget_fc+0x110/0x860 [ 1830.935608] ? set_anon_super+0xc0/0xc0 [ 1830.936510] ? shmem_put_link+0x120/0x120 [ 1830.937434] get_tree_nodev+0x24/0x1d0 [ 1830.938303] vfs_get_tree+0x8e/0x300 [ 1830.939133] path_mount+0x1490/0x21e0 [ 1830.939995] ? strncpy_from_user+0x9e/0x470 [ 1830.940974] ? finish_automount+0xa90/0xa90 [ 1830.941928] ? getname_flags.part.0+0x1dd/0x4f0 [ 1830.942973] __x64_sys_mount+0x282/0x300 [ 1830.943874] ? copy_mnt_ns+0xa00/0xa00 [ 1830.944754] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1830.945917] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1830.947065] do_syscall_64+0x33/0x40 [ 1830.947888] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1830.949031] RIP: 0033:0x7f07d2d5a04a [ 1830.949855] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1830.953914] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1830.955593] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1830.957173] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1830.958743] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1830.960318] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1830.961882] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1830.977588] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=542 sclass=netlink_route_socket pid=9867 comm=syz-executor.7 [ 1830.995356] FAULT_INJECTION: forcing a failure. [ 1830.995356] name failslab, interval 1, probability 0, space 0, times 0 [ 1830.996919] CPU: 0 PID: 9861 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1830.997787] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1830.998803] Call Trace: [ 1830.999136] dump_stack+0x107/0x167 [ 1830.999586] should_fail.cold+0x5/0xa [ 1831.000057] should_failslab+0x5/0x20 [ 1831.000537] __kmalloc_node_track_caller+0x74/0x3b0 [ 1831.001154] ? alloc_skb_with_frags+0x92/0x570 [ 1831.001723] __alloc_skb+0xb1/0x5b0 [ 1831.002179] alloc_skb_with_frags+0x92/0x570 [ 1831.002729] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1831.003375] ? __local_bh_enable_ip+0x9d/0x100 [ 1831.003937] ? trace_hardirqs_on+0x5b/0x180 [ 1831.004500] sock_alloc_send_pskb+0x7af/0x930 [ 1831.005049] ? lock_acquire+0x197/0x470 [ 1831.005556] ? sk_alloc+0x350/0x350 [ 1831.006018] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1831.006665] packet_sendmsg+0x189a/0x5370 [ 1831.007179] ? sock_has_perm+0x1ea/0x280 [ 1831.007674] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1831.008315] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1831.008957] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1831.009535] ? lock_downgrade+0x6d0/0x6d0 [ 1831.010045] sock_sendmsg+0x319/0x390 [ 1831.010510] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1831.011096] ? ____sys_sendmsg+0x870/0x870 [ 1831.011614] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1831.012266] ? timestamp_truncate+0x2f0/0x2f0 [ 1831.012824] ? find_get_entry+0x2c8/0x740 [ 1831.013332] ? iov_iter_kvec+0x3c/0x130 [ 1831.013835] sock_no_sendpage+0x12c/0x1a0 [ 1831.014357] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1831.014932] ? init_special_inode+0x1f0/0x1f0 [ 1831.015492] kernel_sendpage.part.0+0x146/0x290 [ 1831.016064] sock_sendpage+0xe5/0x140 [ 1831.016540] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1831.017154] pipe_to_sendpage+0x2af/0x380 [ 1831.017657] ? propagate_umount+0x1550/0x1550 [ 1831.018207] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1831.018855] __splice_from_pipe+0x43d/0x890 [ 1831.019386] ? propagate_umount+0x1550/0x1550 [ 1831.019940] generic_splice_sendpage+0xd5/0x140 [ 1831.020514] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1831.021055] ? security_file_permission+0xb1/0xe0 [ 1831.021638] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1831.022171] direct_splice_actor+0x10f/0x170 [ 1831.022704] splice_direct_to_actor+0x387/0x980 [ 1831.023269] ? pipe_to_sendpage+0x380/0x380 [ 1831.023793] ? do_splice_to+0x160/0x160 [ 1831.024286] ? security_file_permission+0xb1/0xe0 [ 1831.024876] do_splice_direct+0x1c4/0x290 [ 1831.025377] ? splice_direct_to_actor+0x980/0x980 [ 1831.025965] ? security_file_permission+0xb1/0xe0 [ 1831.026553] do_sendfile+0x553/0x11e0 [ 1831.027025] ? do_pwritev+0x270/0x270 [ 1831.027497] ? wait_for_completion_io+0x270/0x270 [ 1831.028088] ? rcu_read_lock_any_held+0x75/0xa0 [ 1831.028655] ? vfs_write+0x354/0xb10 [ 1831.029113] __x64_sys_sendfile64+0x1d1/0x210 [ 1831.029657] ? __ia32_sys_sendfile+0x220/0x220 [ 1831.030217] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1831.030854] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1831.031478] do_syscall_64+0x33/0x40 [ 1831.031931] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1831.032557] RIP: 0033:0x7f122aa69b19 [ 1831.033018] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1831.035233] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1831.036156] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1831.037023] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1831.037889] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1831.038746] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1831.039611] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:07:52 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 62) 11:07:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0301"], 0xec}}, 0x0) 11:07:52 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1831.075226] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=798 sclass=netlink_route_socket pid=9874 comm=syz-executor.7 [ 1831.087844] 9pnet: Insufficient options for proto=fd [ 1831.127451] FAULT_INJECTION: forcing a failure. [ 1831.127451] name failslab, interval 1, probability 0, space 0, times 0 [ 1831.128846] CPU: 0 PID: 9878 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1831.129634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1831.130588] Call Trace: [ 1831.130898] dump_stack+0x107/0x167 [ 1831.131322] should_fail.cold+0x5/0xa [ 1831.131768] ? create_object.isra.0+0x3a/0xa30 [ 1831.132312] should_failslab+0x5/0x20 [ 1831.132753] kmem_cache_alloc+0x5b/0x310 [ 1831.133228] create_object.isra.0+0x3a/0xa30 [ 1831.133732] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1831.134319] kmem_cache_alloc_trace+0x151/0x320 [ 1831.134860] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1831.135427] __list_lru_init+0x44d/0x890 [ 1831.135901] alloc_super+0x8b8/0xa90 [ 1831.136339] sget_fc+0x110/0x860 [ 1831.136729] ? set_anon_super+0xc0/0xc0 [ 1831.137192] ? shmem_put_link+0x120/0x120 [ 1831.137666] get_tree_nodev+0x24/0x1d0 [ 1831.138124] vfs_get_tree+0x8e/0x300 [ 1831.138553] path_mount+0x1490/0x21e0 [ 1831.138997] ? strncpy_from_user+0x9e/0x470 [ 1831.139493] ? finish_automount+0xa90/0xa90 [ 1831.139994] ? getname_flags.part.0+0x1dd/0x4f0 [ 1831.140544] __x64_sys_mount+0x282/0x300 [ 1831.141007] ? copy_mnt_ns+0xa00/0xa00 [ 1831.141461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1831.142064] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1831.142659] do_syscall_64+0x33/0x40 [ 1831.143093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1831.143685] RIP: 0033:0x7f07d2d5a04a [ 1831.144113] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1831.146234] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1831.147106] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1831.147929] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1831.148762] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1831.149573] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1831.150392] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1843.739106] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1843.744592] FAULT_INJECTION: forcing a failure. [ 1843.744592] name failslab, interval 1, probability 0, space 0, times 0 [ 1843.747112] CPU: 0 PID: 9886 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1843.748027] 9pnet: Insufficient options for proto=fd [ 1843.748565] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1843.748573] Call Trace: [ 1843.748600] dump_stack+0x107/0x167 [ 1843.748623] should_fail.cold+0x5/0xa [ 1843.753064] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1843.754133] should_failslab+0x5/0x20 [ 1843.754938] kmem_cache_alloc_trace+0x55/0x320 [ 1843.755924] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1843.756977] __list_lru_init+0x44d/0x890 [ 1843.757846] alloc_super+0x8b8/0xa90 [ 1843.758628] sget_fc+0x110/0x860 [ 1843.759350] ? set_anon_super+0xc0/0xc0 [ 1843.760205] ? shmem_put_link+0x120/0x120 [ 1843.761091] get_tree_nodev+0x24/0x1d0 [ 1843.761928] vfs_get_tree+0x8e/0x300 [ 1843.762723] path_mount+0x1490/0x21e0 [ 1843.763558] ? strncpy_from_user+0x9e/0x470 [ 1843.764489] ? finish_automount+0xa90/0xa90 [ 1843.765397] ? getname_flags.part.0+0x1dd/0x4f0 [ 1843.766374] __x64_sys_mount+0x282/0x300 [ 1843.767234] ? copy_mnt_ns+0xa00/0xa00 [ 1843.768058] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1843.769180] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1843.770272] do_syscall_64+0x33/0x40 [ 1843.771063] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1843.772151] RIP: 0033:0x7f07d2d5a04a 11:08:05 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 15) dup2(r0, r1) 11:08:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000f00000001b0000f4"], 0xec}}, 0x0) 11:08:05 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 63) 11:08:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000120001"], 0xec}}, 0x0) 11:08:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:08:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:08:05 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0401"], 0xec}}, 0x0) 11:08:05 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1843.772947] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1843.777048] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1843.778680] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1843.780195] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1843.780384] 9pnet: Insufficient options for proto=fd [ 1843.781712] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1843.781724] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1843.781735] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1843.799991] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1054 sclass=netlink_route_socket pid=9898 comm=syz-executor.7 11:08:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000130001"], 0xec}}, 0x0) [ 1843.820850] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1843.823339] FAULT_INJECTION: forcing a failure. [ 1843.823339] name failslab, interval 1, probability 0, space 0, times 0 [ 1843.824677] CPU: 1 PID: 9887 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1843.825472] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1843.826437] Call Trace: [ 1843.826759] dump_stack+0x107/0x167 [ 1843.827199] should_fail.cold+0x5/0xa [ 1843.827654] ? create_object.isra.0+0x3a/0xa30 [ 1843.828197] should_failslab+0x5/0x20 [ 1843.828662] kmem_cache_alloc+0x5b/0x310 [ 1843.829153] create_object.isra.0+0x3a/0xa30 [ 1843.829674] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1843.830289] kmem_cache_alloc_node+0x169/0x330 [ 1843.830840] __alloc_skb+0x6d/0x5b0 [ 1843.831288] alloc_skb_with_frags+0x92/0x570 [ 1843.831803] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1843.832412] ? __local_bh_enable_ip+0x9d/0x100 [ 1843.832927] ? trace_hardirqs_on+0x5b/0x180 [ 1843.833420] sock_alloc_send_pskb+0x7af/0x930 [ 1843.833928] ? lock_acquire+0x197/0x470 [ 1843.834387] ? sk_alloc+0x350/0x350 [ 1843.834806] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1843.835415] packet_sendmsg+0x189a/0x5370 [ 1843.835899] ? sock_has_perm+0x1ea/0x280 [ 1843.836372] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1843.836964] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1843.837568] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1843.838110] ? lock_downgrade+0x6d0/0x6d0 [ 1843.838591] sock_sendmsg+0x319/0x390 [ 1843.839026] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1843.839564] ? ____sys_sendmsg+0x870/0x870 [ 1843.840050] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1843.840661] ? timestamp_truncate+0x2f0/0x2f0 [ 1843.841174] ? find_get_entry+0x2c8/0x740 [ 1843.841649] ? iov_iter_kvec+0x3c/0x130 [ 1843.842109] sock_no_sendpage+0x12c/0x1a0 [ 1843.842581] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1843.843110] ? init_special_inode+0x1f0/0x1f0 [ 1843.843627] kernel_sendpage.part.0+0x146/0x290 [ 1843.844164] sock_sendpage+0xe5/0x140 [ 1843.844604] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1843.845175] pipe_to_sendpage+0x2af/0x380 [ 1843.845644] ? propagate_umount+0x1550/0x1550 [ 1843.846153] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1843.846762] __splice_from_pipe+0x43d/0x890 [ 1843.847256] ? propagate_umount+0x1550/0x1550 [ 1843.847770] generic_splice_sendpage+0xd5/0x140 [ 1843.848312] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1843.848822] ? security_file_permission+0xb1/0xe0 [ 1843.849371] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1843.849875] direct_splice_actor+0x10f/0x170 [ 1843.850375] splice_direct_to_actor+0x387/0x980 [ 1843.850913] ? pipe_to_sendpage+0x380/0x380 [ 1843.851413] ? do_splice_to+0x160/0x160 [ 1843.851865] ? security_file_permission+0xb1/0xe0 [ 1843.852435] do_splice_direct+0x1c4/0x290 [ 1843.852906] ? splice_direct_to_actor+0x980/0x980 [ 1843.853459] ? security_file_permission+0xb1/0xe0 [ 1843.854017] do_sendfile+0x553/0x11e0 [ 1843.854457] ? do_pwritev+0x270/0x270 [ 1843.854893] ? wait_for_completion_io+0x270/0x270 [ 1843.855458] ? rcu_read_lock_any_held+0x75/0xa0 [ 1843.856002] ? vfs_write+0x354/0xb10 [ 1843.856443] __x64_sys_sendfile64+0x1d1/0x210 [ 1843.856958] ? __ia32_sys_sendfile+0x220/0x220 [ 1843.857485] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1843.858090] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1843.858687] do_syscall_64+0x33/0x40 [ 1843.859113] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1843.859698] RIP: 0033:0x7f122aa69b19 [ 1843.860128] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1843.862286] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1843.863168] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1843.863991] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1843.864821] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1843.865640] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1843.866463] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:08:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000f00001b0000f4"], 0xec}}, 0x0) 11:08:05 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:05 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0501"], 0xec}}, 0x0) 11:08:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1843.911818] 9pnet: Insufficient options for proto=fd [ 1843.954271] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1310 sclass=netlink_route_socket pid=9911 comm=syz-executor.7 11:08:18 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0601"], 0xec}}, 0x0) [ 1856.586438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1566 sclass=netlink_route_socket pid=9919 comm=syz-executor.7 11:08:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000140001"], 0xec}}, 0x0) 11:08:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000cf00001b0000f4"], 0xec}}, 0x0) 11:08:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:08:18 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 16) dup2(r0, r1) 11:08:18 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 64) [ 1856.636396] FAULT_INJECTION: forcing a failure. [ 1856.636396] name failslab, interval 1, probability 0, space 0, times 0 [ 1856.639369] CPU: 0 PID: 9931 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1856.641118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1856.643226] Call Trace: [ 1856.643902] dump_stack+0x107/0x167 [ 1856.644848] should_fail.cold+0x5/0xa [ 1856.645826] ? create_object.isra.0+0x3a/0xa30 [ 1856.646986] should_failslab+0x5/0x20 [ 1856.647954] kmem_cache_alloc+0x5b/0x310 [ 1856.648993] ? mark_held_locks+0x9e/0xe0 [ 1856.650042] create_object.isra.0+0x3a/0xa30 [ 1856.651163] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1856.652473] kmem_cache_alloc_trace+0x151/0x320 [ 1856.653592] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1856.654697] __list_lru_init+0x44d/0x890 [ 1856.655620] alloc_super+0x8b8/0xa90 [ 1856.656474] sget_fc+0x110/0x860 [ 1856.657240] ? set_anon_super+0xc0/0xc0 [ 1856.658136] ? shmem_put_link+0x120/0x120 [ 1856.659071] get_tree_nodev+0x24/0x1d0 [ 1856.659945] vfs_get_tree+0x8e/0x300 [ 1856.660794] path_mount+0x1490/0x21e0 [ 1856.661657] ? strncpy_from_user+0x9e/0x470 [ 1856.662632] ? finish_automount+0xa90/0xa90 [ 1856.663604] ? getname_flags.part.0+0x1dd/0x4f0 [ 1856.664674] __x64_sys_mount+0x282/0x300 [ 1856.665586] ? copy_mnt_ns+0xa00/0xa00 [ 1856.666476] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1856.667666] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1856.668859] do_syscall_64+0x33/0x40 [ 1856.669733] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1856.670882] RIP: 0033:0x7f07d2d5a04a [ 1856.671714] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1856.675859] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1856.677579] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1856.679185] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1856.680793] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1856.682396] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1856.683997] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:08:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000150001"], 0xec}}, 0x0) 11:08:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000f000001b0000f4"], 0xec}}, 0x0) 11:08:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0701"], 0xec}}, 0x0) [ 1856.715900] FAULT_INJECTION: forcing a failure. [ 1856.715900] name failslab, interval 1, probability 0, space 0, times 0 [ 1856.717293] CPU: 1 PID: 9932 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1856.718065] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1856.719009] Call Trace: [ 1856.719311] dump_stack+0x107/0x167 [ 1856.719726] should_fail.cold+0x5/0xa [ 1856.720162] should_failslab+0x5/0x20 [ 1856.720599] __kmalloc_node_track_caller+0x74/0x3b0 [ 1856.721160] ? alloc_skb_with_frags+0x92/0x570 [ 1856.721676] __alloc_skb+0xb1/0x5b0 [ 1856.722093] alloc_skb_with_frags+0x92/0x570 [ 1856.722594] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1856.723194] ? __local_bh_enable_ip+0x9d/0x100 [ 1856.723711] ? trace_hardirqs_on+0x5b/0x180 [ 1856.724200] sock_alloc_send_pskb+0x7af/0x930 [ 1856.724716] ? lock_acquire+0x197/0x470 [ 1856.725169] ? sk_alloc+0x350/0x350 [ 1856.725580] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1856.726183] packet_sendmsg+0x189a/0x5370 [ 1856.726658] ? sock_has_perm+0x1ea/0x280 [ 1856.727114] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1856.727695] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1856.728293] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1856.728838] ? lock_downgrade+0x6d0/0x6d0 [ 1856.729313] sock_sendmsg+0x319/0x390 [ 1856.729743] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1856.730280] ? ____sys_sendmsg+0x870/0x870 [ 1856.730761] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1856.731356] ? timestamp_truncate+0x2f0/0x2f0 [ 1856.731862] ? find_get_entry+0x2c8/0x740 [ 1856.732338] ? iov_iter_kvec+0x3c/0x130 [ 1856.732798] sock_no_sendpage+0x12c/0x1a0 [ 1856.733263] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1856.733787] ? init_special_inode+0x1f0/0x1f0 [ 1856.734297] kernel_sendpage.part.0+0x146/0x290 [ 1856.734828] sock_sendpage+0xe5/0x140 [ 1856.735264] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1856.735824] pipe_to_sendpage+0x2af/0x380 [ 1856.736294] ? propagate_umount+0x1550/0x1550 [ 1856.736807] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1856.737413] __splice_from_pipe+0x43d/0x890 [ 1856.737900] ? propagate_umount+0x1550/0x1550 11:08:18 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1856.738413] generic_splice_sendpage+0xd5/0x140 [ 1856.739078] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1856.739579] ? security_file_permission+0xb1/0xe0 [ 1856.740126] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1856.740632] direct_splice_actor+0x10f/0x170 [ 1856.741128] splice_direct_to_actor+0x387/0x980 [ 1856.741657] ? pipe_to_sendpage+0x380/0x380 [ 1856.742143] ? do_splice_to+0x160/0x160 [ 1856.742593] ? security_file_permission+0xb1/0xe0 [ 1856.743142] do_splice_direct+0x1c4/0x290 [ 1856.743611] ? splice_direct_to_actor+0x980/0x980 [ 1856.744157] ? security_file_permission+0xb1/0xe0 [ 1856.744712] do_sendfile+0x553/0x11e0 [ 1856.745151] ? do_pwritev+0x270/0x270 [ 1856.745589] ? wait_for_completion_io+0x270/0x270 [ 1856.746137] ? rcu_read_lock_any_held+0x75/0xa0 [ 1856.746662] ? vfs_write+0x354/0xb10 [ 1856.747085] __x64_sys_sendfile64+0x1d1/0x210 [ 1856.747594] ? __ia32_sys_sendfile+0x220/0x220 [ 1856.748113] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1856.748718] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1856.749301] do_syscall_64+0x33/0x40 [ 1856.749722] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1856.750311] RIP: 0033:0x7f122aa69b19 [ 1856.750729] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1856.752804] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1856.753664] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1856.754469] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1856.755274] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1856.756075] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1856.756889] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1856.776205] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1822 sclass=netlink_route_socket pid=9942 comm=syz-executor.7 11:08:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:08:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000008001b0000f4"], 0xec}}, 0x0) 11:08:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000160001"], 0xec}}, 0x0) 11:08:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0901"], 0xec}}, 0x0) [ 1856.842017] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2334 sclass=netlink_route_socket pid=9951 comm=syz-executor.7 11:08:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000180001"], 0xec}}, 0x0) 11:08:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000fffff0001b0000f4"], 0xec}}, 0x0) 11:08:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0a01"], 0xec}}, 0x0) 11:08:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1856.913003] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2590 sclass=netlink_route_socket pid=9955 comm=syz-executor.7 [ 1869.626612] FAULT_INJECTION: forcing a failure. [ 1869.626612] name failslab, interval 1, probability 0, space 0, times 0 [ 1869.628661] CPU: 1 PID: 9978 Comm: syz-executor.3 Not tainted 5.10.247 #1 11:08:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 17) dup2(r0, r1) 11:08:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:08:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0f01"], 0xec}}, 0x0) 11:08:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000011b0000f4"], 0xec}}, 0x0) 11:08:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 65) [ 1869.630041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 11:08:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000190001"], 0xec}}, 0x0) 11:08:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1869.631333] Call Trace: [ 1869.631862] dump_stack+0x107/0x167 [ 1869.632403] should_fail.cold+0x5/0xa [ 1869.632971] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1869.633690] should_failslab+0x5/0x20 [ 1869.633749] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3870 sclass=netlink_route_socket pid=9980 comm=syz-executor.7 [ 1869.634225] kmem_cache_alloc_trace+0x55/0x320 [ 1869.634238] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1869.634254] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1869.634271] __list_lru_init+0x44d/0x890 [ 1869.634290] alloc_super+0x8b8/0xa90 [ 1869.639979] sget_fc+0x110/0x860 [ 1869.640458] ? set_anon_super+0xc0/0xc0 [ 1869.641031] ? shmem_put_link+0x120/0x120 [ 1869.641613] get_tree_nodev+0x24/0x1d0 [ 1869.642172] vfs_get_tree+0x8e/0x300 [ 1869.642696] path_mount+0x1490/0x21e0 [ 1869.643239] ? strncpy_from_user+0x9e/0x470 [ 1869.643843] ? finish_automount+0xa90/0xa90 [ 1869.644451] ? getname_flags.part.0+0x1dd/0x4f0 [ 1869.645143] __x64_sys_mount+0x282/0x300 [ 1869.645728] ? copy_mnt_ns+0xa00/0xa00 [ 1869.646299] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.647048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1869.647780] do_syscall_64+0x33/0x40 [ 1869.648313] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1869.649050] RIP: 0033:0x7f07d2d5a04a [ 1869.649578] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1869.652189] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1869.653275] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1869.654285] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1869.655294] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1869.656307] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1869.657325] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1869.671368] FAULT_INJECTION: forcing a failure. [ 1869.671368] name failslab, interval 1, probability 0, space 0, times 0 [ 1869.673902] CPU: 0 PID: 9970 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1869.675379] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1869.677198] Call Trace: [ 1869.677788] dump_stack+0x107/0x167 [ 1869.678583] should_fail.cold+0x5/0xa [ 1869.679411] ? create_object.isra.0+0x3a/0xa30 [ 1869.680409] should_failslab+0x5/0x20 [ 1869.681245] kmem_cache_alloc+0x5b/0x310 [ 1869.682145] create_object.isra.0+0x3a/0xa30 [ 1869.683096] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1869.684216] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1869.685372] ? alloc_skb_with_frags+0x92/0x570 [ 1869.686374] __alloc_skb+0xb1/0x5b0 [ 1869.687164] alloc_skb_with_frags+0x92/0x570 [ 1869.688129] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.689264] ? __local_bh_enable_ip+0x9d/0x100 [ 1869.690254] ? trace_hardirqs_on+0x5b/0x180 [ 1869.691179] sock_alloc_send_pskb+0x7af/0x930 [ 1869.692154] ? lock_acquire+0x197/0x470 [ 1869.693054] ? sk_alloc+0x350/0x350 [ 1869.693919] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1869.695083] packet_sendmsg+0x189a/0x5370 [ 1869.695986] ? sock_has_perm+0x1ea/0x280 [ 1869.696872] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1869.697987] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1869.699118] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1869.700140] ? lock_downgrade+0x6d0/0x6d0 [ 1869.701102] sock_sendmsg+0x319/0x390 [ 1869.701922] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1869.702934] ? ____sys_sendmsg+0x870/0x870 [ 1869.703850] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1869.704981] ? timestamp_truncate+0x2f0/0x2f0 [ 1869.705944] ? find_get_entry+0x2c8/0x740 [ 1869.706843] ? iov_iter_kvec+0x3c/0x130 [ 1869.707704] sock_no_sendpage+0x12c/0x1a0 [ 1869.708592] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1869.709596] ? init_special_inode+0x1f0/0x1f0 [ 1869.710565] kernel_sendpage.part.0+0x146/0x290 [ 1869.711565] sock_sendpage+0xe5/0x140 [ 1869.712384] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1869.713458] pipe_to_sendpage+0x2af/0x380 [ 1869.714346] ? propagate_umount+0x1550/0x1550 [ 1869.715308] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1869.716505] __splice_from_pipe+0x43d/0x890 [ 1869.717451] ? propagate_umount+0x1550/0x1550 [ 1869.718415] generic_splice_sendpage+0xd5/0x140 [ 1869.719415] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1869.720359] ? security_file_permission+0xb1/0xe0 [ 1869.721399] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1869.722340] direct_splice_actor+0x10f/0x170 [ 1869.723279] splice_direct_to_actor+0x387/0x980 [ 1869.724179] FAULT_INJECTION: forcing a failure. [ 1869.724179] name failslab, interval 1, probability 0, space 0, times 0 [ 1869.724269] ? pipe_to_sendpage+0x380/0x380 [ 1869.726756] ? do_splice_to+0x160/0x160 [ 1869.727608] ? security_file_permission+0xb1/0xe0 [ 1869.728665] do_splice_direct+0x1c4/0x290 [ 1869.729560] ? splice_direct_to_actor+0x980/0x980 [ 1869.730594] ? security_file_permission+0xb1/0xe0 [ 1869.731652] do_sendfile+0x553/0x11e0 [ 1869.732520] ? do_pwritev+0x270/0x270 [ 1869.733349] ? wait_for_completion_io+0x270/0x270 [ 1869.734382] ? rcu_read_lock_any_held+0x75/0xa0 [ 1869.735386] ? vfs_write+0x354/0xb10 [ 1869.736178] __x64_sys_sendfile64+0x1d1/0x210 [ 1869.737153] ? __ia32_sys_sendfile+0x220/0x220 [ 1869.738128] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.739262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1869.740357] do_syscall_64+0x33/0x40 [ 1869.741181] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1869.742268] RIP: 0033:0x7f122aa69b19 [ 1869.743075] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1869.747152] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1869.749186] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1869.751037] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1869.752965] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1869.754868] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1869.756827] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1869.758776] CPU: 1 PID: 9986 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1869.759743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1869.760909] Call Trace: [ 1869.761290] dump_stack+0x107/0x167 [ 1869.761807] should_fail.cold+0x5/0xa [ 1869.762475] ? create_object.isra.0+0x3a/0xa30 [ 1869.763128] should_failslab+0x5/0x20 [ 1869.763675] kmem_cache_alloc+0x5b/0x310 [ 1869.764260] ? mark_held_locks+0x9e/0xe0 [ 1869.764863] create_object.isra.0+0x3a/0xa30 [ 1869.765482] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1869.766199] kmem_cache_alloc_trace+0x151/0x320 [ 1869.766861] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1869.767561] __list_lru_init+0x44d/0x890 [ 1869.768139] alloc_super+0x8b8/0xa90 [ 1869.768804] sget_fc+0x110/0x860 [ 1869.769283] ? set_anon_super+0xc0/0xc0 [ 1869.769978] ? shmem_put_link+0x120/0x120 [ 1869.770708] get_tree_nodev+0x24/0x1d0 [ 1869.771392] vfs_get_tree+0x8e/0x300 [ 1869.772040] path_mount+0x1490/0x21e0 11:08:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 66) [ 1869.772730] ? strncpy_from_user+0x9e/0x470 [ 1869.773557] ? finish_automount+0xa90/0xa90 [ 1869.774302] ? getname_flags.part.0+0x1dd/0x4f0 [ 1869.775108] __x64_sys_mount+0x282/0x300 [ 1869.775811] ? copy_mnt_ns+0xa00/0xa00 [ 1869.776491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1869.777409] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1869.778301] do_syscall_64+0x33/0x40 [ 1869.778948] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1869.779828] RIP: 0033:0x7f07d2d5a04a [ 1869.780460] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1869.782942] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1869.783951] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1869.784906] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1869.785845] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1869.786785] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1869.787727] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:08:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e4801"], 0xec}}, 0x0) [ 1869.814264] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=18462 sclass=netlink_route_socket pid=9988 comm=syz-executor.7 11:08:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000021b0000f4"], 0xec}}, 0x0) 11:08:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001a0001"], 0xec}}, 0x0) 11:08:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e4c01"], 0xec}}, 0x0) [ 1869.879737] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=19486 sclass=netlink_route_socket pid=9993 comm=syz-executor.7 11:08:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001c0001"], 0xec}}, 0x0) 11:08:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 18) dup2(r0, r1) 11:08:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000000f1b0000f4"], 0xec}}, 0x0) [ 1882.640510] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.5'. 11:08:44 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:08:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e6801"], 0xec}}, 0x0) 11:08:44 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1882.655316] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=26654 sclass=netlink_route_socket pid=10019 comm=syz-executor.7 [ 1882.662580] FAULT_INJECTION: forcing a failure. [ 1882.662580] name failslab, interval 1, probability 0, space 0, times 0 [ 1882.664123] CPU: 0 PID: 10020 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1882.665026] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.666118] Call Trace: [ 1882.666463] dump_stack+0x107/0x167 [ 1882.666938] should_fail.cold+0x5/0xa [ 1882.667431] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1882.668091] should_failslab+0x5/0x20 [ 1882.668590] kmem_cache_alloc_trace+0x55/0x320 [ 1882.669192] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1882.669847] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1882.670487] __list_lru_init+0x44d/0x890 [ 1882.671013] alloc_super+0x8b8/0xa90 [ 1882.671495] sget_fc+0x110/0x860 [ 1882.671931] ? set_anon_super+0xc0/0xc0 [ 1882.672451] ? shmem_put_link+0x120/0x120 [ 1882.672994] get_tree_nodev+0x24/0x1d0 [ 1882.673498] vfs_get_tree+0x8e/0x300 [ 1882.673978] path_mount+0x1490/0x21e0 [ 1882.674476] ? strncpy_from_user+0x9e/0x470 [ 1882.675034] ? finish_automount+0xa90/0xa90 [ 1882.675589] ? getname_flags.part.0+0x1dd/0x4f0 [ 1882.676192] __x64_sys_mount+0x282/0x300 11:08:44 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 67) 11:08:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) [ 1882.676708] ? copy_mnt_ns+0xa00/0xa00 [ 1882.677427] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.678100] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.678774] do_syscall_64+0x33/0x40 [ 1882.679261] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.679914] RIP: 0033:0x7f07d2d5a04a [ 1882.680394] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.682765] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1882.683755] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1882.684680] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1882.685611] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1882.686538] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1882.687469] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1882.694861] FAULT_INJECTION: forcing a failure. [ 1882.694861] name failslab, interval 1, probability 0, space 0, times 0 [ 1882.697429] CPU: 1 PID: 10021 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1882.698842] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1882.700531] Call Trace: [ 1882.701092] dump_stack+0x107/0x167 [ 1882.701837] should_fail.cold+0x5/0xa [ 1882.702619] ? create_object.isra.0+0x3a/0xa30 [ 1882.703548] should_failslab+0x5/0x20 [ 1882.704323] kmem_cache_alloc+0x5b/0x310 [ 1882.705163] ? lock_acquire+0x197/0x470 [ 1882.705979] create_object.isra.0+0x3a/0xa30 [ 1882.706878] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1882.707913] kmem_cache_alloc+0x159/0x310 [ 1882.708799] skb_clone+0x14f/0x3d0 [ 1882.709536] dev_queue_xmit_nit+0x3a7/0xb00 [ 1882.710427] dev_hard_start_xmit+0xab/0x6f0 [ 1882.711312] __dev_queue_xmit+0x179a/0x2690 [ 1882.712194] ? packet_parse_headers+0x42f/0x980 [ 1882.713181] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1882.714119] ? __check_object_size+0x319/0x440 [ 1882.715054] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 1882.716028] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1882.717129] packet_sendmsg+0x31f4/0x5370 [ 1882.718015] ? sock_has_perm+0x1ea/0x280 [ 1882.718855] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1882.719906] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1882.721030] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1882.722039] ? lock_downgrade+0x6d0/0x6d0 [ 1882.722899] sock_sendmsg+0x319/0x390 [ 1882.723675] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1882.724653] ? ____sys_sendmsg+0x870/0x870 [ 1882.725532] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1882.726608] ? timestamp_truncate+0x2f0/0x2f0 [ 1882.727527] ? find_get_entry+0x2c8/0x740 [ 1882.728378] ? iov_iter_kvec+0x3c/0x130 [ 1882.729210] sock_no_sendpage+0x12c/0x1a0 [ 1882.730088] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1882.731040] ? init_special_inode+0x1f0/0x1f0 [ 1882.731968] kernel_sendpage.part.0+0x146/0x290 [ 1882.732938] sock_sendpage+0xe5/0x140 [ 1882.733719] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1882.734731] pipe_to_sendpage+0x2af/0x380 [ 1882.735578] ? propagate_umount+0x1550/0x1550 [ 1882.736528] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1882.737630] __splice_from_pipe+0x43d/0x890 [ 1882.738521] ? propagate_umount+0x1550/0x1550 [ 1882.739451] generic_splice_sendpage+0xd5/0x140 [ 1882.740404] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1882.741326] ? security_file_permission+0xb1/0xe0 [ 1882.742317] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1882.743215] direct_splice_actor+0x10f/0x170 [ 1882.744113] splice_direct_to_actor+0x387/0x980 [ 1882.745113] ? pipe_to_sendpage+0x380/0x380 [ 1882.745990] ? do_splice_to+0x160/0x160 [ 1882.746795] ? security_file_permission+0xb1/0xe0 [ 1882.747780] do_splice_direct+0x1c4/0x290 [ 1882.748637] ? splice_direct_to_actor+0x980/0x980 [ 1882.749636] ? security_file_permission+0xb1/0xe0 [ 1882.750634] do_sendfile+0x553/0x11e0 [ 1882.751423] ? do_pwritev+0x270/0x270 [ 1882.752206] ? wait_for_completion_io+0x270/0x270 [ 1882.753234] ? rcu_read_lock_any_held+0x75/0xa0 [ 1882.754188] ? vfs_write+0x354/0xb10 [ 1882.754950] __x64_sys_sendfile64+0x1d1/0x210 [ 1882.755861] ? __ia32_sys_sendfile+0x220/0x220 [ 1882.756804] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1882.757883] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1882.758939] do_syscall_64+0x33/0x40 [ 1882.759699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1882.760787] RIP: 0033:0x7f122aa69b19 [ 1882.761556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1882.765309] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1882.766859] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1882.768307] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1882.769780] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1882.771227] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1882.772675] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:09:00 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 19) dup2(r0, r1) 11:09:00 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xd000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e6c01"], 0xec}}, 0x0) 11:09:00 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}, {@uid_eq}]}}) 11:09:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0200001d0001"], 0xec}}, 0x0) 11:09:00 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 68) 11:09:00 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000ffffff9e1b0000f4"], 0xec}}, 0x0) [ 1898.907547] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27678 sclass=netlink_route_socket pid=10034 comm=syz-executor.7 [ 1898.919676] FAULT_INJECTION: forcing a failure. [ 1898.919676] name failslab, interval 1, probability 0, space 0, times 0 [ 1898.921225] CPU: 1 PID: 10041 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1898.922146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1898.923204] Call Trace: [ 1898.923562] dump_stack+0x107/0x167 [ 1898.924050] should_fail.cold+0x5/0xa [ 1898.924572] ? create_object.isra.0+0x3a/0xa30 [ 1898.925180] should_failslab+0x5/0x20 [ 1898.925691] kmem_cache_alloc+0x5b/0x310 [ 1898.926240] ? mark_held_locks+0x9e/0xe0 [ 1898.926775] create_object.isra.0+0x3a/0xa30 [ 1898.927357] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1898.928046] kmem_cache_alloc_trace+0x151/0x320 [ 1898.928665] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1898.929334] __list_lru_init+0x44d/0x890 [ 1898.929885] alloc_super+0x8b8/0xa90 [ 1898.930386] sget_fc+0x110/0x860 [ 1898.930838] ? set_anon_super+0xc0/0xc0 [ 1898.931378] ? shmem_put_link+0x120/0x120 [ 1898.931935] get_tree_nodev+0x24/0x1d0 [ 1898.932448] vfs_get_tree+0x8e/0x300 [ 1898.932940] path_mount+0x1490/0x21e0 [ 1898.933450] ? strncpy_from_user+0x9e/0x470 [ 1898.934021] ? finish_automount+0xa90/0xa90 [ 1898.934590] ? getname_flags.part.0+0x1dd/0x4f0 [ 1898.935182] __x64_sys_mount+0x282/0x300 [ 1898.935727] ? copy_mnt_ns+0xa00/0xa00 [ 1898.936250] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1898.936951] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1898.937646] do_syscall_64+0x33/0x40 [ 1898.938133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1898.938808] RIP: 0033:0x7f07d2d5a04a [ 1898.939284] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1898.941766] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1898.942720] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1898.943633] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1898.944576] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1898.945490] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1898.946426] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1898.954910] FAULT_INJECTION: forcing a failure. [ 1898.954910] name failslab, interval 1, probability 0, space 0, times 0 [ 1898.956418] CPU: 1 PID: 10038 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1898.957323] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1898.958373] Call Trace: [ 1898.958706] dump_stack+0x107/0x167 [ 1898.959167] should_fail.cold+0x5/0xa [ 1898.959665] ? ___slab_alloc+0x470/0x700 [ 1898.960188] ? create_object.isra.0+0x3a/0xa30 [ 1898.960779] should_failslab+0x5/0x20 [ 1898.961262] kmem_cache_alloc+0x5b/0x310 [ 1898.961779] ? lock_acquire+0x197/0x470 [ 1898.962298] create_object.isra.0+0x3a/0xa30 [ 1898.962883] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1898.963543] kmem_cache_alloc+0x159/0x310 [ 1898.964086] skb_clone+0x14f/0x3d0 [ 1898.964535] dev_queue_xmit_nit+0x3a7/0xb00 [ 1898.965123] dev_hard_start_xmit+0xab/0x6f0 [ 1898.965673] __dev_queue_xmit+0x179a/0x2690 [ 1898.966241] ? packet_parse_headers+0x42f/0x980 [ 1898.966857] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 1898.967445] ? __check_object_size+0x319/0x440 [ 1898.968050] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 1898.968662] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1898.969357] packet_sendmsg+0x31f4/0x5370 [ 1898.969909] ? sock_has_perm+0x1ea/0x280 [ 1898.970446] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1898.971118] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1898.971778] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1898.972385] ? lock_downgrade+0x6d0/0x6d0 [ 1898.972937] sock_sendmsg+0x319/0x390 [ 1898.973440] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1898.974058] ? ____sys_sendmsg+0x870/0x870 [ 1898.974598] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1898.975268] ? timestamp_truncate+0x2f0/0x2f0 [ 1898.975850] ? find_get_entry+0x2c8/0x740 [ 1898.976407] ? iov_iter_kvec+0x3c/0x130 [ 1898.976931] sock_no_sendpage+0x12c/0x1a0 [ 1898.978055] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1898.979161] ? init_special_inode+0x1f0/0x1f0 [ 1898.980236] kernel_sendpage.part.0+0x146/0x290 [ 1898.981375] sock_sendpage+0xe5/0x140 [ 1898.982287] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1898.983471] pipe_to_sendpage+0x2af/0x380 [ 1898.984458] ? propagate_umount+0x1550/0x1550 [ 1898.985535] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1898.986816] __splice_from_pipe+0x43d/0x890 [ 1898.987850] ? propagate_umount+0x1550/0x1550 [ 1898.988927] generic_splice_sendpage+0xd5/0x140 [ 1898.990041] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1898.991102] ? security_file_permission+0xb1/0xe0 [ 1898.992252] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1898.993314] direct_splice_actor+0x10f/0x170 [ 1898.994367] splice_direct_to_actor+0x387/0x980 [ 1898.995483] ? pipe_to_sendpage+0x380/0x380 [ 1898.996515] ? do_splice_to+0x160/0x160 [ 1898.997470] ? security_file_permission+0xb1/0xe0 [ 1898.998627] do_splice_direct+0x1c4/0x290 [ 1898.999615] ? splice_direct_to_actor+0x980/0x980 [ 1899.000768] ? security_file_permission+0xb1/0xe0 [ 1899.001933] do_sendfile+0x553/0x11e0 [ 1899.002858] ? do_pwritev+0x270/0x270 [ 1899.003763] ? wait_for_completion_io+0x270/0x270 [ 1899.004917] ? rcu_read_lock_any_held+0x75/0xa0 [ 1899.006027] ? vfs_write+0x354/0xb10 [ 1899.006916] __x64_sys_sendfile64+0x1d1/0x210 [ 1899.007987] ? __ia32_sys_sendfile+0x220/0x220 [ 1899.009090] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1899.010334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1899.011563] do_syscall_64+0x33/0x40 [ 1899.012454] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1899.013686] RIP: 0033:0x7f122aa69b19 [ 1899.014588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1899.019030] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1899.020893] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1899.022634] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1899.024365] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1899.026113] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1899.027872] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:09:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0300001d0001"], 0xec}}, 0x0) 11:09:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e7401"], 0xec}}, 0x0) 11:09:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000cf1b0000f4"], 0xec}}, 0x0) 11:09:00 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1899.082888] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=29726 sclass=netlink_route_socket pid=10050 comm=syz-executor.7 11:09:01 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:01 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 69) [ 1899.200986] FAULT_INJECTION: forcing a failure. [ 1899.200986] name failslab, interval 1, probability 0, space 0, times 0 [ 1899.203477] CPU: 0 PID: 10056 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1899.205038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1899.206891] Call Trace: [ 1899.207484] dump_stack+0x107/0x167 [ 1899.208306] should_fail.cold+0x5/0xa [ 1899.209178] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1899.210326] should_failslab+0x5/0x20 [ 1899.211187] kmem_cache_alloc_trace+0x55/0x320 [ 1899.212222] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1899.213389] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1899.214515] __list_lru_init+0x44d/0x890 [ 1899.215452] alloc_super+0x8b8/0xa90 [ 1899.216307] sget_fc+0x110/0x860 [ 1899.217094] ? set_anon_super+0xc0/0xc0 [ 1899.218016] ? shmem_put_link+0x120/0x120 [ 1899.218970] get_tree_nodev+0x24/0x1d0 [ 1899.219869] vfs_get_tree+0x8e/0x300 [ 1899.220729] path_mount+0x1490/0x21e0 [ 1899.221601] ? strncpy_from_user+0x9e/0x470 [ 1899.222527] ? finish_automount+0xa90/0xa90 [ 1899.223459] ? getname_flags.part.0+0x1dd/0x4f0 [ 1899.224467] __x64_sys_mount+0x282/0x300 [ 1899.225350] ? copy_mnt_ns+0xa00/0xa00 [ 1899.226191] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1899.227330] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1899.228443] do_syscall_64+0x33/0x40 [ 1899.229257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1899.230366] RIP: 0033:0x7f07d2d5a04a [ 1899.231166] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1899.235135] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1899.236750] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1899.238298] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1899.239845] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1899.241399] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1899.242942] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:09:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000fffffff01b0000f4"], 0xec}}, 0x0) 11:09:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 70) 11:09:15 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}, {@subj_user={'subj_user', 0x3d, 'cache=fscache'}}]}}) 11:09:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e7a01"], 0xec}}, 0x0) 11:09:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0800001d0001"], 0xec}}, 0x0) 11:09:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 20) dup2(r0, r1) [ 1913.533312] FAULT_INJECTION: forcing a failure. [ 1913.533312] name failslab, interval 1, probability 0, space 0, times 0 [ 1913.534743] CPU: 0 PID: 10066 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1913.535612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1913.536640] Call Trace: [ 1913.536973] dump_stack+0x107/0x167 [ 1913.537434] should_fail.cold+0x5/0xa [ 1913.537909] ? create_object.isra.0+0x3a/0xa30 [ 1913.538476] should_failslab+0x5/0x20 [ 1913.538948] kmem_cache_alloc+0x5b/0x310 [ 1913.539451] ? mark_held_locks+0x9e/0xe0 [ 1913.539957] create_object.isra.0+0x3a/0xa30 [ 1913.540498] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1913.541129] kmem_cache_alloc_trace+0x151/0x320 [ 1913.541714] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1913.542323] __list_lru_init+0x44d/0x890 [ 1913.542829] alloc_super+0x8b8/0xa90 [ 1913.543291] sget_fc+0x110/0x860 [ 1913.543711] ? set_anon_super+0xc0/0xc0 [ 1913.544208] ? shmem_put_link+0x120/0x120 [ 1913.544717] get_tree_nodev+0x24/0x1d0 [ 1913.545203] vfs_get_tree+0x8e/0x300 [ 1913.545665] path_mount+0x1490/0x21e0 [ 1913.546139] ? strncpy_from_user+0x9e/0x470 [ 1913.546672] ? finish_automount+0xa90/0xa90 [ 1913.547208] ? getname_flags.part.0+0x1dd/0x4f0 [ 1913.547788] __x64_sys_mount+0x282/0x300 [ 1913.548290] ? copy_mnt_ns+0xa00/0xa00 [ 1913.548776] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1913.549434] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1913.550075] do_syscall_64+0x33/0x40 [ 1913.550537] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1913.551171] RIP: 0033:0x7f07d2d5a04a [ 1913.551640] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1913.553910] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1913.554846] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1913.555729] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1913.556609] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1913.557495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1913.558383] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1913.565618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31262 sclass=netlink_route_socket pid=10080 comm=syz-executor.7 11:09:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0f00001d0001"], 0xec}}, 0x0) [ 1913.598084] FAULT_INJECTION: forcing a failure. [ 1913.598084] name failslab, interval 1, probability 0, space 0, times 0 [ 1913.600523] CPU: 1 PID: 10076 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1913.601988] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1913.603718] Call Trace: [ 1913.604276] dump_stack+0x107/0x167 [ 1913.605034] should_fail.cold+0x5/0xa [ 1913.605839] ? create_object.isra.0+0x3a/0xa30 [ 1913.606795] should_failslab+0x5/0x20 [ 1913.607592] kmem_cache_alloc+0x5b/0x310 [ 1913.608440] create_object.isra.0+0x3a/0xa30 [ 1913.609362] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1913.610423] kmem_cache_alloc_node+0x169/0x330 [ 1913.611384] __alloc_skb+0x6d/0x5b0 [ 1913.612148] alloc_skb_with_frags+0x92/0x570 [ 1913.613071] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1913.614174] ? __local_bh_enable_ip+0x9d/0x100 [ 1913.615127] ? trace_hardirqs_on+0x5b/0x180 [ 1913.616030] sock_alloc_send_pskb+0x7af/0x930 [ 1913.616967] ? lock_acquire+0x197/0x470 [ 1913.617814] ? sk_alloc+0x350/0x350 [ 1913.618573] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1913.619670] packet_sendmsg+0x189a/0x5370 [ 1913.620544] ? sock_has_perm+0x1ea/0x280 [ 1913.621405] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1913.622483] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1913.623579] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1913.624581] ? lock_downgrade+0x6d0/0x6d0 [ 1913.625465] sock_sendmsg+0x319/0x390 [ 1913.626257] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1913.627242] ? ____sys_sendmsg+0x870/0x870 [ 1913.628128] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1913.629232] ? timestamp_truncate+0x2f0/0x2f0 [ 1913.630168] ? find_get_entry+0x2c8/0x740 [ 1913.631034] ? iov_iter_kvec+0x3c/0x130 [ 1913.631879] sock_no_sendpage+0x12c/0x1a0 [ 1913.632734] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1913.633715] ? init_special_inode+0x1f0/0x1f0 [ 1913.634651] kernel_sendpage.part.0+0x146/0x290 [ 1913.635629] sock_sendpage+0xe5/0x140 [ 1913.636421] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1913.637473] pipe_to_sendpage+0x2af/0x380 [ 1913.638343] ? propagate_umount+0x1550/0x1550 [ 1913.639286] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1913.640406] __splice_from_pipe+0x43d/0x890 [ 1913.641326] ? propagate_umount+0x1550/0x1550 [ 1913.642278] generic_splice_sendpage+0xd5/0x140 [ 1913.643249] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1913.644179] ? security_file_permission+0xb1/0xe0 [ 1913.645199] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1913.646123] direct_splice_actor+0x10f/0x170 [ 1913.647045] splice_direct_to_actor+0x387/0x980 [ 1913.648023] ? pipe_to_sendpage+0x380/0x380 [ 1913.648927] ? do_splice_to+0x160/0x160 [ 1913.649767] ? security_file_permission+0xb1/0xe0 [ 1913.650789] do_splice_direct+0x1c4/0x290 [ 1913.651658] ? splice_direct_to_actor+0x980/0x980 [ 1913.652671] ? security_file_permission+0xb1/0xe0 [ 1913.653701] do_sendfile+0x553/0x11e0 [ 1913.654509] ? do_pwritev+0x270/0x270 [ 1913.655309] ? wait_for_completion_io+0x270/0x270 [ 1913.656316] ? rcu_read_lock_any_held+0x75/0xa0 [ 1913.657312] ? vfs_write+0x354/0xb10 [ 1913.658098] __x64_sys_sendfile64+0x1d1/0x210 [ 1913.659038] ? __ia32_sys_sendfile+0x220/0x220 [ 1913.660006] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1913.661125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1913.662213] do_syscall_64+0x33/0x40 [ 1913.662997] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1913.664074] RIP: 0033:0x7f122aa69b19 [ 1913.664852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1913.668732] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1913.670342] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1913.671840] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1913.673340] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1913.674833] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1913.676327] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:09:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ecf000001d0001"], 0xec}}, 0x0) 11:09:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000f0ffff1b0000f4"], 0xec}}, 0x0) 11:09:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001ec002"], 0xec}}, 0x0) 11:09:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec3302001d0001"], 0xec}}, 0x0) 11:09:15 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 71) 11:09:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000007fffffff1b0000f4"], 0xec}}, 0x0) 11:09:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}, {@euid_gt}]}}) 11:09:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1913.788690] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49182 sclass=netlink_route_socket pid=10097 comm=syz-executor.7 [ 1913.802845] FAULT_INJECTION: forcing a failure. [ 1913.802845] name failslab, interval 1, probability 0, space 0, times 0 [ 1913.804191] CPU: 0 PID: 10100 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1913.805034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1913.806040] Call Trace: [ 1913.806358] dump_stack+0x107/0x167 [ 1913.806797] should_fail.cold+0x5/0xa [ 1913.807260] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1913.807866] should_failslab+0x5/0x20 [ 1913.808317] kmem_cache_alloc_trace+0x55/0x320 [ 1913.808867] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1913.809494] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1913.810083] __list_lru_init+0x44d/0x890 [ 1913.810570] alloc_super+0x8b8/0xa90 [ 1913.811015] sget_fc+0x110/0x860 [ 1913.811421] ? set_anon_super+0xc0/0xc0 [ 1913.811898] ? shmem_put_link+0x120/0x120 [ 1913.812396] get_tree_nodev+0x24/0x1d0 [ 1913.812858] vfs_get_tree+0x8e/0x300 [ 1913.813310] path_mount+0x1490/0x21e0 [ 1913.813778] ? strncpy_from_user+0x9e/0x470 [ 1913.814295] ? finish_automount+0xa90/0xa90 [ 1913.814815] ? getname_flags.part.0+0x1dd/0x4f0 [ 1913.815376] __x64_sys_mount+0x282/0x300 [ 1913.815867] ? copy_mnt_ns+0xa00/0xa00 [ 1913.816337] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1913.816964] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1913.817593] do_syscall_64+0x33/0x40 [ 1913.818033] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1913.818643] RIP: 0033:0x7f07d2d5a04a [ 1913.819095] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1913.821302] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1913.822216] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1913.823065] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1913.823932] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1913.824788] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1913.825647] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:09:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0003001d0001"], 0xec}}, 0x0) 11:09:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000009effffff1b0000f4"], 0xec}}, 0x0) 11:09:30 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:30 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:30 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 11:09:30 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 72) 11:09:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000f001d0001"], 0xec}}, 0x0) 11:09:30 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000f0ffffff1b0000f4"], 0xec}}, 0x0) 11:09:30 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 21) dup2(r0, r1) 11:09:30 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0003"], 0xec}}, 0x0) [ 1928.910640] FAULT_INJECTION: forcing a failure. [ 1928.910640] name failslab, interval 1, probability 0, space 0, times 0 [ 1928.912768] CPU: 1 PID: 10120 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1928.914067] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1928.915603] Call Trace: [ 1928.916092] dump_stack+0x107/0x167 [ 1928.916764] should_fail.cold+0x5/0xa [ 1928.917474] should_failslab+0x5/0x20 [ 1928.918166] __kmalloc_node_track_caller+0x74/0x3b0 [ 1928.919069] ? alloc_skb_with_frags+0x92/0x570 [ 1928.919901] __alloc_skb+0xb1/0x5b0 [ 1928.920572] alloc_skb_with_frags+0x92/0x570 [ 1928.921382] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1928.922324] ? __local_bh_enable_ip+0x9d/0x100 [ 1928.923154] ? trace_hardirqs_on+0x5b/0x180 [ 1928.923943] sock_alloc_send_pskb+0x7af/0x930 [ 1928.924758] ? lock_acquire+0x197/0x470 [ 1928.925494] ? sk_alloc+0x350/0x350 [ 1928.926160] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1928.927119] packet_sendmsg+0x189a/0x5370 [ 1928.927889] ? sock_has_perm+0x1ea/0x280 [ 1928.928631] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1928.929581] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1928.930545] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1928.931415] ? lock_downgrade+0x6d0/0x6d0 [ 1928.932175] sock_sendmsg+0x319/0x390 [ 1928.932869] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1928.933573] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1928.933747] ? ____sys_sendmsg+0x870/0x870 [ 1928.936882] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1928.937847] ? timestamp_truncate+0x2f0/0x2f0 [ 1928.938660] ? find_get_entry+0x2c8/0x740 [ 1928.939427] ? iov_iter_kvec+0x3c/0x130 [ 1928.940166] sock_no_sendpage+0x12c/0x1a0 [ 1928.940918] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1928.941761] ? init_special_inode+0x1f0/0x1f0 [ 1928.942572] kernel_sendpage.part.0+0x146/0x290 [ 1928.943417] sock_sendpage+0xe5/0x140 [ 1928.943798] FAULT_INJECTION: forcing a failure. [ 1928.943798] name failslab, interval 1, probability 0, space 0, times 0 [ 1928.944117] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1928.947474] pipe_to_sendpage+0x2af/0x380 [ 1928.948232] ? propagate_umount+0x1550/0x1550 [ 1928.949041] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1928.950028] __splice_from_pipe+0x43d/0x890 [ 1928.950806] ? propagate_umount+0x1550/0x1550 [ 1928.951622] generic_splice_sendpage+0xd5/0x140 [ 1928.952463] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1928.953261] ? security_file_permission+0xb1/0xe0 [ 1928.954142] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1928.954941] direct_splice_actor+0x10f/0x170 [ 1928.955745] splice_direct_to_actor+0x387/0x980 [ 1928.956584] ? pipe_to_sendpage+0x380/0x380 [ 1928.957371] ? do_splice_to+0x160/0x160 [ 1928.958083] ? security_file_permission+0xb1/0xe0 [ 1928.958961] do_splice_direct+0x1c4/0x290 [ 1928.959712] ? splice_direct_to_actor+0x980/0x980 [ 1928.960579] ? security_file_permission+0xb1/0xe0 [ 1928.961466] do_sendfile+0x553/0x11e0 [ 1928.962165] ? do_pwritev+0x270/0x270 [ 1928.962853] ? wait_for_completion_io+0x270/0x270 [ 1928.963715] ? rcu_read_lock_any_held+0x75/0xa0 [ 1928.964539] ? vfs_write+0x354/0xb10 [ 1928.965204] __x64_sys_sendfile64+0x1d1/0x210 [ 1928.966018] ? __ia32_sys_sendfile+0x220/0x220 [ 1928.966838] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1928.967776] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1928.968701] do_syscall_64+0x33/0x40 [ 1928.969374] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1928.970283] RIP: 0033:0x7f122aa69b19 [ 1928.970948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1928.974245] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1928.975615] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1928.976888] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1928.978179] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1928.979458] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1928.980737] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 1928.982052] CPU: 0 PID: 10129 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1928.983615] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1928.985463] Call Trace: [ 1928.986046] dump_stack+0x107/0x167 [ 1928.986857] should_fail.cold+0x5/0xa [ 1928.987709] ? create_object.isra.0+0x3a/0xa30 [ 1928.988716] should_failslab+0x5/0x20 [ 1928.989565] kmem_cache_alloc+0x5b/0x310 [ 1928.990462] ? mark_held_locks+0x9e/0xe0 [ 1928.991361] create_object.isra.0+0x3a/0xa30 [ 1928.992330] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1928.993463] kmem_cache_alloc_trace+0x151/0x320 [ 1928.994495] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1928.995580] __list_lru_init+0x44d/0x890 [ 1928.996483] alloc_super+0x8b8/0xa90 [ 1928.997310] sget_fc+0x110/0x860 [ 1928.998069] ? set_anon_super+0xc0/0xc0 [ 1928.998958] ? shmem_put_link+0x120/0x120 [ 1928.999874] get_tree_nodev+0x24/0x1d0 [ 1929.000734] vfs_get_tree+0x8e/0x300 [ 1929.001567] path_mount+0x1490/0x21e0 [ 1929.002413] ? strncpy_from_user+0x9e/0x470 [ 1929.003362] ? finish_automount+0xa90/0xa90 [ 1929.004319] ? getname_flags.part.0+0x1dd/0x4f0 [ 1929.005354] __x64_sys_mount+0x282/0x300 [ 1929.006245] ? copy_mnt_ns+0xa00/0xa00 [ 1929.007097] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1929.008239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1929.009381] do_syscall_64+0x33/0x40 [ 1929.010193] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1929.011311] RIP: 0033:0x7f07d2d5a04a [ 1929.012125] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1929.016150] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1929.017814] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1929.019372] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1929.020931] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1929.022498] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1929.024054] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:09:30 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0233001d0001"], 0xec}}, 0x0) 11:09:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000200001b0000f4"], 0xec}}, 0x0) 11:09:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:52 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 22) dup2(r0, r1) 11:09:52 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 73) 11:09:52 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x51030000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:52 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000800001b0000f4"], 0xec}}, 0x0) 11:09:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0025"], 0xec}}, 0x0) [ 1950.743048] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1950.753458] FAULT_INJECTION: forcing a failure. [ 1950.753458] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.754727] CPU: 0 PID: 10151 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1950.755474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1950.756365] Call Trace: [ 1950.756655] dump_stack+0x107/0x167 [ 1950.757050] should_fail.cold+0x5/0xa [ 1950.757464] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1950.758022] should_failslab+0x5/0x20 [ 1950.758440] kmem_cache_alloc_trace+0x55/0x320 [ 1950.758928] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1950.759471] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1950.760025] __list_lru_init+0x44d/0x890 [ 1950.760466] alloc_super+0x8b8/0xa90 [ 1950.760890] sget_fc+0x110/0x860 [ 1950.761253] ? set_anon_super+0xc0/0xc0 [ 1950.761729] ? shmem_put_link+0x120/0x120 [ 1950.762174] get_tree_nodev+0x24/0x1d0 [ 1950.762617] vfs_get_tree+0x8e/0x300 [ 1950.763020] path_mount+0x1490/0x21e0 [ 1950.763455] ? strncpy_from_user+0x9e/0x470 [ 1950.763921] ? finish_automount+0xa90/0xa90 [ 1950.764384] ? getname_flags.part.0+0x1dd/0x4f0 [ 1950.764913] __x64_sys_mount+0x282/0x300 [ 1950.765348] ? copy_mnt_ns+0xa00/0xa00 [ 1950.765788] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 11:09:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0081001d0001"], 0xec}}, 0x0) 11:09:52 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}, {@fsname={'fsname', 0x3d, '.'}}]}}) 11:09:52 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1950.766381] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1950.767073] do_syscall_64+0x33/0x40 [ 1950.767493] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1950.768070] RIP: 0033:0x7f07d2d5a04a [ 1950.768489] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1950.770679] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1950.771884] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1950.773017] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1950.774171] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1950.775309] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1950.776435] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:09:52 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e003d"], 0xec}}, 0x0) [ 1950.817799] FAULT_INJECTION: forcing a failure. [ 1950.817799] name failslab, interval 1, probability 0, space 0, times 0 [ 1950.819178] CPU: 0 PID: 10162 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1950.819955] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1950.820898] Call Trace: [ 1950.821205] dump_stack+0x107/0x167 [ 1950.821639] should_fail.cold+0x5/0xa [ 1950.822077] ? create_object.isra.0+0x3a/0xa30 [ 1950.822592] should_failslab+0x5/0x20 [ 1950.823024] kmem_cache_alloc+0x5b/0x310 [ 1950.823469] create_object.isra.0+0x3a/0xa30 [ 1950.823947] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1950.824522] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1950.825071] ? alloc_skb_with_frags+0x92/0x570 [ 1950.825601] __alloc_skb+0xb1/0x5b0 [ 1950.826033] alloc_skb_with_frags+0x92/0x570 [ 1950.826513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1950.827108] ? __local_bh_enable_ip+0x9d/0x100 [ 1950.827621] ? trace_hardirqs_on+0x5b/0x180 [ 1950.828089] sock_alloc_send_pskb+0x7af/0x930 [ 1950.828597] ? lock_acquire+0x197/0x470 [ 1950.829030] ? sk_alloc+0x350/0x350 [ 1950.829425] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1950.830044] packet_sendmsg+0x189a/0x5370 [ 1950.830520] ? sock_has_perm+0x1ea/0x280 [ 1950.830981] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1950.831571] ? finish_task_switch+0x126/0x5d0 [ 1950.832076] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1950.832625] sock_sendmsg+0x319/0x390 [ 1950.833055] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1950.833565] ? ____sys_sendmsg+0x870/0x870 [ 1950.834063] ? io_schedule_timeout+0x140/0x140 [ 1950.834559] ? iov_iter_kvec+0x3c/0x130 [ 1950.835013] sock_no_sendpage+0x12c/0x1a0 [ 1950.835460] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1950.835983] ? init_special_inode+0x1f0/0x1f0 [ 1950.836480] kernel_sendpage.part.0+0x146/0x290 [ 1950.836999] sock_sendpage+0xe5/0x140 [ 1950.837434] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1950.837994] pipe_to_sendpage+0x2af/0x380 [ 1950.838465] ? propagate_umount+0x1550/0x1550 [ 1950.838949] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1950.839525] __splice_from_pipe+0x43d/0x890 [ 1950.840020] ? propagate_umount+0x1550/0x1550 [ 1950.840508] generic_splice_sendpage+0xd5/0x140 [ 1950.841034] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1950.841517] ? security_file_permission+0xb1/0xe0 [ 1950.842078] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1950.842578] direct_splice_actor+0x10f/0x170 [ 1950.843054] splice_direct_to_actor+0x387/0x980 [ 1950.843585] ? pipe_to_sendpage+0x380/0x380 [ 1950.844076] ? do_splice_to+0x160/0x160 [ 1950.844525] ? security_file_permission+0xb1/0xe0 [ 1950.845051] do_splice_direct+0x1c4/0x290 [ 1950.845523] ? splice_direct_to_actor+0x980/0x980 [ 1950.846067] ? security_file_permission+0xb1/0xe0 [ 1950.846591] do_sendfile+0x553/0x11e0 [ 1950.847007] ? do_pwritev+0x270/0x270 [ 1950.847419] ? wait_for_completion_io+0x270/0x270 [ 1950.847942] ? rcu_read_lock_any_held+0x75/0xa0 [ 1950.848467] ? vfs_write+0x354/0xb10 [ 1950.848872] __x64_sys_sendfile64+0x1d1/0x210 [ 1950.849381] ? __ia32_sys_sendfile+0x220/0x220 [ 1950.849897] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1950.850492] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1950.851053] do_syscall_64+0x33/0x40 [ 1950.851476] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1950.852033] RIP: 0033:0x7f122aa69b19 [ 1950.852455] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1950.854558] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1950.855420] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1950.856229] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1950.857039] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1950.857859] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1950.858667] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:09:52 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:09:52 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00f0001d0001"], 0xec}}, 0x0) 11:09:52 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000f00001b0000f4"], 0xec}}, 0x0) [ 1950.911679] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:10:06 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}, {@defcontext={'defcontext', 0x3d, 'system_u'}}]}}) [ 1964.160850] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=10183 comm=syz-executor.5 11:10:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000730001"], 0xec}}, 0x0) 11:10:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000cf00001b0000f4"], 0xec}}, 0x0) 11:10:06 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:06 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 74) 11:10:06 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80040000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:06 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 23) dup2(r0, r1) 11:10:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0061"], 0xec}}, 0x0) [ 1964.199043] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1964.204004] FAULT_INJECTION: forcing a failure. [ 1964.204004] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.206484] CPU: 1 PID: 10192 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1964.207934] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.209690] Call Trace: [ 1964.210267] dump_stack+0x107/0x167 [ 1964.211038] should_fail.cold+0x5/0xa [ 1964.211842] ? create_object.isra.0+0x3a/0xa30 [ 1964.212795] should_failslab+0x5/0x20 [ 1964.213602] kmem_cache_alloc+0x5b/0x310 [ 1964.214467] ? mark_held_locks+0x9e/0xe0 [ 1964.215320] create_object.isra.0+0x3a/0xa30 [ 1964.216245] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.217323] kmem_cache_alloc_trace+0x151/0x320 [ 1964.218317] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1964.219348] __list_lru_init+0x44d/0x890 [ 1964.220208] alloc_super+0x8b8/0xa90 [ 1964.220988] sget_fc+0x110/0x860 [ 1964.221696] ? set_anon_super+0xc0/0xc0 [ 1964.222545] ? shmem_put_link+0x120/0x120 [ 1964.223412] get_tree_nodev+0x24/0x1d0 [ 1964.224228] vfs_get_tree+0x8e/0x300 [ 1964.225011] path_mount+0x1490/0x21e0 [ 1964.225834] ? strncpy_from_user+0x9e/0x470 [ 1964.226738] ? finish_automount+0xa90/0xa90 [ 1964.227646] ? getname_flags.part.0+0x1dd/0x4f0 [ 1964.228633] __x64_sys_mount+0x282/0x300 [ 1964.229478] ? copy_mnt_ns+0xa00/0xa00 [ 1964.230308] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.231399] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.232472] do_syscall_64+0x33/0x40 [ 1964.233255] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.234332] RIP: 0033:0x7f07d2d5a04a [ 1964.235113] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.238940] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 11:10:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000f000001b0000f4"], 0xec}}, 0x0) [ 1964.240530] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1964.242262] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1964.243800] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1964.245300] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1964.246811] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1964.270422] FAULT_INJECTION: forcing a failure. [ 1964.270422] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1964.273061] CPU: 1 PID: 10194 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1964.274542] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.276286] Call Trace: [ 1964.276847] dump_stack+0x107/0x167 [ 1964.277615] should_fail.cold+0x5/0xa [ 1964.278429] __alloc_pages_nodemask+0x182/0x600 [ 1964.279435] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1964.280704] ? __kmalloc_node_track_caller+0x2f8/0x3b0 [ 1964.281818] ? alloc_skb_with_frags+0x92/0x570 [ 1964.282783] alloc_pages_current+0x187/0x280 [ 1964.283713] alloc_skb_with_frags+0x1a6/0x570 [ 1964.284660] ? trace_hardirqs_on+0x5b/0x180 11:10:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0002"], 0xec}}, 0x0) [ 1964.285571] sock_alloc_send_pskb+0x7af/0x930 [ 1964.286770] ? lock_acquire+0x197/0x470 [ 1964.287604] ? sk_alloc+0x350/0x350 [ 1964.288381] ? __lock_acquire+0x1657/0x5b00 [ 1964.289298] packet_sendmsg+0x189a/0x5370 [ 1964.290199] ? sock_has_perm+0x1ea/0x280 [ 1964.291054] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1964.292147] ? finish_task_switch+0x126/0x5d0 [ 1964.293089] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1964.294114] sock_sendmsg+0x319/0x390 [ 1964.294915] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1964.295916] ? ____sys_sendmsg+0x870/0x870 [ 1964.296819] ? io_schedule_timeout+0x140/0x140 [ 1964.297793] ? iov_iter_kvec+0x3c/0x130 [ 1964.298639] sock_no_sendpage+0x12c/0x1a0 [ 1964.299515] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1964.300489] ? init_special_inode+0x1f0/0x1f0 [ 1964.301442] kernel_sendpage.part.0+0x146/0x290 [ 1964.302439] sock_sendpage+0xe5/0x140 [ 1964.303247] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1964.304301] pipe_to_sendpage+0x2af/0x380 [ 1964.305180] ? propagate_umount+0x1550/0x1550 [ 1964.306135] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1964.307264] __splice_from_pipe+0x43d/0x890 [ 1964.308176] ? propagate_umount+0x1550/0x1550 [ 1964.309129] generic_splice_sendpage+0xd5/0x140 [ 1964.310120] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1964.311059] ? security_file_permission+0xb1/0xe0 [ 1964.312084] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1964.313017] direct_splice_actor+0x10f/0x170 [ 1964.313958] splice_direct_to_actor+0x387/0x980 [ 1964.314940] ? pipe_to_sendpage+0x380/0x380 [ 1964.315858] ? do_splice_to+0x160/0x160 [ 1964.316696] ? security_file_permission+0xb1/0xe0 [ 1964.317729] do_splice_direct+0x1c4/0x290 [ 1964.318615] ? splice_direct_to_actor+0x980/0x980 [ 1964.319639] ? security_file_permission+0xb1/0xe0 [ 1964.320681] do_sendfile+0x553/0x11e0 [ 1964.321498] ? do_pwritev+0x270/0x270 [ 1964.322311] ? wait_for_completion_io+0x270/0x270 [ 1964.323341] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.324315] ? vfs_write+0x354/0xb10 [ 1964.325098] __x64_sys_sendfile64+0x1d1/0x210 [ 1964.326050] ? __ia32_sys_sendfile+0x220/0x220 [ 1964.327015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.328118] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.329208] do_syscall_64+0x33/0x40 [ 1964.330003] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.331080] RIP: 0033:0x7f122aa69b19 [ 1964.331868] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.335754] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1964.337358] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1964.338871] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1964.340375] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.341891] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1964.343393] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:10:06 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0002001d0001"], 0xec}}, 0x0) 11:10:06 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000f001b0000f4"], 0xec}}, 0x0) 11:10:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0003"], 0xec}}, 0x0) 11:10:06 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 75) 11:10:06 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@hash}]}}) [ 1964.483986] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:10:06 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 24) dup2(r0, r1) 11:10:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0003001d0001"], 0xec}}, 0x0) [ 1964.523308] FAULT_INJECTION: forcing a failure. [ 1964.523308] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.525690] CPU: 1 PID: 10215 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1964.527086] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.528776] Call Trace: [ 1964.529317] dump_stack+0x107/0x167 [ 1964.530068] should_fail.cold+0x5/0xa [ 1964.530845] ? create_object.isra.0+0x3a/0xa30 [ 1964.531771] should_failslab+0x5/0x20 [ 1964.532549] kmem_cache_alloc+0x5b/0x310 [ 1964.533377] ? mark_held_locks+0x9e/0xe0 [ 1964.534219] create_object.isra.0+0x3a/0xa30 [ 1964.535111] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.536144] kmem_cache_alloc_trace+0x151/0x320 [ 1964.537083] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1964.538097] __list_lru_init+0x44d/0x890 [ 1964.538929] alloc_super+0x8b8/0xa90 [ 1964.539691] sget_fc+0x110/0x860 [ 1964.540375] ? set_anon_super+0xc0/0xc0 [ 1964.541186] ? shmem_put_link+0x120/0x120 [ 1964.542030] get_tree_nodev+0x24/0x1d0 [ 1964.542817] vfs_get_tree+0x8e/0x300 [ 1964.543568] path_mount+0x1490/0x21e0 [ 1964.544339] ? strncpy_from_user+0x9e/0x470 [ 1964.545204] ? finish_automount+0xa90/0xa90 [ 1964.546081] ? getname_flags.part.0+0x1dd/0x4f0 [ 1964.547020] __x64_sys_mount+0x282/0x300 [ 1964.547833] ? copy_mnt_ns+0xa00/0xa00 [ 1964.548615] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.549671] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.550716] do_syscall_64+0x33/0x40 [ 1964.551466] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.552501] RIP: 0033:0x7f07d2d5a04a [ 1964.553251] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.556951] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1964.558498] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1964.559942] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1964.561382] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1964.562827] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1964.564255] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1964.623518] FAULT_INJECTION: forcing a failure. [ 1964.623518] name failslab, interval 1, probability 0, space 0, times 0 [ 1964.625743] CPU: 1 PID: 10219 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1964.627113] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1964.628727] Call Trace: [ 1964.629246] dump_stack+0x107/0x167 [ 1964.629969] should_fail.cold+0x5/0xa [ 1964.630721] ? create_object.isra.0+0x3a/0xa30 [ 1964.631613] should_failslab+0x5/0x20 [ 1964.632357] kmem_cache_alloc+0x5b/0x310 [ 1964.633162] create_object.isra.0+0x3a/0xa30 [ 1964.634027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1964.635019] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 1964.636007] ? alloc_skb_with_frags+0x92/0x570 [ 1964.636898] __alloc_skb+0xb1/0x5b0 [ 1964.637603] alloc_skb_with_frags+0x92/0x570 [ 1964.638458] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.639463] ? __local_bh_enable_ip+0x9d/0x100 [ 1964.640337] ? trace_hardirqs_on+0x5b/0x180 [ 1964.641170] sock_alloc_send_pskb+0x7af/0x930 [ 1964.642044] ? lock_acquire+0x197/0x470 [ 1964.642813] ? sk_alloc+0x350/0x350 [ 1964.643515] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1964.644530] packet_sendmsg+0x189a/0x5370 [ 1964.645339] ? sock_has_perm+0x1ea/0x280 [ 1964.646129] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1964.647113] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1964.648118] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1964.649021] ? lock_downgrade+0x6d0/0x6d0 [ 1964.649819] sock_sendmsg+0x319/0x390 [ 1964.650537] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1964.651439] ? ____sys_sendmsg+0x870/0x870 [ 1964.652249] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1964.653235] ? timestamp_truncate+0x2f0/0x2f0 [ 1964.654092] ? find_get_entry+0x2c8/0x740 [ 1964.654874] ? iov_iter_kvec+0x3c/0x130 [ 1964.655617] sock_no_sendpage+0x12c/0x1a0 [ 1964.656380] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1964.657228] ? init_special_inode+0x1f0/0x1f0 [ 1964.658071] kernel_sendpage.part.0+0x146/0x290 [ 1964.658952] sock_sendpage+0xe5/0x140 [ 1964.659675] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1964.660622] pipe_to_sendpage+0x2af/0x380 [ 1964.661402] ? propagate_umount+0x1550/0x1550 [ 1964.662253] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1964.663237] __splice_from_pipe+0x43d/0x890 [ 1964.664024] ? propagate_umount+0x1550/0x1550 [ 1964.664854] generic_splice_sendpage+0xd5/0x140 [ 1964.665701] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1964.666515] ? security_file_permission+0xb1/0xe0 [ 1964.667392] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1964.668190] direct_splice_actor+0x10f/0x170 [ 1964.668998] splice_direct_to_actor+0x387/0x980 [ 1964.669854] ? pipe_to_sendpage+0x380/0x380 [ 1964.670636] ? do_splice_to+0x160/0x160 [ 1964.671363] ? security_file_permission+0xb1/0xe0 [ 1964.672246] do_splice_direct+0x1c4/0x290 [ 1964.672998] ? splice_direct_to_actor+0x980/0x980 [ 1964.673889] ? security_file_permission+0xb1/0xe0 [ 1964.674777] do_sendfile+0x553/0x11e0 [ 1964.675471] ? do_pwritev+0x270/0x270 [ 1964.676170] ? wait_for_completion_io+0x270/0x270 [ 1964.677054] ? rcu_read_lock_any_held+0x75/0xa0 [ 1964.677908] ? vfs_write+0x354/0xb10 [ 1964.678580] __x64_sys_sendfile64+0x1d1/0x210 [ 1964.679397] ? __ia32_sys_sendfile+0x220/0x220 [ 1964.680232] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1964.681170] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1964.682127] do_syscall_64+0x33/0x40 [ 1964.682805] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1964.683741] RIP: 0033:0x7f122aa69b19 [ 1964.684422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1964.687764] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1964.689136] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1964.690428] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1964.691724] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1964.693008] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1964.694299] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:10:21 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 25) dup2(r0, r1) 11:10:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000cf001b0000f4"], 0xec}}, 0x0) 11:10:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0008"], 0xec}}, 0x0) 11:10:21 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 76) 11:10:21 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:21 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:21 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}]}}) 11:10:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0008001d0001"], 0xec}}, 0x0) [ 1979.316832] FAULT_INJECTION: forcing a failure. [ 1979.316832] name failslab, interval 1, probability 0, space 0, times 0 [ 1979.319405] CPU: 0 PID: 10243 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1979.320938] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1979.322798] Call Trace: [ 1979.323391] dump_stack+0x107/0x167 [ 1979.324206] should_fail.cold+0x5/0xa [ 1979.325080] ? create_object.isra.0+0x3a/0xa30 [ 1979.326121] should_failslab+0x5/0x20 [ 1979.326977] kmem_cache_alloc+0x5b/0x310 [ 1979.327891] ? mark_held_locks+0x9e/0xe0 [ 1979.328804] create_object.isra.0+0x3a/0xa30 [ 1979.329793] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1979.330945] kmem_cache_alloc_trace+0x151/0x320 [ 1979.332013] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1979.333139] __list_lru_init+0x44d/0x890 [ 1979.334073] alloc_super+0x8b8/0xa90 [ 1979.334918] sget_fc+0x110/0x860 [ 1979.335692] ? set_anon_super+0xc0/0xc0 [ 1979.336621] ? shmem_put_link+0x120/0x120 [ 1979.337568] get_tree_nodev+0x24/0x1d0 [ 1979.338476] vfs_get_tree+0x8e/0x300 [ 1979.339341] path_mount+0x1490/0x21e0 [ 1979.340236] ? strncpy_from_user+0x9e/0x470 [ 1979.341232] ? finish_automount+0xa90/0xa90 [ 1979.342239] ? getname_flags.part.0+0x1dd/0x4f0 [ 1979.343300] __x64_sys_mount+0x282/0x300 [ 1979.344214] ? copy_mnt_ns+0xa00/0xa00 [ 1979.345094] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1979.346333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1979.347549] do_syscall_64+0x33/0x40 [ 1979.348397] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1979.349603] RIP: 0033:0x7f07d2d5a04a [ 1979.350458] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1979.354785] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1979.356546] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1979.358211] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1979.359850] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1979.361494] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1979.363206] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 1979.379404] FAULT_INJECTION: forcing a failure. [ 1979.379404] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1979.382456] CPU: 0 PID: 10231 Comm: syz-executor.0 Not tainted 5.10.247 #1 11:10:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000f0001b0000f4"], 0xec}}, 0x0) 11:10:21 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:21 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0025"], 0xec}}, 0x0) 11:10:21 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000f001d0001"], 0xec}}, 0x0) [ 1979.384167] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1979.386351] Call Trace: [ 1979.387009] dump_stack+0x107/0x167 [ 1979.387926] should_fail.cold+0x5/0xa [ 1979.388882] __alloc_pages_nodemask+0x182/0x600 [ 1979.390058] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 1979.391576] ? __kmalloc_node_track_caller+0x2f8/0x3b0 [ 1979.392886] ? alloc_skb_with_frags+0x92/0x570 [ 1979.394052] alloc_pages_current+0x187/0x280 [ 1979.395151] alloc_skb_with_frags+0x1a6/0x570 [ 1979.396285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1979.397588] ? trace_hardirqs_on+0x5b/0x180 [ 1979.398675] sock_alloc_send_pskb+0x7af/0x930 [ 1979.399803] ? lock_acquire+0x197/0x470 [ 1979.400821] ? sk_alloc+0x350/0x350 [ 1979.401738] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1979.403112] packet_sendmsg+0x189a/0x5370 [ 1979.404191] ? sock_has_perm+0x1ea/0x280 [ 1979.405209] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1979.406499] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1979.407619] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1979.408615] ? lock_downgrade+0x6d0/0x6d0 [ 1979.409514] sock_sendmsg+0x319/0x390 [ 1979.410337] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1979.411370] ? ____sys_sendmsg+0x870/0x870 [ 1979.412296] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1979.413411] ? timestamp_truncate+0x2f0/0x2f0 [ 1979.414393] ? find_get_entry+0x2c8/0x740 [ 1979.415303] ? iov_iter_kvec+0x3c/0x130 [ 1979.416176] sock_no_sendpage+0x12c/0x1a0 [ 1979.417073] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1979.418082] ? init_special_inode+0x1f0/0x1f0 [ 1979.419052] kernel_sendpage.part.0+0x146/0x290 [ 1979.420060] sock_sendpage+0xe5/0x140 [ 1979.420888] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1979.421970] pipe_to_sendpage+0x2af/0x380 [ 1979.422869] ? propagate_umount+0x1550/0x1550 [ 1979.423864] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1979.425053] __splice_from_pipe+0x43d/0x890 [ 1979.426004] ? propagate_umount+0x1550/0x1550 [ 1979.426989] generic_splice_sendpage+0xd5/0x140 [ 1979.428011] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1979.428998] ? security_file_permission+0xb1/0xe0 [ 1979.430063] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1979.431062] direct_splice_actor+0x10f/0x170 [ 1979.432030] splice_direct_to_actor+0x387/0x980 [ 1979.433060] ? pipe_to_sendpage+0x380/0x380 [ 1979.434016] ? do_splice_to+0x160/0x160 [ 1979.434899] ? security_file_permission+0xb1/0xe0 [ 1979.435957] do_splice_direct+0x1c4/0x290 [ 1979.436870] ? splice_direct_to_actor+0x980/0x980 [ 1979.437972] ? security_file_permission+0xb1/0xe0 [ 1979.439071] do_sendfile+0x553/0x11e0 [ 1979.439934] ? do_pwritev+0x270/0x270 [ 1979.440777] ? wait_for_completion_io+0x270/0x270 [ 1979.441847] ? rcu_read_lock_any_held+0x75/0xa0 [ 1979.442907] ? vfs_write+0x354/0xb10 [ 1979.443730] __x64_sys_sendfile64+0x1d1/0x210 [ 1979.444725] ? __ia32_sys_sendfile+0x220/0x220 [ 1979.445740] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1979.446939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1979.448107] do_syscall_64+0x33/0x40 [ 1979.448970] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1979.450128] RIP: 0033:0x7f122aa69b19 [ 1979.450975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1979.455145] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1979.456902] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1979.458546] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1979.460212] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1979.461899] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1979.463611] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:10:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000000810000f4"], 0xec}}, 0x0) 11:10:21 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80040000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:21 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000002001b0000f4"], 0xec}}, 0x0) [ 1979.498660] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:10:21 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc1000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 1995.169840] FAULT_INJECTION: forcing a failure. [ 1995.169840] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.171507] CPU: 1 PID: 10274 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1995.172483] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.173643] Call Trace: [ 1995.174018] dump_stack+0x107/0x167 [ 1995.174543] should_fail.cold+0x5/0xa [ 1995.175081] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 1995.175797] should_failslab+0x5/0x20 [ 1995.176343] kmem_cache_alloc_trace+0x55/0x320 [ 1995.177006] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.177724] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1995.178426] __list_lru_init+0x44d/0x890 [ 1995.179015] alloc_super+0x8b8/0xa90 [ 1995.179542] sget_fc+0x110/0x860 11:10:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 26) dup2(r0, r1) 11:10:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e003d"], 0xec}}, 0x0) 11:10:37 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}]}}) 11:10:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000008001b0000f4"], 0xec}}, 0x0) 11:10:37 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 77) 11:10:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf0ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00f0001d0001"], 0xec}}, 0x0) [ 1995.180021] ? set_anon_super+0xc0/0xc0 [ 1995.180735] ? shmem_put_link+0x120/0x120 [ 1995.181376] get_tree_nodev+0x24/0x1d0 [ 1995.181926] vfs_get_tree+0x8e/0x300 [ 1995.182464] path_mount+0x1490/0x21e0 [ 1995.183006] ? strncpy_from_user+0x9e/0x470 [ 1995.183622] ? finish_automount+0xa90/0xa90 [ 1995.184239] ? getname_flags.part.0+0x1dd/0x4f0 [ 1995.184905] __x64_sys_mount+0x282/0x300 [ 1995.185478] ? copy_mnt_ns+0xa00/0xa00 [ 1995.186033] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.186675] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1995.186781] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.186802] do_syscall_64+0x33/0x40 [ 1995.190007] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.190731] RIP: 0033:0x7f07d2d5a04a [ 1995.191246] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.193818] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1995.194909] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1995.195903] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1995.196936] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1995.197934] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1995.198935] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:10:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000f001b0000f4"], 0xec}}, 0x0) 11:10:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0061"], 0xec}}, 0x0) [ 1995.257968] FAULT_INJECTION: forcing a failure. [ 1995.257968] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.260815] CPU: 0 PID: 10284 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1995.262360] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.264186] Call Trace: [ 1995.264771] dump_stack+0x107/0x167 [ 1995.265576] should_fail.cold+0x5/0xa [ 1995.266422] ? __alloc_skb+0x6d/0x5b0 [ 1995.267253] should_failslab+0x5/0x20 [ 1995.268086] kmem_cache_alloc_node+0x55/0x330 [ 1995.269073] __alloc_skb+0x6d/0x5b0 [ 1995.269880] alloc_skb_with_frags+0x92/0x570 [ 1995.270856] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.271998] ? __local_bh_enable_ip+0x9d/0x100 [ 1995.272985] ? trace_hardirqs_on+0x5b/0x180 [ 1995.273918] sock_alloc_send_pskb+0x7af/0x930 [ 1995.274901] ? lock_acquire+0x197/0x470 [ 1995.275773] ? sk_alloc+0x350/0x350 [ 1995.276564] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1995.277716] packet_sendmsg+0x189a/0x5370 [ 1995.278630] ? sock_has_perm+0x1ea/0x280 [ 1995.279508] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1995.280630] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1995.281764] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1995.282795] ? lock_downgrade+0x6d0/0x6d0 [ 1995.283693] sock_sendmsg+0x319/0x390 [ 1995.284510] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1995.285534] ? ____sys_sendmsg+0x870/0x870 [ 1995.286456] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1995.287583] ? timestamp_truncate+0x2f0/0x2f0 [ 1995.288549] ? find_get_entry+0x2c8/0x740 [ 1995.289446] ? iov_iter_kvec+0x3c/0x130 [ 1995.290319] sock_no_sendpage+0x12c/0x1a0 [ 1995.291211] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1995.292202] ? init_special_inode+0x1f0/0x1f0 [ 1995.293184] kernel_sendpage.part.0+0x146/0x290 [ 1995.294191] sock_sendpage+0xe5/0x140 [ 1995.295016] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1995.296089] pipe_to_sendpage+0x2af/0x380 [ 1995.296982] ? propagate_umount+0x1550/0x1550 [ 1995.297934] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1995.299074] __splice_from_pipe+0x43d/0x890 [ 1995.299994] ? propagate_umount+0x1550/0x1550 [ 1995.300947] generic_splice_sendpage+0xd5/0x140 [ 1995.301928] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1995.302885] ? security_file_permission+0xb1/0xe0 [ 1995.303912] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1995.304836] direct_splice_actor+0x10f/0x170 [ 1995.305766] splice_direct_to_actor+0x387/0x980 [ 1995.306757] ? pipe_to_sendpage+0x380/0x380 [ 1995.307680] ? do_splice_to+0x160/0x160 [ 1995.308515] ? security_file_permission+0xb1/0xe0 [ 1995.309543] do_splice_direct+0x1c4/0x290 [ 1995.310429] ? splice_direct_to_actor+0x980/0x980 [ 1995.311457] ? security_file_permission+0xb1/0xe0 [ 1995.312488] do_sendfile+0x553/0x11e0 [ 1995.313306] ? do_pwritev+0x270/0x270 [ 1995.314275] ? wait_for_completion_io+0x270/0x270 [ 1995.315502] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.316666] ? vfs_write+0x354/0xb10 [ 1995.317609] __x64_sys_sendfile64+0x1d1/0x210 [ 1995.318761] ? __ia32_sys_sendfile+0x220/0x220 [ 1995.319917] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.321242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.322561] do_syscall_64+0x33/0x40 [ 1995.323501] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.324798] RIP: 0033:0x7f122aa69b19 [ 1995.325734] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.330402] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1995.332317] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1995.334086] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1995.335878] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.337666] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1995.339469] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:10:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf9fdffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000cf001b0000f4"], 0xec}}, 0x0) 11:10:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0033021d0001"], 0xec}}, 0x0) 11:10:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 78) 11:10:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 27) dup2(r0, r1) [ 1995.411850] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 1995.453773] FAULT_INJECTION: forcing a failure. [ 1995.453773] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.456506] CPU: 0 PID: 10303 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 1995.458166] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.460144] Call Trace: [ 1995.460757] dump_stack+0x107/0x167 [ 1995.461606] should_fail.cold+0x5/0xa [ 1995.462502] ? create_object.isra.0+0x3a/0xa30 [ 1995.463569] should_failslab+0x5/0x20 [ 1995.464465] kmem_cache_alloc+0x5b/0x310 [ 1995.465413] ? mark_held_locks+0x9e/0xe0 [ 1995.466374] create_object.isra.0+0x3a/0xa30 [ 1995.467398] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.468589] kmem_cache_alloc_trace+0x151/0x320 [ 1995.469688] __memcg_init_list_lru_node+0x7f/0x1e0 [ 1995.470861] __list_lru_init+0x44d/0x890 [ 1995.471813] alloc_super+0x8b8/0xa90 [ 1995.472683] sget_fc+0x110/0x860 [ 1995.473484] ? set_anon_super+0xc0/0xc0 [ 1995.474446] ? shmem_put_link+0x120/0x120 [ 1995.475420] get_tree_nodev+0x24/0x1d0 [ 1995.476343] vfs_get_tree+0x8e/0x300 [ 1995.477236] path_mount+0x1490/0x21e0 [ 1995.478152] ? strncpy_from_user+0x9e/0x470 [ 1995.479186] ? finish_automount+0xa90/0xa90 [ 1995.480230] ? getname_flags.part.0+0x1dd/0x4f0 [ 1995.481348] __x64_sys_mount+0x282/0x300 [ 1995.482338] ? copy_mnt_ns+0xa00/0xa00 [ 1995.483280] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.484533] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.485794] do_syscall_64+0x33/0x40 [ 1995.486699] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.487940] RIP: 0033:0x7f07d2d5a04a [ 1995.488853] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.493382] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1995.495255] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 1995.497005] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 1995.498774] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 1995.500519] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 1995.502299] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:10:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc4000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000031d0001"], 0xec}}, 0x0) [ 1995.514814] FAULT_INJECTION: forcing a failure. [ 1995.514814] name failslab, interval 1, probability 0, space 0, times 0 [ 1995.516245] CPU: 1 PID: 10304 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 1995.517090] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1995.518091] Call Trace: [ 1995.518429] dump_stack+0x107/0x167 [ 1995.518874] should_fail.cold+0x5/0xa [ 1995.519338] ? create_object.isra.0+0x3a/0xa30 [ 1995.519897] should_failslab+0x5/0x20 [ 1995.520361] kmem_cache_alloc+0x5b/0x310 [ 1995.520861] create_object.isra.0+0x3a/0xa30 [ 1995.521395] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1995.522024] kmem_cache_alloc_node+0x169/0x330 [ 1995.522593] __alloc_skb+0x6d/0x5b0 [ 1995.523041] alloc_skb_with_frags+0x92/0x570 [ 1995.523583] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.524225] ? __local_bh_enable_ip+0x9d/0x100 [ 1995.524796] ? trace_hardirqs_on+0x5b/0x180 [ 1995.525333] sock_alloc_send_pskb+0x7af/0x930 [ 1995.525883] ? lock_acquire+0x197/0x470 [ 1995.526377] ? sk_alloc+0x350/0x350 [ 1995.526818] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 1995.527462] packet_sendmsg+0x189a/0x5370 [ 1995.527969] ? sock_has_perm+0x1ea/0x280 [ 1995.528473] ? selinux_socket_post_create+0x7f0/0x7f0 [ 1995.529097] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1995.529738] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1995.530321] ? lock_downgrade+0x6d0/0x6d0 [ 1995.530825] sock_sendmsg+0x319/0x390 [ 1995.531282] ? packet_cached_dev_get+0x2c0/0x2c0 [ 1995.531855] ? ____sys_sendmsg+0x870/0x870 [ 1995.532372] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1995.533010] ? timestamp_truncate+0x2f0/0x2f0 [ 1995.533551] ? find_get_entry+0x2c8/0x740 [ 1995.534055] ? iov_iter_kvec+0x3c/0x130 [ 1995.534548] sock_no_sendpage+0x12c/0x1a0 [ 1995.535052] ? sk_page_frag_refill+0x1d0/0x1d0 [ 1995.535610] ? init_special_inode+0x1f0/0x1f0 [ 1995.536160] kernel_sendpage.part.0+0x146/0x290 [ 1995.536727] sock_sendpage+0xe5/0x140 [ 1995.537207] ? __sock_recv_ts_and_drops+0x430/0x430 [ 1995.537813] pipe_to_sendpage+0x2af/0x380 [ 1995.538332] ? propagate_umount+0x1550/0x1550 [ 1995.538890] ? splice_from_pipe_next.part.0+0x166/0x520 [ 1995.539533] __splice_from_pipe+0x43d/0x890 [ 1995.540068] ? propagate_umount+0x1550/0x1550 [ 1995.540623] generic_splice_sendpage+0xd5/0x140 [ 1995.541188] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1995.541721] ? security_file_permission+0xb1/0xe0 [ 1995.542308] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 1995.542840] direct_splice_actor+0x10f/0x170 [ 1995.543369] splice_direct_to_actor+0x387/0x980 [ 1995.543933] ? pipe_to_sendpage+0x380/0x380 [ 1995.544456] ? do_splice_to+0x160/0x160 [ 1995.544930] ? security_file_permission+0xb1/0xe0 [ 1995.545504] do_splice_direct+0x1c4/0x290 [ 1995.546015] ? splice_direct_to_actor+0x980/0x980 [ 1995.546614] ? security_file_permission+0xb1/0xe0 [ 1995.547195] do_sendfile+0x553/0x11e0 [ 1995.547656] ? do_pwritev+0x270/0x270 [ 1995.548126] ? wait_for_completion_io+0x270/0x270 [ 1995.548707] ? rcu_read_lock_any_held+0x75/0xa0 [ 1995.549262] ? vfs_write+0x354/0xb10 [ 1995.549712] __x64_sys_sendfile64+0x1d1/0x210 [ 1995.550254] ? __ia32_sys_sendfile+0x220/0x220 [ 1995.550801] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1995.551430] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1995.552042] do_syscall_64+0x33/0x40 [ 1995.552491] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1995.553114] RIP: 0033:0x7f122aa69b19 [ 1995.553559] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1995.555762] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1995.556688] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 1995.557545] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 1995.558398] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1995.559249] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 1995.560089] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:10:37 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) 11:10:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000f0001b0000f4"], 0xec}}, 0x0) 11:10:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0000"], 0xec}}, 0x0) 11:10:54 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfeffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:54 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 79) 11:10:54 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 28) dup2(r0, r1) 11:10:54 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000000f1b0000f4"], 0xec}}, 0x0) 11:10:54 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf0ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:10:54 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0002"], 0xec}}, 0x0) 11:10:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00000f1d0001"], 0xec}}, 0x0) 11:10:54 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2012.466780] FAULT_INJECTION: forcing a failure. [ 2012.466780] name failslab, interval 1, probability 0, space 0, times 0 [ 2012.469742] CPU: 0 PID: 10333 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2012.469894] FAULT_INJECTION: forcing a failure. [ 2012.469894] name failslab, interval 1, probability 0, space 0, times 0 [ 2012.471484] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2012.471494] Call Trace: [ 2012.471524] dump_stack+0x107/0x167 [ 2012.471552] should_fail.cold+0x5/0xa [ 2012.478438] should_failslab+0x5/0x20 [ 2012.479385] __kmalloc_node_track_caller+0x74/0x3b0 [ 2012.480633] ? alloc_skb_with_frags+0x92/0x570 [ 2012.481778] __alloc_skb+0xb1/0x5b0 [ 2012.482697] alloc_skb_with_frags+0x92/0x570 [ 2012.483797] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2012.485077] ? __local_bh_enable_ip+0x9d/0x100 [ 2012.486185] ? trace_hardirqs_on+0x5b/0x180 [ 2012.487269] sock_alloc_send_pskb+0x7af/0x930 [ 2012.488375] ? lock_acquire+0x197/0x470 [ 2012.489355] ? sk_alloc+0x350/0x350 [ 2012.490104] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2012.491395] packet_sendmsg+0x189a/0x5370 [ 2012.492425] ? sock_has_perm+0x1ea/0x280 [ 2012.493414] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2012.494699] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2012.495981] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2012.497145] ? lock_downgrade+0x6d0/0x6d0 [ 2012.498163] sock_sendmsg+0x319/0x390 [ 2012.499114] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2012.500245] ? ____sys_sendmsg+0x870/0x870 [ 2012.501293] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2012.502434] ? timestamp_truncate+0x2f0/0x2f0 [ 2012.503527] ? find_get_entry+0x2c8/0x740 [ 2012.504545] ? iov_iter_kvec+0x3c/0x130 [ 2012.505517] sock_no_sendpage+0x12c/0x1a0 [ 2012.506547] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2012.507696] ? init_special_inode+0x1f0/0x1f0 [ 2012.508810] kernel_sendpage.part.0+0x146/0x290 [ 2012.509958] sock_sendpage+0xe5/0x140 [ 2012.510885] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2012.512092] pipe_to_sendpage+0x2af/0x380 [ 2012.513091] ? propagate_umount+0x1550/0x1550 [ 2012.514172] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2012.515477] __splice_from_pipe+0x43d/0x890 [ 2012.516411] ? propagate_umount+0x1550/0x1550 [ 2012.517486] generic_splice_sendpage+0xd5/0x140 [ 2012.518619] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2012.519711] ? security_file_permission+0xb1/0xe0 [ 2012.520889] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2012.521951] direct_splice_actor+0x10f/0x170 [ 2012.523022] splice_direct_to_actor+0x387/0x980 [ 2012.524162] ? pipe_to_sendpage+0x380/0x380 [ 2012.525218] ? do_splice_to+0x160/0x160 [ 2012.526167] ? security_file_permission+0xb1/0xe0 [ 2012.527362] do_splice_direct+0x1c4/0x290 [ 2012.528372] ? splice_direct_to_actor+0x980/0x980 [ 2012.529563] ? security_file_permission+0xb1/0xe0 [ 2012.530759] do_sendfile+0x553/0x11e0 [ 2012.531699] ? do_pwritev+0x270/0x270 [ 2012.532629] ? wait_for_completion_io+0x270/0x270 [ 2012.533813] ? rcu_read_lock_any_held+0x75/0xa0 [ 2012.534919] ? vfs_write+0x354/0xb10 [ 2012.535814] __x64_sys_sendfile64+0x1d1/0x210 [ 2012.536899] ? __ia32_sys_sendfile+0x220/0x220 [ 2012.537997] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2012.539276] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2012.540329] do_syscall_64+0x33/0x40 [ 2012.541227] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2012.542473] RIP: 0033:0x7f122aa69b19 [ 2012.543349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2012.547758] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2012.549568] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2012.551496] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2012.553428] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2012.555316] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2012.556980] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 2012.558688] CPU: 1 PID: 10335 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2012.560249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2012.562083] Call Trace: [ 2012.562676] dump_stack+0x107/0x167 [ 2012.563464] should_fail.cold+0x5/0xa [ 2012.564291] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2012.565381] should_failslab+0x5/0x20 [ 2012.566203] kmem_cache_alloc_trace+0x55/0x320 [ 2012.567196] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2012.568298] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2012.569361] __list_lru_init+0x44d/0x890 [ 2012.570245] alloc_super+0x8b8/0xa90 [ 2012.571061] sget_fc+0x110/0x860 [ 2012.571793] ? set_anon_super+0xc0/0xc0 [ 2012.572659] ? shmem_put_link+0x120/0x120 [ 2012.573554] get_tree_nodev+0x24/0x1d0 [ 2012.574411] vfs_get_tree+0x8e/0x300 [ 2012.575217] path_mount+0x1490/0x21e0 [ 2012.576053] ? strncpy_from_user+0x9e/0x470 [ 2012.576984] ? finish_automount+0xa90/0xa90 [ 2012.577916] ? getname_flags.part.0+0x1dd/0x4f0 [ 2012.578941] __x64_sys_mount+0x282/0x300 [ 2012.579820] ? copy_mnt_ns+0xa00/0xa00 [ 2012.580670] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2012.581805] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2012.582932] do_syscall_64+0x33/0x40 [ 2012.583761] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2012.584867] RIP: 0033:0x7f07d2d5a04a [ 2012.585674] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2012.589675] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2012.591337] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2012.592887] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2012.594444] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2012.595992] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2012.597542] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:11:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0000"], 0xec}}, 0x0) [ 2027.847221] FAULT_INJECTION: forcing a failure. [ 2027.847221] name failslab, interval 1, probability 0, space 0, times 0 [ 2027.848568] CPU: 0 PID: 10349 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2027.849364] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2027.850308] Call Trace: [ 2027.850653] dump_stack+0x107/0x167 [ 2027.851082] should_fail.cold+0x5/0xa [ 2027.851535] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2027.852127] should_failslab+0x5/0x20 [ 2027.852569] kmem_cache_alloc_trace+0x55/0x320 [ 2027.853099] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2027.853690] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2027.854265] __list_lru_init+0x44d/0x890 [ 2027.854759] alloc_super+0x8b8/0xa90 [ 2027.855193] sget_fc+0x110/0x860 [ 2027.855588] ? set_anon_super+0xc0/0xc0 [ 2027.856049] ? shmem_put_link+0x120/0x120 11:11:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000cf1b0000f4"], 0xec}}, 0x0) 11:11:09 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 29) dup2(r0, r1) 11:11:09 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 80) 11:11:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0002331d0001"], 0xec}}, 0x0) [ 2027.856520] get_tree_nodev+0x24/0x1d0 [ 2027.857142] vfs_get_tree+0x8e/0x300 [ 2027.857573] path_mount+0x1490/0x21e0 [ 2027.858014] ? strncpy_from_user+0x9e/0x470 [ 2027.858509] ? finish_automount+0xa90/0xa90 [ 2027.859026] ? getname_flags.part.0+0x1dd/0x4f0 [ 2027.859564] __x64_sys_mount+0x282/0x300 [ 2027.860030] ? copy_mnt_ns+0xa00/0xa00 [ 2027.860480] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2027.861092] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2027.861689] do_syscall_64+0x33/0x40 [ 2027.862121] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2027.862736] RIP: 0033:0x7f07d2d5a04a [ 2027.863161] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2027.865272] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2027.866142] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2027.866973] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2027.867786] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2027.868598] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2027.869408] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:11:09 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff030000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:09 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:09 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2027.879630] FAULT_INJECTION: forcing a failure. [ 2027.879630] name failslab, interval 1, probability 0, space 0, times 0 [ 2027.882167] CPU: 1 PID: 10350 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2027.883743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2027.885608] Call Trace: [ 2027.886210] dump_stack+0x107/0x167 [ 2027.887057] should_fail.cold+0x5/0xa [ 2027.887916] ? __alloc_skb+0x6d/0x5b0 [ 2027.888768] should_failslab+0x5/0x20 [ 2027.889625] kmem_cache_alloc_node+0x55/0x330 [ 2027.890645] __alloc_skb+0x6d/0x5b0 [ 2027.891472] alloc_skb_with_frags+0x92/0x570 [ 2027.892465] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2027.893638] ? __local_bh_enable_ip+0x9d/0x100 [ 2027.894671] ? trace_hardirqs_on+0x5b/0x180 [ 2027.895643] sock_alloc_send_pskb+0x7af/0x930 [ 2027.896650] ? lock_acquire+0x197/0x470 [ 2027.897552] ? sk_alloc+0x350/0x350 [ 2027.898373] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2027.899569] packet_sendmsg+0x189a/0x5370 [ 2027.900514] ? sock_has_perm+0x1ea/0x280 [ 2027.901424] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2027.902576] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2027.903762] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2027.904829] ? lock_downgrade+0x6d0/0x6d0 [ 2027.905772] sock_sendmsg+0x319/0x390 [ 2027.906638] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2027.907703] ? ____sys_sendmsg+0x870/0x870 [ 2027.908659] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2027.909832] ? timestamp_truncate+0x2f0/0x2f0 [ 2027.910851] ? find_get_entry+0x2c8/0x740 [ 2027.911786] ? iov_iter_kvec+0x3c/0x130 [ 2027.912684] sock_no_sendpage+0x12c/0x1a0 [ 2027.913614] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2027.914667] ? init_special_inode+0x1f0/0x1f0 [ 2027.915681] kernel_sendpage.part.0+0x146/0x290 [ 2027.916730] sock_sendpage+0xe5/0x140 [ 2027.917588] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2027.918722] pipe_to_sendpage+0x2af/0x380 [ 2027.919655] ? propagate_umount+0x1550/0x1550 [ 2027.920663] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2027.921865] __splice_from_pipe+0x43d/0x890 [ 2027.922855] ? propagate_umount+0x1550/0x1550 [ 2027.923870] generic_splice_sendpage+0xd5/0x140 [ 2027.924912] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2027.925914] ? security_file_permission+0xb1/0xe0 [ 2027.927010] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2027.928003] direct_splice_actor+0x10f/0x170 [ 2027.928987] splice_direct_to_actor+0x387/0x980 [ 2027.930038] ? pipe_to_sendpage+0x380/0x380 [ 2027.931018] ? do_splice_to+0x160/0x160 [ 2027.931907] ? security_file_permission+0xb1/0xe0 [ 2027.932998] do_splice_direct+0x1c4/0x290 [ 2027.933932] ? splice_direct_to_actor+0x980/0x980 [ 2027.935027] ? security_file_permission+0xb1/0xe0 [ 2027.936125] do_sendfile+0x553/0x11e0 [ 2027.936994] ? do_pwritev+0x270/0x270 [ 2027.937852] ? wait_for_completion_io+0x270/0x270 [ 2027.938946] ? rcu_read_lock_any_held+0x75/0xa0 [ 2027.939988] ? vfs_write+0x354/0xb10 [ 2027.940826] __x64_sys_sendfile64+0x1d1/0x210 [ 2027.941832] ? __ia32_sys_sendfile+0x220/0x220 [ 2027.942869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2027.944048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2027.945210] do_syscall_64+0x33/0x40 [ 2027.946047] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2027.947210] RIP: 0033:0x7f122aa69b19 [ 2027.948051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2027.952197] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2027.954043] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2027.955656] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2027.957266] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2027.958885] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2027.960494] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:11:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000f01b0000f4"], 0xec}}, 0x0) 11:11:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000021b0000f4"], 0xec}}, 0x0) 11:11:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e000100000000000000000f1b0000f4"], 0xec}}, 0x0) 11:11:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000811d0001"], 0xec}}, 0x0) 11:11:09 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 81) 11:11:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000f01d0001"], 0xec}}, 0x0) 11:11:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00f2"], 0xec}}, 0x0) [ 2028.020002] FAULT_INJECTION: forcing a failure. [ 2028.020002] name failslab, interval 1, probability 0, space 0, times 0 [ 2028.022568] CPU: 1 PID: 10368 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2028.024125] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2028.025986] Call Trace: [ 2028.026589] dump_stack+0x107/0x167 [ 2028.027415] should_fail.cold+0x5/0xa [ 2028.028277] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2028.029418] should_failslab+0x5/0x20 [ 2028.030276] kmem_cache_alloc_trace+0x55/0x320 [ 2028.031313] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2028.032459] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2028.033579] __list_lru_init+0x44d/0x890 [ 2028.034502] alloc_super+0x8b8/0xa90 [ 2028.035351] sget_fc+0x110/0x860 [ 2028.036113] ? set_anon_super+0xc0/0xc0 [ 2028.037014] ? shmem_put_link+0x120/0x120 [ 2028.037945] get_tree_nodev+0x24/0x1d0 [ 2028.038827] vfs_get_tree+0x8e/0x300 [ 2028.039664] path_mount+0x1490/0x21e0 [ 2028.040530] ? strncpy_from_user+0x9e/0x470 [ 2028.041502] ? finish_automount+0xa90/0xa90 [ 2028.042474] ? getname_flags.part.0+0x1dd/0x4f0 [ 2028.043538] __x64_sys_mount+0x282/0x300 [ 2028.044450] ? copy_mnt_ns+0xa00/0xa00 [ 2028.045335] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2028.046528] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2028.047692] do_syscall_64+0x33/0x40 [ 2028.048533] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2028.049692] RIP: 0033:0x7f07d2d5a04a [ 2028.050542] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2028.054739] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2028.056483] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2028.058104] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2028.059724] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2028.061350] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2028.063004] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:11:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000cf1b0000f4"], 0xec}}, 0x0) 11:11:09 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff1f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 30) dup2(r0, r1) 11:11:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000000f0001"], 0xec}}, 0x0) 11:11:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001000000000000000000810000f4"], 0xec}}, 0x0) 11:11:23 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffdf9, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 6: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf9fdffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00f9"], 0xec}}, 0x0) 11:11:23 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 82) [ 2041.547349] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=10395 comm=syz-executor.5 [ 2041.567989] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2041.571902] FAULT_INJECTION: forcing a failure. [ 2041.571902] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2041.572221] FAULT_INJECTION: forcing a failure. [ 2041.572221] name failslab, interval 1, probability 0, space 0, times 0 [ 2041.574451] CPU: 1 PID: 10396 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2041.578045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2041.579797] Call Trace: [ 2041.580354] dump_stack+0x107/0x167 [ 2041.581123] should_fail.cold+0x5/0xa [ 2041.581930] __alloc_pages_nodemask+0x182/0x600 [ 2041.582922] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2041.584192] ? __kmalloc_node_track_caller+0x2f8/0x3b0 [ 2041.585301] ? alloc_skb_with_frags+0x92/0x570 [ 2041.586273] alloc_pages_current+0x187/0x280 [ 2041.587219] alloc_skb_with_frags+0x1a6/0x570 [ 2041.588167] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2041.589267] ? trace_hardirqs_on+0x5b/0x180 [ 2041.590183] sock_alloc_send_pskb+0x7af/0x930 [ 2041.591133] ? lock_acquire+0x197/0x470 [ 2041.591980] ? sk_alloc+0x350/0x350 [ 2041.592750] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2041.593879] packet_sendmsg+0x189a/0x5370 [ 2041.594779] ? sock_has_perm+0x1ea/0x280 [ 2041.595635] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2041.596727] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2041.597837] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2041.598844] ? lock_downgrade+0x6d0/0x6d0 [ 2041.599726] sock_sendmsg+0x319/0x390 [ 2041.600525] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2041.601520] ? ____sys_sendmsg+0x870/0x870 [ 2041.602413] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2041.603526] ? timestamp_truncate+0x2f0/0x2f0 [ 2041.604470] ? find_get_entry+0x2c8/0x740 [ 2041.605342] ? iov_iter_kvec+0x3c/0x130 [ 2041.606187] sock_no_sendpage+0x12c/0x1a0 [ 2041.607067] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2041.608038] ? init_special_inode+0x1f0/0x1f0 [ 2041.608997] kernel_sendpage.part.0+0x146/0x290 [ 2041.609986] sock_sendpage+0xe5/0x140 [ 2041.610799] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2041.611848] pipe_to_sendpage+0x2af/0x380 [ 2041.612730] ? propagate_umount+0x1550/0x1550 [ 2041.613677] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2041.614813] __splice_from_pipe+0x43d/0x890 [ 2041.615717] ? propagate_umount+0x1550/0x1550 [ 2041.616670] generic_splice_sendpage+0xd5/0x140 [ 2041.617658] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2041.618594] ? security_file_permission+0xb1/0xe0 [ 2041.619620] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2041.620550] direct_splice_actor+0x10f/0x170 [ 2041.621478] splice_direct_to_actor+0x387/0x980 [ 2041.622459] ? pipe_to_sendpage+0x380/0x380 [ 2041.623380] ? do_splice_to+0x160/0x160 [ 2041.624217] ? security_file_permission+0xb1/0xe0 [ 2041.625241] do_splice_direct+0x1c4/0x290 [ 2041.626112] ? splice_direct_to_actor+0x980/0x980 [ 2041.627142] ? security_file_permission+0xb1/0xe0 [ 2041.628170] do_sendfile+0x553/0x11e0 [ 2041.628981] ? do_pwritev+0x270/0x270 [ 2041.629782] ? wait_for_completion_io+0x270/0x270 [ 2041.630809] ? rcu_read_lock_any_held+0x75/0xa0 [ 2041.631785] ? vfs_write+0x354/0xb10 [ 2041.632571] __x64_sys_sendfile64+0x1d1/0x210 [ 2041.633514] ? __ia32_sys_sendfile+0x220/0x220 [ 2041.634487] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2041.635602] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2041.636689] do_syscall_64+0x33/0x40 [ 2041.637475] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2041.638553] RIP: 0033:0x7f122aa69b19 [ 2041.639342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2041.643222] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2041.644832] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2041.646334] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2041.647839] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2041.649341] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2041.650863] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 2041.652397] CPU: 0 PID: 10398 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2041.653795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2041.655474] Call Trace: [ 2041.656007] dump_stack+0x107/0x167 [ 2041.656741] should_fail.cold+0x5/0xa [ 2041.657512] ? create_object.isra.0+0x3a/0xa30 [ 2041.658434] should_failslab+0x5/0x20 [ 2041.659202] kmem_cache_alloc+0x5b/0x310 [ 2041.660022] ? mark_held_locks+0x9e/0xe0 [ 2041.660844] create_object.isra.0+0x3a/0xa30 [ 2041.661725] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2041.662755] kmem_cache_alloc_trace+0x151/0x320 [ 2041.663684] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2041.664669] __list_lru_init+0x44d/0x890 [ 2041.665488] alloc_super+0x8b8/0xa90 [ 2041.666245] sget_fc+0x110/0x860 [ 2041.666940] ? set_anon_super+0xc0/0xc0 [ 2041.667735] ? shmem_put_link+0x120/0x120 [ 2041.668558] get_tree_nodev+0x24/0x1d0 [ 2041.669334] vfs_get_tree+0x8e/0x300 [ 2041.670080] path_mount+0x1490/0x21e0 [ 2041.670865] ? strncpy_from_user+0x9e/0x470 [ 2041.671722] ? finish_automount+0xa90/0xa90 [ 2041.672584] ? getname_flags.part.0+0x1dd/0x4f0 [ 2041.673523] __x64_sys_mount+0x282/0x300 [ 2041.674348] ? copy_mnt_ns+0xa00/0xa00 [ 2041.675144] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2041.676198] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2041.677232] do_syscall_64+0x33/0x40 [ 2041.677984] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2041.679020] RIP: 0033:0x7f07d2d5a04a [ 2041.679764] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2041.683425] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2041.684949] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2041.686381] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2041.687823] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2041.689257] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2041.690679] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:11:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000110001"], 0xec}}, 0x0) 11:11:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfeffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0200f4"], 0xec}}, 0x0) 11:11:23 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff7f, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xf}}, 0x0) 11:11:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 31) dup2(r0, r1) 11:11:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0800f4"], 0xec}}, 0x0) [ 2041.799149] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:11:23 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 1) 11:11:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff030000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000120001"], 0xec}}, 0x0) [ 2041.885666] FAULT_INJECTION: forcing a failure. [ 2041.885666] name failslab, interval 1, probability 0, space 0, times 0 [ 2041.888100] CPU: 1 PID: 10410 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2041.889565] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2041.891332] Call Trace: [ 2041.891890] dump_stack+0x107/0x167 [ 2041.892280] FAULT_INJECTION: forcing a failure. [ 2041.892280] name failslab, interval 1, probability 0, space 0, times 0 [ 2041.892665] should_fail.cold+0x5/0xa [ 2041.895791] ? lock_release+0x680/0x680 [ 2041.896627] ? skb_clone+0x14f/0x3d0 [ 2041.897414] should_failslab+0x5/0x20 [ 2041.898217] kmem_cache_alloc+0x5b/0x310 [ 2041.899084] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2041.900243] skb_clone+0x14f/0x3d0 [ 2041.901027] dev_queue_xmit_nit+0x3a7/0xb00 [ 2041.901982] dev_hard_start_xmit+0xab/0x6f0 [ 2041.902951] __dev_queue_xmit+0x179a/0x2690 [ 2041.903879] ? packet_parse_headers+0x42f/0x980 [ 2041.904866] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 2041.905835] ? __check_object_size+0x319/0x440 [ 2041.906819] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 2041.907805] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2041.908929] packet_sendmsg+0x31f4/0x5370 [ 2041.909819] ? sock_has_perm+0x1ea/0x280 [ 2041.910699] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2041.911794] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2041.912906] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2041.913915] ? lock_downgrade+0x6d0/0x6d0 [ 2041.914825] sock_sendmsg+0x319/0x390 [ 2041.915629] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2041.916632] ? ____sys_sendmsg+0x870/0x870 [ 2041.917529] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2041.918640] ? timestamp_truncate+0x2f0/0x2f0 [ 2041.919595] ? find_get_entry+0x2c8/0x740 [ 2041.920478] ? iov_iter_kvec+0x3c/0x130 [ 2041.921326] sock_no_sendpage+0x12c/0x1a0 [ 2041.922208] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2041.923192] ? init_special_inode+0x1f0/0x1f0 [ 2041.924155] kernel_sendpage.part.0+0x146/0x290 [ 2041.925143] sock_sendpage+0xe5/0x140 [ 2041.925963] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2041.927029] pipe_to_sendpage+0x2af/0x380 [ 2041.927908] ? propagate_umount+0x1550/0x1550 [ 2041.928858] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2041.929998] __splice_from_pipe+0x43d/0x890 [ 2041.930918] ? propagate_umount+0x1550/0x1550 [ 2041.931880] generic_splice_sendpage+0xd5/0x140 [ 2041.932867] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2041.933812] ? security_file_permission+0xb1/0xe0 [ 2041.934842] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2041.935781] direct_splice_actor+0x10f/0x170 [ 2041.936713] splice_direct_to_actor+0x387/0x980 [ 2041.937704] ? pipe_to_sendpage+0x380/0x380 [ 2041.938625] ? do_splice_to+0x160/0x160 [ 2041.939488] ? security_file_permission+0xb1/0xe0 [ 2041.940523] do_splice_direct+0x1c4/0x290 [ 2041.941417] ? splice_direct_to_actor+0x980/0x980 [ 2041.942446] ? security_file_permission+0xb1/0xe0 [ 2041.943486] do_sendfile+0x553/0x11e0 [ 2041.944313] ? do_pwritev+0x270/0x270 [ 2041.945129] ? wait_for_completion_io+0x270/0x270 [ 2041.946159] ? rcu_read_lock_any_held+0x75/0xa0 [ 2041.947152] ? vfs_write+0x354/0xb10 [ 2041.947950] __x64_sys_sendfile64+0x1d1/0x210 [ 2041.948910] ? __ia32_sys_sendfile+0x220/0x220 [ 2041.949881] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2041.951006] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2041.952106] do_syscall_64+0x33/0x40 [ 2041.952895] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2041.953983] RIP: 0033:0x7f122aa69b19 [ 2041.954784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2041.958723] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2041.960349] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2041.961872] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2041.963406] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2041.964925] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2041.966444] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 2041.968009] CPU: 0 PID: 10417 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2041.969479] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2041.971178] Call Trace: [ 2041.971729] dump_stack+0x107/0x167 [ 2041.972489] should_fail.cold+0x5/0xa [ 2041.973288] should_failslab+0x5/0x20 [ 2041.974088] __kmalloc_track_caller+0x79/0x370 [ 2041.975034] ? strndup_user+0x74/0xe0 [ 2041.975815] memdup_user+0x22/0xd0 [ 2041.976550] strndup_user+0x74/0xe0 [ 2041.977299] __x64_sys_mount+0x133/0x300 [ 2041.978134] ? copy_mnt_ns+0xa00/0xa00 [ 2041.978949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2041.980037] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2041.981131] do_syscall_64+0x33/0x40 [ 2041.981902] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2041.983001] RIP: 0033:0x7f9990caeb19 [ 2041.983767] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2041.987631] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2041.989237] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2041.990752] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2041.992256] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2041.993756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2041.995264] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2042.019948] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:11:37 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 2) 11:11:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x10}}, 0x0) [ 2055.682535] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:11:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 32) dup2(r0, r1) 11:11:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff1f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0f00f4"], 0xec}}, 0x0) 11:11:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff8c, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000130001"], 0xec}}, 0x0) [ 2055.699051] FAULT_INJECTION: forcing a failure. [ 2055.699051] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.700918] CPU: 0 PID: 10435 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2055.702034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2055.703409] Call Trace: [ 2055.703843] dump_stack+0x107/0x167 [ 2055.704436] should_fail.cold+0x5/0xa [ 2055.705051] ? create_object.isra.0+0x3a/0xa30 [ 2055.705787] should_failslab+0x5/0x20 [ 2055.706411] kmem_cache_alloc+0x5b/0x310 [ 2055.707097] create_object.isra.0+0x3a/0xa30 [ 2055.707814] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2055.708647] __kmalloc_track_caller+0x177/0x370 [ 2055.709404] ? strndup_user+0x74/0xe0 [ 2055.710026] memdup_user+0x22/0xd0 [ 2055.710602] strndup_user+0x74/0xe0 [ 2055.711218] __x64_sys_mount+0x133/0x300 [ 2055.711875] ? copy_mnt_ns+0xa00/0xa00 [ 2055.712513] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2055.713364] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2055.714202] do_syscall_64+0x33/0x40 [ 2055.714806] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2055.715661] RIP: 0033:0x7f9990caeb19 [ 2055.716263] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2055.719274] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2055.720515] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2055.721682] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2055.722859] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2055.724041] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2055.725197] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:11:37 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 83) [ 2055.741499] FAULT_INJECTION: forcing a failure. [ 2055.741499] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.744300] CPU: 1 PID: 10441 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2055.745983] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2055.748004] Call Trace: [ 2055.748647] dump_stack+0x107/0x167 11:11:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000140001"], 0xec}}, 0x0) [ 2055.749539] should_fail.cold+0x5/0xa [ 2055.750624] ? create_object.isra.0+0x3a/0xa30 [ 2055.751748] should_failslab+0x5/0x20 [ 2055.752674] kmem_cache_alloc+0x5b/0x310 [ 2055.753663] ? lock_acquire+0x197/0x470 [ 2055.754634] create_object.isra.0+0x3a/0xa30 [ 2055.755707] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2055.756946] kmem_cache_alloc+0x159/0x310 [ 2055.757960] skb_clone+0x14f/0x3d0 [ 2055.758830] dev_queue_xmit_nit+0x3a7/0xb00 [ 2055.759901] dev_hard_start_xmit+0xab/0x6f0 [ 2055.760958] __dev_queue_xmit+0x179a/0x2690 [ 2055.762013] ? packet_parse_headers+0x42f/0x980 [ 2055.763151] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 2055.764261] ? __check_object_size+0x319/0x440 [ 2055.765374] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 2055.766506] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2055.767802] packet_sendmsg+0x31f4/0x5370 [ 2055.768830] ? sock_has_perm+0x1ea/0x280 [ 2055.769820] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2055.771086] ? finish_task_switch+0x126/0x5d0 [ 2055.772177] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2055.773350] sock_sendmsg+0x319/0x390 [ 2055.774246] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2055.775407] ? ____sys_sendmsg+0x870/0x870 [ 2055.776442] ? io_schedule_timeout+0x140/0x140 [ 2055.777554] ? iov_iter_kvec+0x3c/0x130 [ 2055.778531] sock_no_sendpage+0x12c/0x1a0 [ 2055.779550] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2055.780682] ? init_special_inode+0x1f0/0x1f0 [ 2055.781783] kernel_sendpage.part.0+0x146/0x290 [ 2055.782932] sock_sendpage+0xe5/0x140 [ 2055.783862] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2055.785072] pipe_to_sendpage+0x2af/0x380 [ 2055.786088] ? propagate_umount+0x1550/0x1550 [ 2055.787188] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2055.788492] __splice_from_pipe+0x43d/0x890 [ 2055.789544] ? propagate_umount+0x1550/0x1550 [ 2055.790642] generic_splice_sendpage+0xd5/0x140 [ 2055.791783] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2055.792865] ? security_file_permission+0xb1/0xe0 [ 2055.794040] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2055.795123] direct_splice_actor+0x10f/0x170 [ 2055.796194] splice_direct_to_actor+0x387/0x980 [ 2055.797328] ? pipe_to_sendpage+0x380/0x380 [ 2055.798379] ? do_splice_to+0x160/0x160 [ 2055.799348] ? security_file_permission+0xb1/0xe0 [ 2055.800526] do_splice_direct+0x1c4/0x290 [ 2055.801533] ? splice_direct_to_actor+0x980/0x980 [ 2055.802708] ? security_file_permission+0xb1/0xe0 [ 2055.803885] do_sendfile+0x553/0x11e0 [ 2055.804820] ? do_pwritev+0x270/0x270 11:11:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffdf9, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000150001"], 0xec}}, 0x0) [ 2055.805735] ? wait_for_completion_io+0x270/0x270 [ 2055.806997] ? rcu_read_lock_any_held+0x75/0xa0 [ 2055.808081] ? vfs_write+0x354/0xb10 [ 2055.808953] __x64_sys_sendfile64+0x1d1/0x210 [ 2055.810017] ? __ia32_sys_sendfile+0x220/0x220 [ 2055.811103] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2055.812333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2055.813547] do_syscall_64+0x33/0x40 [ 2055.814424] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2055.815628] RIP: 0033:0x7f122aa69b19 [ 2055.816493] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2055.820796] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2055.822576] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2055.824257] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2055.825923] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2055.827594] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2055.829252] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:11:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001bcf00f4"], 0xec}}, 0x0) 11:11:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x1b}}, 0x0) [ 2055.851083] FAULT_INJECTION: forcing a failure. [ 2055.851083] name failslab, interval 1, probability 0, space 0, times 0 [ 2055.853790] CPU: 1 PID: 10444 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2055.855403] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2055.857316] Call Trace: [ 2055.857937] dump_stack+0x107/0x167 [ 2055.858807] should_fail.cold+0x5/0xa [ 2055.859704] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2055.860888] should_failslab+0x5/0x20 [ 2055.861774] kmem_cache_alloc_trace+0x55/0x320 [ 2055.862830] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2055.864016] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2055.865166] __list_lru_init+0x44d/0x890 [ 2055.866127] alloc_super+0x8b8/0xa90 [ 2055.867011] sget_fc+0x110/0x860 [ 2055.867811] ? set_anon_super+0xc0/0xc0 [ 2055.868759] ? shmem_put_link+0x120/0x120 [ 2055.869732] get_tree_nodev+0x24/0x1d0 [ 2055.870640] vfs_get_tree+0x8e/0x300 [ 2055.871513] path_mount+0x1490/0x21e0 [ 2055.872424] ? strncpy_from_user+0x9e/0x470 [ 2055.873421] ? finish_automount+0xa90/0xa90 [ 2055.874427] ? getname_flags.part.0+0x1dd/0x4f0 [ 2055.875526] __x64_sys_mount+0x282/0x300 [ 2055.876490] ? copy_mnt_ns+0xa00/0xa00 [ 2055.877406] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2055.878624] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2055.879833] do_syscall_64+0x33/0x40 [ 2055.880708] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2055.881880] RIP: 0033:0x7f07d2d5a04a [ 2055.882732] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2055.886972] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2055.888705] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2055.890335] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2055.891977] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2055.893609] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2055.895259] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:11:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 84) 11:11:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000160001"], 0xec}}, 0x0) 11:11:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 3) [ 2071.756504] FAULT_INJECTION: forcing a failure. [ 2071.756504] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.758205] CPU: 1 PID: 10463 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2071.759182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.760344] Call Trace: [ 2071.760727] dump_stack+0x107/0x167 [ 2071.761244] should_fail.cold+0x5/0xa [ 2071.761789] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2071.762507] should_failslab+0x5/0x20 [ 2071.763107] kmem_cache_alloc_trace+0x55/0x320 [ 2071.763761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2071.764497] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2071.765204] __list_lru_init+0x44d/0x890 [ 2071.765810] alloc_super+0x8b8/0xa90 11:11:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 33) dup2(r0, r1) [ 2071.766343] sget_fc+0x110/0x860 [ 2071.766965] ? set_anon_super+0xc0/0xc0 [ 2071.767550] ? shmem_put_link+0x120/0x120 [ 2071.768131] get_tree_nodev+0x24/0x1d0 [ 2071.768677] vfs_get_tree+0x8e/0x300 [ 2071.769203] path_mount+0x1490/0x21e0 [ 2071.769749] ? strncpy_from_user+0x9e/0x470 [ 2071.770363] ? finish_automount+0xa90/0xa90 [ 2071.770993] ? getname_flags.part.0+0x1dd/0x4f0 [ 2071.771678] __x64_sys_mount+0x282/0x300 [ 2071.772277] ? copy_mnt_ns+0xa00/0xa00 [ 2071.772851] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 11:11:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff7f, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2071.773605] ? syscall_enter_from_user_mode+0x1d/0x50 11:11:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x2c0}}, 0x0) 11:11:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001bf000f4"], 0xec}}, 0x0) [ 2071.774425] do_syscall_64+0x33/0x40 [ 2071.775041] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.776476] RIP: 0033:0x7f07d2d5a04a [ 2071.777443] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.782240] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2071.784253] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2071.786086] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2071.787951] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2071.789810] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2071.791669] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2071.795517] FAULT_INJECTION: forcing a failure. [ 2071.795517] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.796862] CPU: 0 PID: 10468 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2071.797660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.798615] Call Trace: [ 2071.798923] dump_stack+0x107/0x167 [ 2071.799346] should_fail.cold+0x5/0xa [ 2071.799784] ? __alloc_skb+0x6d/0x5b0 [ 2071.800221] should_failslab+0x5/0x20 [ 2071.800656] kmem_cache_alloc_node+0x55/0x330 [ 2071.801173] __alloc_skb+0x6d/0x5b0 [ 2071.801597] alloc_skb_with_frags+0x92/0x570 [ 2071.802107] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.802713] ? __local_bh_enable_ip+0x9d/0x100 [ 2071.803248] ? trace_hardirqs_on+0x5b/0x180 [ 2071.803748] sock_alloc_send_pskb+0x7af/0x930 [ 2071.804263] ? lock_acquire+0x197/0x470 [ 2071.804728] ? sk_alloc+0x350/0x350 [ 2071.805146] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2071.805758] packet_sendmsg+0x189a/0x5370 [ 2071.806245] ? sock_has_perm+0x1ea/0x280 [ 2071.806706] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2071.807306] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2071.807911] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2071.808455] ? lock_downgrade+0x6d0/0x6d0 [ 2071.808940] sock_sendmsg+0x319/0x390 [ 2071.809378] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2071.809923] ? ____sys_sendmsg+0x870/0x870 [ 2071.810408] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2071.811014] ? timestamp_truncate+0x2f0/0x2f0 [ 2071.811533] ? find_get_entry+0x2c8/0x740 [ 2071.812013] ? iov_iter_kvec+0x3c/0x130 [ 2071.812507] sock_no_sendpage+0x12c/0x1a0 [ 2071.812984] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2071.813516] ? init_special_inode+0x1f0/0x1f0 [ 2071.814042] kernel_sendpage.part.0+0x146/0x290 [ 2071.814580] sock_sendpage+0xe5/0x140 [ 2071.815020] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2071.815600] pipe_to_sendpage+0x2af/0x380 [ 2071.816082] ? propagate_umount+0x1550/0x1550 [ 2071.816598] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2071.817216] __splice_from_pipe+0x43d/0x890 [ 2071.817715] ? propagate_umount+0x1550/0x1550 [ 2071.818236] generic_splice_sendpage+0xd5/0x140 [ 2071.818773] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2071.819296] ? security_file_permission+0xb1/0xe0 [ 2071.819850] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2071.820358] direct_splice_actor+0x10f/0x170 [ 2071.820861] splice_direct_to_actor+0x387/0x980 [ 2071.821398] ? pipe_to_sendpage+0x380/0x380 [ 2071.821905] ? do_splice_to+0x160/0x160 [ 2071.822377] ? security_file_permission+0xb1/0xe0 [ 2071.822945] do_splice_direct+0x1c4/0x290 [ 2071.823423] ? splice_direct_to_actor+0x980/0x980 [ 2071.823980] ? security_file_permission+0xb1/0xe0 [ 2071.824542] do_sendfile+0x553/0x11e0 [ 2071.824997] ? do_pwritev+0x270/0x270 [ 2071.825435] ? wait_for_completion_io+0x270/0x270 [ 2071.826001] ? rcu_read_lock_any_held+0x75/0xa0 [ 2071.826535] ? vfs_write+0x354/0xb10 [ 2071.826966] __x64_sys_sendfile64+0x1d1/0x210 [ 2071.827489] ? __ia32_sys_sendfile+0x220/0x220 [ 2071.828037] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.828658] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2071.829252] do_syscall_64+0x33/0x40 [ 2071.829678] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.830268] RIP: 0033:0x7f122aa69b19 [ 2071.830696] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.832819] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2071.833696] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2071.834519] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2071.835347] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2071.835609] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2071.836170] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 11:11:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000180001"], 0xec}}, 0x0) [ 2071.836178] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:11:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff8c, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2071.847216] FAULT_INJECTION: forcing a failure. [ 2071.847216] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2071.849992] CPU: 1 PID: 10471 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2071.851617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.853519] Call Trace: [ 2071.854120] dump_stack+0x107/0x167 [ 2071.854973] should_fail.cold+0x5/0xa [ 2071.855867] _copy_from_user+0x2e/0x1b0 [ 2071.856782] memdup_user+0x65/0xd0 [ 2071.857595] strndup_user+0x74/0xe0 [ 2071.858448] __x64_sys_mount+0x133/0x300 [ 2071.859392] ? copy_mnt_ns+0xa00/0xa00 [ 2071.860296] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2071.861490] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2071.862671] do_syscall_64+0x33/0x40 [ 2071.863546] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2071.864718] RIP: 0033:0x7f9990caeb19 [ 2071.865587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2071.869827] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2071.871589] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 11:11:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000190001"], 0xec}}, 0x0) [ 2071.873231] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2071.874962] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2071.876634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2071.878281] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:11:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffff6, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001a0001"], 0xec}}, 0x0) 11:11:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffff0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:11:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b000ff4"], 0xec}}, 0x0) 11:11:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 4) 11:11:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 85) 11:11:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec0}}, 0x0) 11:11:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001c0001"], 0xec}}, 0x0) 11:11:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 34) dup2(r0, r1) [ 2071.995880] FAULT_INJECTION: forcing a failure. [ 2071.995880] name failslab, interval 1, probability 0, space 0, times 0 [ 2071.997208] CPU: 0 PID: 10493 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2071.997998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2071.998952] Call Trace: [ 2071.999268] dump_stack+0x107/0x167 [ 2071.999686] should_fail.cold+0x5/0xa [ 2072.000179] ? copy_mount_options+0x55/0x180 [ 2072.000721] should_failslab+0x5/0x20 [ 2072.001165] kmem_cache_alloc_trace+0x55/0x320 [ 2072.001689] ? _copy_from_user+0xfb/0x1b0 [ 2072.002169] copy_mount_options+0x55/0x180 [ 2072.002660] __x64_sys_mount+0x1a8/0x300 [ 2072.003138] ? copy_mnt_ns+0xa00/0xa00 [ 2072.003589] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.004192] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.004784] do_syscall_64+0x33/0x40 [ 2072.005215] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.005803] RIP: 0033:0x7f9990caeb19 [ 2072.006231] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.008346] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2072.009222] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2072.010045] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2072.010867] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2072.011693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2072.012516] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2072.017670] FAULT_INJECTION: forcing a failure. [ 2072.017670] name failslab, interval 1, probability 0, space 0, times 0 [ 2072.018983] CPU: 0 PID: 10494 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2072.019785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2072.020734] Call Trace: [ 2072.021036] dump_stack+0x107/0x167 [ 2072.021454] should_fail.cold+0x5/0xa [ 2072.021896] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2072.022481] should_failslab+0x5/0x20 [ 2072.022919] kmem_cache_alloc_trace+0x55/0x320 [ 2072.023456] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2072.024040] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2072.024606] __list_lru_init+0x44d/0x890 [ 2072.025073] alloc_super+0x8b8/0xa90 [ 2072.025507] sget_fc+0x110/0x860 [ 2072.025892] ? set_anon_super+0xc0/0xc0 [ 2072.026351] ? shmem_put_link+0x120/0x120 [ 2072.026825] get_tree_nodev+0x24/0x1d0 [ 2072.027283] vfs_get_tree+0x8e/0x300 [ 2072.027711] path_mount+0x1490/0x21e0 [ 2072.028152] ? strncpy_from_user+0x9e/0x470 [ 2072.028650] ? finish_automount+0xa90/0xa90 [ 2072.029145] ? getname_flags.part.0+0x1dd/0x4f0 [ 2072.029686] __x64_sys_mount+0x282/0x300 [ 2072.030154] ? copy_mnt_ns+0xa00/0xa00 [ 2072.030604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.031240] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.031831] do_syscall_64+0x33/0x40 [ 2072.032257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.032850] RIP: 0033:0x7f07d2d5a04a [ 2072.033281] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.035404] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2072.036280] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2072.037101] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2072.037924] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2072.038750] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2072.039574] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2072.047778] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2072.050733] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2072.064053] FAULT_INJECTION: forcing a failure. [ 2072.064053] name failslab, interval 1, probability 0, space 0, times 0 [ 2072.065373] CPU: 0 PID: 10502 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2072.066176] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2072.067134] Call Trace: [ 2072.067441] dump_stack+0x107/0x167 [ 2072.067858] should_fail.cold+0x5/0xa [ 2072.068297] ? create_object.isra.0+0x3a/0xa30 [ 2072.068819] should_failslab+0x5/0x20 [ 2072.069253] kmem_cache_alloc+0x5b/0x310 [ 2072.069715] ? lock_acquire+0x197/0x470 [ 2072.070177] create_object.isra.0+0x3a/0xa30 [ 2072.070680] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2072.071273] kmem_cache_alloc+0x159/0x310 [ 2072.071747] skb_clone+0x14f/0x3d0 [ 2072.072159] dev_queue_xmit_nit+0x3a7/0xb00 [ 2072.072659] dev_hard_start_xmit+0xab/0x6f0 [ 2072.073164] __dev_queue_xmit+0x179a/0x2690 [ 2072.073666] ? packet_parse_headers+0x42f/0x980 [ 2072.074199] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 2072.074721] ? __check_object_size+0x319/0x440 [ 2072.075252] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 2072.075788] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2072.076397] packet_sendmsg+0x31f4/0x5370 [ 2072.076883] ? sock_has_perm+0x1ea/0x280 [ 2072.077348] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2072.077949] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2072.078575] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2072.079122] ? lock_downgrade+0x6d0/0x6d0 [ 2072.079604] sock_sendmsg+0x319/0x390 [ 2072.080033] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2072.080577] ? ____sys_sendmsg+0x870/0x870 [ 2072.081064] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2072.081666] ? timestamp_truncate+0x2f0/0x2f0 [ 2072.082175] ? find_get_entry+0x2c8/0x740 [ 2072.082650] ? iov_iter_kvec+0x3c/0x130 [ 2072.083117] sock_no_sendpage+0x12c/0x1a0 [ 2072.083594] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2072.084123] ? init_special_inode+0x1f0/0x1f0 [ 2072.084641] kernel_sendpage.part.0+0x146/0x290 [ 2072.085180] sock_sendpage+0xe5/0x140 [ 2072.085618] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2072.086194] pipe_to_sendpage+0x2af/0x380 [ 2072.086679] ? propagate_umount+0x1550/0x1550 [ 2072.087204] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2072.087816] __splice_from_pipe+0x43d/0x890 [ 2072.088309] ? propagate_umount+0x1550/0x1550 [ 2072.088826] generic_splice_sendpage+0xd5/0x140 [ 2072.089354] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2072.089858] ? security_file_permission+0xb1/0xe0 [ 2072.090408] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2072.090910] direct_splice_actor+0x10f/0x170 [ 2072.091423] splice_direct_to_actor+0x387/0x980 [ 2072.091958] ? pipe_to_sendpage+0x380/0x380 [ 2072.092454] ? do_splice_to+0x160/0x160 [ 2072.092907] ? security_file_permission+0xb1/0xe0 [ 2072.093459] do_splice_direct+0x1c4/0x290 [ 2072.093958] ? splice_direct_to_actor+0x980/0x980 [ 2072.094513] ? security_file_permission+0xb1/0xe0 [ 2072.095078] do_sendfile+0x553/0x11e0 [ 2072.095530] ? do_pwritev+0x270/0x270 [ 2072.095972] ? wait_for_completion_io+0x270/0x270 [ 2072.096529] ? rcu_read_lock_any_held+0x75/0xa0 [ 2072.097066] ? vfs_write+0x354/0xb10 [ 2072.097499] __x64_sys_sendfile64+0x1d1/0x210 [ 2072.098015] ? __ia32_sys_sendfile+0x220/0x220 [ 2072.098546] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2072.099172] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2072.099766] do_syscall_64+0x33/0x40 [ 2072.100196] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2072.100786] RIP: 0033:0x7f122aa69b19 [ 2072.101212] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2072.103336] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2072.104212] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2072.105032] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2072.105852] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2072.106672] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2072.107500] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:11:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000021d0001"], 0xec}}, 0x0) 11:12:08 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffff6, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000031d0001"], 0xec}}, 0x0) 11:12:08 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 35) dup2(r0, r1) 11:12:08 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 5) 11:12:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b00cff4"], 0xec}}, 0x0) 11:12:08 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffffe, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x33fe0}}, 0x0) [ 2086.548974] FAULT_INJECTION: forcing a failure. [ 2086.548974] name failslab, interval 1, probability 0, space 0, times 0 [ 2086.551640] CPU: 1 PID: 10518 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2086.553092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2086.554815] Call Trace: [ 2086.555385] dump_stack+0x107/0x167 [ 2086.556152] should_fail.cold+0x5/0xa [ 2086.556954] ? create_object.isra.0+0x3a/0xa30 [ 2086.557911] should_failslab+0x5/0x20 [ 2086.558715] kmem_cache_alloc+0x5b/0x310 [ 2086.559584] create_object.isra.0+0x3a/0xa30 [ 2086.560514] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2086.561572] kmem_cache_alloc_trace+0x151/0x320 [ 2086.562562] copy_mount_options+0x55/0x180 [ 2086.563459] __x64_sys_mount+0x1a8/0x300 [ 2086.564307] ? copy_mnt_ns+0xa00/0xa00 11:12:08 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 86) [ 2086.565135] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.566353] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2086.567456] do_syscall_64+0x33/0x40 [ 2086.568247] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2086.568973] FAULT_INJECTION: forcing a failure. [ 2086.568973] name failslab, interval 1, probability 0, space 0, times 0 [ 2086.569321] RIP: 0033:0x7f9990caeb19 [ 2086.569342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2086.569353] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2086.569374] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2086.569394] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2086.580859] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2086.582355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2086.583868] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2086.585402] CPU: 0 PID: 10523 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2086.586843] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2086.588556] Call Trace: [ 2086.589102] dump_stack+0x107/0x167 [ 2086.589850] should_fail.cold+0x5/0xa [ 2086.590645] ? create_object.isra.0+0x3a/0xa30 [ 2086.591585] should_failslab+0x5/0x20 [ 2086.592372] kmem_cache_alloc+0x5b/0x310 [ 2086.593206] ? mark_held_locks+0x9e/0xe0 [ 2086.594034] create_object.isra.0+0x3a/0xa30 [ 2086.594919] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2086.595956] kmem_cache_alloc_trace+0x151/0x320 [ 2086.596902] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2086.597904] __list_lru_init+0x44d/0x890 [ 2086.598731] alloc_super+0x8b8/0xa90 [ 2086.599150] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2086.599498] sget_fc+0x110/0x860 [ 2086.599521] ? set_anon_super+0xc0/0xc0 [ 2086.602761] ? shmem_put_link+0x120/0x120 [ 2086.603611] get_tree_nodev+0x24/0x1d0 [ 2086.604398] vfs_get_tree+0x8e/0x300 [ 2086.605153] path_mount+0x1490/0x21e0 [ 2086.605931] ? strncpy_from_user+0x9e/0x470 [ 2086.606804] ? finish_automount+0xa90/0xa90 [ 2086.607691] ? getname_flags.part.0+0x1dd/0x4f0 [ 2086.608639] __x64_sys_mount+0x282/0x300 [ 2086.609458] ? copy_mnt_ns+0xa00/0xa00 [ 2086.610254] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.611349] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2086.612396] do_syscall_64+0x33/0x40 [ 2086.613157] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2086.614197] RIP: 0033:0x7f07d2d5a04a [ 2086.614955] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2086.618678] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2086.620219] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2086.621649] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2086.623071] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2086.624505] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2086.625927] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:12:08 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b00f0f4"], 0xec}}, 0x0) 11:12:08 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x2000096c}}, 0x0) 11:12:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec00000f1d0001"], 0xec}}, 0x0) [ 2086.671507] FAULT_INJECTION: forcing a failure. [ 2086.671507] name failslab, interval 1, probability 0, space 0, times 0 [ 2086.673909] CPU: 1 PID: 10522 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2086.675377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2086.677126] Call Trace: [ 2086.677694] dump_stack+0x107/0x167 [ 2086.678472] should_fail.cold+0x5/0xa [ 2086.679293] ? __alloc_skb+0x6d/0x5b0 [ 2086.680107] should_failslab+0x5/0x20 [ 2086.680917] kmem_cache_alloc_node+0x55/0x330 [ 2086.681876] __alloc_skb+0x6d/0x5b0 [ 2086.682647] alloc_skb_with_frags+0x92/0x570 [ 2086.683590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.684689] ? __local_bh_enable_ip+0x9d/0x100 [ 2086.685644] ? trace_hardirqs_on+0x5b/0x180 [ 2086.686546] sock_alloc_send_pskb+0x7af/0x930 [ 2086.687502] ? lock_acquire+0x197/0x470 [ 2086.688337] ? sk_alloc+0x350/0x350 11:12:08 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfffffffe, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2086.689096] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2086.690284] packet_sendmsg+0x189a/0x5370 [ 2086.691184] ? sock_has_perm+0x1ea/0x280 [ 2086.692044] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2086.693119] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2086.694223] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2086.695262] ? lock_downgrade+0x6d0/0x6d0 [ 2086.696146] sock_sendmsg+0x319/0x390 [ 2086.696966] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2086.697990] ? ____sys_sendmsg+0x870/0x870 [ 2086.698911] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2086.700088] ? timestamp_truncate+0x2f0/0x2f0 [ 2086.701068] ? find_get_entry+0x2c8/0x740 [ 2086.701978] ? iov_iter_kvec+0x3c/0x130 [ 2086.702854] sock_no_sendpage+0x12c/0x1a0 [ 2086.703764] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2086.704763] ? init_special_inode+0x1f0/0x1f0 [ 2086.705743] kernel_sendpage.part.0+0x146/0x290 [ 2086.706752] sock_sendpage+0xe5/0x140 [ 2086.707585] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2086.708662] pipe_to_sendpage+0x2af/0x380 [ 2086.709559] ? propagate_umount+0x1550/0x1550 [ 2086.710527] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2086.711700] __splice_from_pipe+0x43d/0x890 [ 2086.712647] ? propagate_umount+0x1550/0x1550 [ 2086.713618] generic_splice_sendpage+0xd5/0x140 [ 2086.714627] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2086.715591] ? security_file_permission+0xb1/0xe0 [ 2086.716637] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2086.717595] direct_splice_actor+0x10f/0x170 [ 2086.718551] splice_direct_to_actor+0x387/0x980 [ 2086.719570] ? pipe_to_sendpage+0x380/0x380 [ 2086.720509] ? do_splice_to+0x160/0x160 [ 2086.721361] ? security_file_permission+0xb1/0xe0 [ 2086.722411] do_splice_direct+0x1c4/0x290 [ 2086.723324] ? splice_direct_to_actor+0x980/0x980 [ 2086.724370] ? security_file_permission+0xb1/0xe0 11:12:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000730001"], 0xec}}, 0x0) [ 2086.725524] do_sendfile+0x553/0x11e0 [ 2086.726392] ? do_pwritev+0x270/0x270 [ 2086.727232] ? wait_for_completion_io+0x270/0x270 [ 2086.728285] ? rcu_read_lock_any_held+0x75/0xa0 [ 2086.729290] ? vfs_write+0x354/0xb10 [ 2086.730096] __x64_sys_sendfile64+0x1d1/0x210 [ 2086.731068] ? __ia32_sys_sendfile+0x220/0x220 [ 2086.732067] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2086.733204] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2086.734322] do_syscall_64+0x33/0x40 [ 2086.735127] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2086.736246] RIP: 0033:0x7f122aa69b19 [ 2086.737048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2086.741043] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2086.742716] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2086.744269] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2086.745807] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2086.747363] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2086.748425] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=10533 comm=syz-executor.5 [ 2086.748923] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:12:08 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:08 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000000f0001"], 0xec}}, 0x0) [ 2086.894732] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=15 sclass=netlink_route_socket pid=10543 comm=syz-executor.5 11:12:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000100001"], 0xec}}, 0x0) 11:12:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0002f4"], 0xec}}, 0x0) 11:12:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 36) dup2(r0, r1) 11:12:23 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 6) 11:12:23 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 87) 11:12:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0x7ffff000}}, 0x0) 11:12:23 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xedc000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2102.037823] FAULT_INJECTION: forcing a failure. [ 2102.037823] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2102.041756] FAULT_INJECTION: forcing a failure. [ 2102.041756] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.041779] CPU: 0 PID: 10559 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2102.041790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.041797] Call Trace: [ 2102.041823] dump_stack+0x107/0x167 [ 2102.041845] should_fail.cold+0x5/0xa [ 2102.041867] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2102.041884] should_failslab+0x5/0x20 [ 2102.041904] kmem_cache_alloc_trace+0x55/0x320 [ 2102.041922] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2102.041945] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2102.041969] __list_lru_init+0x44d/0x890 [ 2102.042019] alloc_super+0x8b8/0xa90 [ 2102.056576] sget_fc+0x110/0x860 [ 2102.057290] ? set_anon_super+0xc0/0xc0 [ 2102.058133] ? shmem_put_link+0x120/0x120 [ 2102.058998] get_tree_nodev+0x24/0x1d0 [ 2102.059832] vfs_get_tree+0x8e/0x300 [ 2102.060611] path_mount+0x1490/0x21e0 [ 2102.061422] ? strncpy_from_user+0x9e/0x470 [ 2102.062323] ? finish_automount+0xa90/0xa90 [ 2102.063234] ? getname_flags.part.0+0x1dd/0x4f0 [ 2102.064232] __x64_sys_mount+0x282/0x300 [ 2102.065086] ? copy_mnt_ns+0xa00/0xa00 [ 2102.065915] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.067022] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.068118] do_syscall_64+0x33/0x40 [ 2102.068907] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.069977] RIP: 0033:0x7f07d2d5a04a [ 2102.070762] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.074712] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2102.076336] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2102.077835] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2102.079326] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2102.080856] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2102.082351] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2102.083894] CPU: 1 PID: 10557 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2102.085384] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.087165] Call Trace: [ 2102.087760] dump_stack+0x107/0x167 [ 2102.088533] should_fail.cold+0x5/0xa [ 2102.089361] _copy_from_user+0x2e/0x1b0 [ 2102.090226] copy_mount_options+0x76/0x180 [ 2102.091147] __x64_sys_mount+0x1a8/0x300 [ 2102.092042] ? copy_mnt_ns+0xa00/0xa00 [ 2102.092891] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.094023] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.095137] do_syscall_64+0x33/0x40 [ 2102.095932] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.097024] RIP: 0033:0x7f9990caeb19 [ 2102.097841] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.101797] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2102.103395] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2102.104955] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2102.106471] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2102.108022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2102.109553] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2102.127710] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2102.131762] FAULT_INJECTION: forcing a failure. [ 2102.131762] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.134281] CPU: 0 PID: 10553 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2102.135782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.137553] Call Trace: [ 2102.138131] dump_stack+0x107/0x167 [ 2102.138924] should_fail.cold+0x5/0xa [ 2102.139763] ? create_object.isra.0+0x3a/0xa30 [ 2102.140745] should_failslab+0x5/0x20 [ 2102.141573] kmem_cache_alloc+0x5b/0x310 [ 2102.142457] create_object.isra.0+0x3a/0xa30 [ 2102.143418] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2102.144548] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2102.145641] ? alloc_skb_with_frags+0x92/0x570 [ 2102.146614] __alloc_skb+0xb1/0x5b0 [ 2102.147385] alloc_skb_with_frags+0x92/0x570 [ 2102.148331] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.149441] ? __local_bh_enable_ip+0x9d/0x100 [ 2102.150401] ? trace_hardirqs_on+0x5b/0x180 [ 2102.151307] sock_alloc_send_pskb+0x7af/0x930 [ 2102.152263] ? lock_acquire+0x197/0x470 [ 2102.153102] ? sk_alloc+0x350/0x350 [ 2102.153872] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2102.154981] packet_sendmsg+0x189a/0x5370 [ 2102.155880] ? sock_has_perm+0x1ea/0x280 [ 2102.156736] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2102.157826] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2102.158930] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2102.159943] ? lock_downgrade+0x6d0/0x6d0 [ 2102.160826] sock_sendmsg+0x319/0x390 [ 2102.161627] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2102.162626] ? ____sys_sendmsg+0x870/0x870 [ 2102.163533] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2102.164631] ? timestamp_truncate+0x2f0/0x2f0 [ 2102.165573] ? find_get_entry+0x2c8/0x740 [ 2102.166444] ? iov_iter_kvec+0x3c/0x130 [ 2102.167294] sock_no_sendpage+0x12c/0x1a0 [ 2102.168175] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2102.169148] ? init_special_inode+0x1f0/0x1f0 [ 2102.170100] kernel_sendpage.part.0+0x146/0x290 [ 2102.171084] sock_sendpage+0xe5/0x140 [ 2102.171896] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2102.172946] pipe_to_sendpage+0x2af/0x380 [ 2102.173820] ? propagate_umount+0x1550/0x1550 [ 2102.174765] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2102.175902] __splice_from_pipe+0x43d/0x890 [ 2102.176808] ? propagate_umount+0x1550/0x1550 [ 2102.177759] generic_splice_sendpage+0xd5/0x140 [ 2102.178738] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2102.179690] ? security_file_permission+0xb1/0xe0 [ 2102.180708] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2102.181634] direct_splice_actor+0x10f/0x170 [ 2102.182557] splice_direct_to_actor+0x387/0x980 [ 2102.183571] ? pipe_to_sendpage+0x380/0x380 [ 2102.184659] ? do_splice_to+0x160/0x160 [ 2102.185501] ? security_file_permission+0xb1/0xe0 [ 2102.186523] do_splice_direct+0x1c4/0x290 [ 2102.187403] ? splice_direct_to_actor+0x980/0x980 [ 2102.188440] ? security_file_permission+0xb1/0xe0 [ 2102.189480] do_sendfile+0x553/0x11e0 [ 2102.190295] ? do_pwritev+0x270/0x270 [ 2102.191095] ? wait_for_completion_io+0x270/0x270 [ 2102.192121] ? rcu_read_lock_any_held+0x75/0xa0 [ 2102.193100] ? vfs_write+0x354/0xb10 [ 2102.193886] __x64_sys_sendfile64+0x1d1/0x210 [ 2102.194823] ? __ia32_sys_sendfile+0x220/0x220 [ 2102.195796] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.196891] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.197971] do_syscall_64+0x33/0x40 [ 2102.198760] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.199840] RIP: 0033:0x7f122aa69b19 [ 2102.200623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.204516] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2102.206115] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2102.207618] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2102.209111] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2102.210593] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2102.212120] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:12:24 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xedc000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000110001"], 0xec}}, 0x0) 11:12:24 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xfffffdef}}, 0x0) 11:12:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b000ff4"], 0xec}}, 0x0) [ 2102.268671] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. 11:12:24 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 88) 11:12:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x2}, 0x0) [ 2102.397269] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2102.409330] FAULT_INJECTION: forcing a failure. [ 2102.409330] name failslab, interval 1, probability 0, space 0, times 0 [ 2102.411730] CPU: 1 PID: 10582 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2102.413159] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2102.414873] Call Trace: [ 2102.415437] dump_stack+0x107/0x167 [ 2102.416195] should_fail.cold+0x5/0xa [ 2102.416978] ? create_object.isra.0+0x3a/0xa30 [ 2102.417930] should_failslab+0x5/0x20 [ 2102.418720] kmem_cache_alloc+0x5b/0x310 [ 2102.419565] ? mark_held_locks+0x9e/0xe0 [ 2102.420426] create_object.isra.0+0x3a/0xa30 [ 2102.421336] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2102.422402] kmem_cache_alloc_trace+0x151/0x320 [ 2102.423392] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2102.424412] __list_lru_init+0x44d/0x890 [ 2102.425261] alloc_super+0x8b8/0xa90 [ 2102.426027] sget_fc+0x110/0x860 [ 2102.426731] ? set_anon_super+0xc0/0xc0 [ 2102.427550] ? shmem_put_link+0x120/0x120 [ 2102.428418] get_tree_nodev+0x24/0x1d0 [ 2102.429220] vfs_get_tree+0x8e/0x300 [ 2102.429996] path_mount+0x1490/0x21e0 [ 2102.430780] ? strncpy_from_user+0x9e/0x470 [ 2102.431681] ? finish_automount+0xa90/0xa90 [ 2102.432586] ? getname_flags.part.0+0x1dd/0x4f0 [ 2102.433545] __x64_sys_mount+0x282/0x300 [ 2102.434378] ? copy_mnt_ns+0xa00/0xa00 [ 2102.435173] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2102.436261] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2102.437325] do_syscall_64+0x33/0x40 [ 2102.438093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2102.439142] RIP: 0033:0x7f07d2d5a04a [ 2102.439917] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2102.443772] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2102.445321] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2102.446774] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2102.448247] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2102.449708] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2102.451167] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2116.230291] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:12:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000120001"], 0xec}}, 0x0) 11:12:38 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 89) 11:12:38 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:38 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 7) 11:12:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b00cff4"], 0xec}}, 0x0) 11:12:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x3}, 0x0) 11:12:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 37) dup2(r0, r1) 11:12:38 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2116.254700] FAULT_INJECTION: forcing a failure. [ 2116.254700] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.256052] CPU: 0 PID: 10594 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2116.256852] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.257808] Call Trace: [ 2116.258121] dump_stack+0x107/0x167 [ 2116.258539] should_fail.cold+0x5/0xa [ 2116.258979] ? getname_flags.part.0+0x50/0x4f0 [ 2116.259503] should_failslab+0x5/0x20 [ 2116.259952] kmem_cache_alloc+0x5b/0x310 [ 2116.260425] getname_flags.part.0+0x50/0x4f0 [ 2116.260929] ? _copy_from_user+0xfb/0x1b0 [ 2116.261408] user_path_at_empty+0xa1/0x100 [ 2116.261890] __x64_sys_mount+0x1e9/0x300 [ 2116.262361] ? copy_mnt_ns+0xa00/0xa00 [ 2116.262813] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.263418] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.264017] do_syscall_64+0x33/0x40 [ 2116.264444] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.265027] RIP: 0033:0x7f9990caeb19 [ 2116.265461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.267555] FAULT_INJECTION: forcing a failure. [ 2116.267555] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.268796] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2116.269664] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2116.270475] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2116.271291] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2116.272118] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2116.272934] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2116.274256] CPU: 1 PID: 10597 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2116.276084] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.278237] Call Trace: [ 2116.278928] dump_stack+0x107/0x167 [ 2116.279896] should_fail.cold+0x5/0xa [ 2116.280887] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2116.282205] should_failslab+0x5/0x20 11:12:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x8}, 0x0) [ 2116.283187] kmem_cache_alloc_trace+0x55/0x320 [ 2116.284474] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2116.285644] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2116.286770] __list_lru_init+0x44d/0x890 [ 2116.287727] alloc_super+0x8b8/0xa90 [ 2116.288582] sget_fc+0x110/0x860 [ 2116.289354] ? set_anon_super+0xc0/0xc0 [ 2116.290212] ? shmem_put_link+0x120/0x120 [ 2116.291164] get_tree_nodev+0x24/0x1d0 [ 2116.292072] vfs_get_tree+0x8e/0x300 [ 2116.292929] path_mount+0x1490/0x21e0 [ 2116.293792] ? strncpy_from_user+0x9e/0x470 [ 2116.294728] ? finish_automount+0xa90/0xa90 [ 2116.295732] ? getname_flags.part.0+0x1dd/0x4f0 [ 2116.296800] __x64_sys_mount+0x282/0x300 [ 2116.297736] ? copy_mnt_ns+0xa00/0xa00 [ 2116.298630] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.299774] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.300967] do_syscall_64+0x33/0x40 [ 2116.301802] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.302943] RIP: 0033:0x7f07d2d5a04a [ 2116.303845] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.305498] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2116.308243] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2116.308266] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2116.308282] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2116.314283] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2116.315974] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2116.317683] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2116.331607] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2116.353881] FAULT_INJECTION: forcing a failure. [ 2116.353881] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2116.355275] CPU: 0 PID: 10602 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2116.356023] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.356915] Call Trace: [ 2116.357207] dump_stack+0x107/0x167 [ 2116.357600] should_fail.cold+0x5/0xa [ 2116.358015] __alloc_pages_nodemask+0x182/0x600 [ 2116.358515] ? __alloc_pages_slowpath.constprop.0+0x2310/0x2310 [ 2116.359206] ? __kmalloc_node_track_caller+0x2f8/0x3b0 [ 2116.359782] ? alloc_skb_with_frags+0x92/0x570 [ 2116.360274] alloc_pages_current+0x187/0x280 [ 2116.360748] alloc_skb_with_frags+0x1a6/0x570 [ 2116.361269] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.361840] ? trace_hardirqs_on+0x5b/0x180 [ 2116.362335] sock_alloc_send_pskb+0x7af/0x930 [ 2116.362822] ? lock_acquire+0x197/0x470 [ 2116.363282] ? sk_alloc+0x350/0x350 [ 2116.363693] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2116.364300] packet_sendmsg+0x189a/0x5370 [ 2116.364757] ? sock_has_perm+0x1ea/0x280 [ 2116.365194] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2116.365750] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2116.366353] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2116.366866] ? lock_downgrade+0x6d0/0x6d0 [ 2116.367349] sock_sendmsg+0x319/0x390 [ 2116.367775] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2116.368319] ? ____sys_sendmsg+0x870/0x870 [ 2116.368782] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2116.369354] ? timestamp_truncate+0x2f0/0x2f0 [ 2116.369841] ? find_get_entry+0x2c8/0x740 [ 2116.370291] ? iov_iter_kvec+0x3c/0x130 [ 2116.370728] sock_no_sendpage+0x12c/0x1a0 [ 2116.371204] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2116.371716] ? init_special_inode+0x1f0/0x1f0 [ 2116.372209] kernel_sendpage.part.0+0x146/0x290 [ 2116.372715] sock_sendpage+0xe5/0x140 [ 2116.373129] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2116.373675] pipe_to_sendpage+0x2af/0x380 [ 2116.374128] ? propagate_umount+0x1550/0x1550 [ 2116.374612] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2116.375190] __splice_from_pipe+0x43d/0x890 [ 2116.375671] ? propagate_umount+0x1550/0x1550 [ 2116.376160] generic_splice_sendpage+0xd5/0x140 [ 2116.376660] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2116.377136] ? security_file_permission+0xb1/0xe0 [ 2116.377657] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2116.378131] direct_splice_actor+0x10f/0x170 [ 2116.378636] splice_direct_to_actor+0x387/0x980 [ 2116.379141] ? pipe_to_sendpage+0x380/0x380 [ 2116.379648] ? do_splice_to+0x160/0x160 [ 2116.380078] ? security_file_permission+0xb1/0xe0 [ 2116.380599] do_splice_direct+0x1c4/0x290 [ 2116.381046] ? splice_direct_to_actor+0x980/0x980 [ 2116.381573] ? security_file_permission+0xb1/0xe0 [ 2116.382096] do_sendfile+0x553/0x11e0 [ 2116.382514] ? do_pwritev+0x270/0x270 [ 2116.382927] ? wait_for_completion_io+0x270/0x270 [ 2116.383452] ? rcu_read_lock_any_held+0x75/0xa0 [ 2116.383993] ? vfs_write+0x354/0xb10 [ 2116.384405] __x64_sys_sendfile64+0x1d1/0x210 [ 2116.384895] ? __ia32_sys_sendfile+0x220/0x220 [ 2116.385421] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.385992] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.386583] do_syscall_64+0x33/0x40 [ 2116.386993] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.387590] RIP: 0033:0x7f122aa69b19 [ 2116.388005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.389985] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2116.390865] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2116.391688] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2116.392505] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.393322] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2116.394144] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:12:38 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xf}}, 0x0) 11:12:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x25}, 0x0) 11:12:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000130001"], 0xec}}, 0x0) [ 2116.448170] netlink: 204 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2116.450403] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:12:38 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 90) 11:12:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 38) dup2(r0, r1) 11:12:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x10}}, 0x0) 11:12:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x3d}, 0x0) 11:12:38 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 8) [ 2116.531464] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2116.539601] FAULT_INJECTION: forcing a failure. [ 2116.539601] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.542055] CPU: 1 PID: 10627 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2116.543516] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.545286] Call Trace: [ 2116.545846] dump_stack+0x107/0x167 11:12:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000140001"], 0xec}}, 0x0) [ 2116.546616] should_fail.cold+0x5/0xa [ 2116.547596] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2116.548674] should_failslab+0x5/0x20 [ 2116.549475] kmem_cache_alloc_trace+0x55/0x320 [ 2116.550444] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2116.551521] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2116.552569] __list_lru_init+0x44d/0x890 [ 2116.553435] alloc_super+0x8b8/0xa90 [ 2116.554223] sget_fc+0x110/0x860 [ 2116.554934] ? set_anon_super+0xc0/0xc0 [ 2116.555789] ? shmem_put_link+0x120/0x120 [ 2116.556658] get_tree_nodev+0x24/0x1d0 [ 2116.557472] vfs_get_tree+0x8e/0x300 [ 2116.558254] path_mount+0x1490/0x21e0 [ 2116.559058] ? strncpy_from_user+0x9e/0x470 [ 2116.559971] ? finish_automount+0xa90/0xa90 [ 2116.560873] ? getname_flags.part.0+0x1dd/0x4f0 [ 2116.561862] __x64_sys_mount+0x282/0x300 [ 2116.562715] ? copy_mnt_ns+0xa00/0xa00 [ 2116.563545] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 11:12:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x1b}}, 0x0) [ 2116.564664] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.565868] do_syscall_64+0x33/0x40 [ 2116.566651] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.567741] RIP: 0033:0x7f07d2d5a04a 11:12:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x61}, 0x0) [ 2116.568521] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.572509] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2116.574118] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2116.575629] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2116.577123] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2116.578627] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2116.580131] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:12:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2116.606006] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:12:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000150001"], 0xec}}, 0x0) [ 2116.614314] FAULT_INJECTION: forcing a failure. [ 2116.614314] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.616776] CPU: 1 PID: 10628 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2116.618249] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.620025] Call Trace: [ 2116.620595] dump_stack+0x107/0x167 [ 2116.621381] should_fail.cold+0x5/0xa [ 2116.622201] ? create_object.isra.0+0x3a/0xa30 [ 2116.623178] should_failslab+0x5/0x20 [ 2116.623998] kmem_cache_alloc+0x5b/0x310 [ 2116.624878] create_object.isra.0+0x3a/0xa30 [ 2116.625823] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2116.626911] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 2116.628003] ? alloc_skb_with_frags+0x92/0x570 [ 2116.628975] __alloc_skb+0xb1/0x5b0 [ 2116.629744] alloc_skb_with_frags+0x92/0x570 [ 2116.630675] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 11:12:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x2c0}}, 0x0) [ 2116.631782] ? __local_bh_enable_ip+0x9d/0x100 [ 2116.632855] ? trace_hardirqs_on+0x5b/0x180 [ 2116.633766] sock_alloc_send_pskb+0x7af/0x930 [ 2116.634709] ? lock_acquire+0x197/0x470 [ 2116.635557] ? sk_alloc+0x350/0x350 [ 2116.636341] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2116.637457] packet_sendmsg+0x189a/0x5370 [ 2116.638342] ? sock_has_perm+0x1ea/0x280 [ 2116.639199] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2116.640297] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2116.641404] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2116.642403] ? lock_downgrade+0x6d0/0x6d0 [ 2116.643284] sock_sendmsg+0x319/0x390 [ 2116.644095] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2116.645103] ? ____sys_sendmsg+0x870/0x870 [ 2116.646000] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2116.647102] ? timestamp_truncate+0x2f0/0x2f0 [ 2116.648064] ? find_get_entry+0x2c8/0x740 [ 2116.648942] ? iov_iter_kvec+0x3c/0x130 [ 2116.649787] sock_no_sendpage+0x12c/0x1a0 [ 2116.650664] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2116.651649] ? init_special_inode+0x1f0/0x1f0 [ 2116.652600] kernel_sendpage.part.0+0x146/0x290 [ 2116.653587] sock_sendpage+0xe5/0x140 [ 2116.654391] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2116.655436] pipe_to_sendpage+0x2af/0x380 [ 2116.656311] ? propagate_umount+0x1550/0x1550 [ 2116.657263] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2116.658387] __splice_from_pipe+0x43d/0x890 [ 2116.659305] ? propagate_umount+0x1550/0x1550 [ 2116.660296] generic_splice_sendpage+0xd5/0x140 [ 2116.661300] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2116.662258] ? security_file_permission+0xb1/0xe0 [ 2116.663259] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2116.664196] direct_splice_actor+0x10f/0x170 [ 2116.665128] splice_direct_to_actor+0x387/0x980 [ 2116.666103] ? pipe_to_sendpage+0x380/0x380 [ 2116.667012] ? do_splice_to+0x160/0x160 [ 2116.667865] ? security_file_permission+0xb1/0xe0 [ 2116.668890] do_splice_direct+0x1c4/0x290 [ 2116.669755] ? splice_direct_to_actor+0x980/0x980 [ 2116.670764] ? security_file_permission+0xb1/0xe0 [ 2116.671795] do_sendfile+0x553/0x11e0 [ 2116.672599] ? do_pwritev+0x270/0x270 [ 2116.673387] ? wait_for_completion_io+0x270/0x270 [ 2116.674388] ? rcu_read_lock_any_held+0x75/0xa0 [ 2116.675352] ? vfs_write+0x354/0xb10 [ 2116.676145] __x64_sys_sendfile64+0x1d1/0x210 [ 2116.677085] ? __ia32_sys_sendfile+0x220/0x220 [ 2116.678034] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.679144] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.680230] do_syscall_64+0x33/0x40 [ 2116.681021] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.682095] RIP: 0033:0x7f122aa69b19 [ 2116.682883] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.686762] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2116.688391] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2116.689903] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2116.691404] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2116.692916] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2116.694428] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 2116.706527] FAULT_INJECTION: forcing a failure. [ 2116.706527] name failslab, interval 1, probability 0, space 0, times 0 [ 2116.707837] CPU: 0 PID: 10636 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2116.708630] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2116.709589] Call Trace: [ 2116.709914] dump_stack+0x107/0x167 [ 2116.710331] should_fail.cold+0x5/0xa [ 2116.710748] ? create_object.isra.0+0x3a/0xa30 [ 2116.711283] should_failslab+0x5/0x20 [ 2116.711736] kmem_cache_alloc+0x5b/0x310 [ 2116.712207] create_object.isra.0+0x3a/0xa30 [ 2116.712689] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2116.713276] kmem_cache_alloc+0x159/0x310 [ 2116.713768] getname_flags.part.0+0x50/0x4f0 [ 2116.714249] ? _copy_from_user+0xfb/0x1b0 [ 2116.714739] user_path_at_empty+0xa1/0x100 [ 2116.715237] __x64_sys_mount+0x1e9/0x300 [ 2116.715713] ? copy_mnt_ns+0xa00/0xa00 [ 2116.716173] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2116.716771] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2116.717373] do_syscall_64+0x33/0x40 [ 2116.717788] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2116.718385] RIP: 0033:0x7f9990caeb19 [ 2116.718817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2116.721122] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2116.722117] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2116.722934] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2116.723755] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2116.724564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2116.725392] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:12:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 39) dup2(r0, r1) 11:12:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x300}, 0x0) 11:12:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000160001"], 0xec}}, 0x0) 11:12:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 9) 11:12:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec0}}, 0x0) 11:12:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 91) [ 2131.894487] FAULT_INJECTION: forcing a failure. [ 2131.894487] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2131.896303] CPU: 0 PID: 10661 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2131.897337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2131.898570] Call Trace: [ 2131.898975] dump_stack+0x107/0x167 [ 2131.899520] should_fail.cold+0x5/0xa [ 2131.900096] strncpy_from_user+0x34/0x470 [ 2131.900708] getname_flags.part.0+0x95/0x4f0 [ 2131.901362] ? _copy_from_user+0xfb/0x1b0 [ 2131.901990] user_path_at_empty+0xa1/0x100 [ 2131.902622] __x64_sys_mount+0x1e9/0x300 [ 2131.903218] ? copy_mnt_ns+0xa00/0xa00 [ 2131.903802] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2131.904591] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2131.905357] do_syscall_64+0x33/0x40 [ 2131.905909] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2131.906672] RIP: 0033:0x7f9990caeb19 [ 2131.907220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2131.909946] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2131.911082] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2131.912163] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2131.913235] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2131.914306] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2131.915381] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2131.920613] FAULT_INJECTION: forcing a failure. [ 2131.920613] name failslab, interval 1, probability 0, space 0, times 0 [ 2131.922452] CPU: 0 PID: 10664 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2131.922706] FAULT_INJECTION: forcing a failure. [ 2131.922706] name failslab, interval 1, probability 0, space 0, times 0 [ 2131.923490] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2131.923495] Call Trace: [ 2131.923511] dump_stack+0x107/0x167 [ 2131.923526] should_fail.cold+0x5/0xa [ 2131.923550] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2131.929464] should_failslab+0x5/0x20 [ 2131.930034] kmem_cache_alloc_trace+0x55/0x320 [ 2131.930713] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2131.931459] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2131.932208] __list_lru_init+0x44d/0x890 [ 2131.932817] alloc_super+0x8b8/0xa90 [ 2131.933378] sget_fc+0x110/0x860 [ 2131.933883] ? set_anon_super+0xc0/0xc0 [ 2131.934472] ? shmem_put_link+0x120/0x120 [ 2131.935084] get_tree_nodev+0x24/0x1d0 [ 2131.935648] vfs_get_tree+0x8e/0x300 [ 2131.936208] path_mount+0x1490/0x21e0 [ 2131.936780] ? strncpy_from_user+0x9e/0x470 [ 2131.937410] ? finish_automount+0xa90/0xa90 [ 2131.938066] ? getname_flags.part.0+0x1dd/0x4f0 [ 2131.938758] __x64_sys_mount+0x282/0x300 [ 2131.939373] ? copy_mnt_ns+0xa00/0xa00 [ 2131.939972] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2131.940747] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2131.941505] do_syscall_64+0x33/0x40 [ 2131.942057] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2131.942817] RIP: 0033:0x7f07d2d5a04a [ 2131.943367] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2131.946141] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2131.947301] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2131.948396] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2131.949481] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2131.950564] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2131.951634] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2131.952748] CPU: 1 PID: 10658 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2131.954374] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2131.956290] Call Trace: [ 2131.956905] dump_stack+0x107/0x167 [ 2131.957748] should_fail.cold+0x5/0xa [ 2131.958625] ? lock_release+0x680/0x680 [ 2131.959538] ? skb_clone+0x14f/0x3d0 [ 2131.960402] should_failslab+0x5/0x20 [ 2131.961281] kmem_cache_alloc+0x5b/0x310 [ 2131.962215] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2131.963419] skb_clone+0x14f/0x3d0 [ 2131.964248] dev_queue_xmit_nit+0x3a7/0xb00 [ 2131.965216] dev_hard_start_xmit+0xab/0x6f0 [ 2131.966192] __dev_queue_xmit+0x179a/0x2690 [ 2131.967192] ? packet_parse_headers+0x42f/0x980 [ 2131.968279] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 2131.969325] ? __check_object_size+0x319/0x440 [ 2131.970374] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 2131.971437] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2131.972659] packet_sendmsg+0x31f4/0x5370 [ 2131.973628] ? sock_has_perm+0x1ea/0x280 [ 2131.974563] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2131.975747] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2131.976966] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2131.978060] ? lock_downgrade+0x6d0/0x6d0 [ 2131.979023] sock_sendmsg+0x319/0x390 [ 2131.979906] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2131.980991] ? ____sys_sendmsg+0x870/0x870 [ 2131.981968] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2131.983169] ? timestamp_truncate+0x2f0/0x2f0 [ 2131.984200] ? find_get_entry+0x2c8/0x740 [ 2131.985155] ? iov_iter_kvec+0x3c/0x130 [ 2131.986076] sock_no_sendpage+0x12c/0x1a0 [ 2131.987027] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2131.988098] ? init_special_inode+0x1f0/0x1f0 [ 2131.989140] kernel_sendpage.part.0+0x146/0x290 [ 2131.990217] sock_sendpage+0xe5/0x140 [ 2131.991097] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2131.992247] pipe_to_sendpage+0x2af/0x380 [ 2131.993203] ? propagate_umount+0x1550/0x1550 [ 2131.994232] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2131.995458] __splice_from_pipe+0x43d/0x890 [ 2131.996459] ? propagate_umount+0x1550/0x1550 [ 2131.997497] generic_splice_sendpage+0xd5/0x140 [ 2131.998564] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2131.999584] ? security_file_permission+0xb1/0xe0 [ 2132.000700] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2132.001712] direct_splice_actor+0x10f/0x170 [ 2132.002726] splice_direct_to_actor+0x387/0x980 [ 2132.003806] ? pipe_to_sendpage+0x380/0x380 [ 2132.004801] ? do_splice_to+0x160/0x160 [ 2132.005712] ? security_file_permission+0xb1/0xe0 [ 2132.006826] do_splice_direct+0x1c4/0x290 [ 2132.007787] ? splice_direct_to_actor+0x980/0x980 [ 2132.008904] ? security_file_permission+0xb1/0xe0 [ 2132.010026] do_sendfile+0x553/0x11e0 [ 2132.010915] ? do_pwritev+0x270/0x270 [ 2132.011801] ? wait_for_completion_io+0x270/0x270 [ 2132.012913] ? rcu_read_lock_any_held+0x75/0xa0 [ 2132.013979] ? vfs_write+0x354/0xb10 [ 2132.014840] __x64_sys_sendfile64+0x1d1/0x210 [ 2132.015876] ? __ia32_sys_sendfile+0x220/0x220 [ 2132.016928] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2132.018134] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2132.019320] do_syscall_64+0x33/0x40 [ 2132.020183] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2132.021363] RIP: 0033:0x7f122aa69b19 [ 2132.022217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2132.026444] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2132.028219] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2132.029870] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2132.031521] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2132.033169] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2132.034806] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:12:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 92) 11:12:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0xc002}, 0x0) 11:12:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 10) [ 2132.072936] FAULT_INJECTION: forcing a failure. [ 2132.072936] name failslab, interval 1, probability 0, space 0, times 0 [ 2132.075514] CPU: 1 PID: 10669 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2132.077116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2132.079029] Call Trace: [ 2132.079638] dump_stack+0x107/0x167 [ 2132.080487] should_fail.cold+0x5/0xa [ 2132.081366] ? create_object.isra.0+0x3a/0xa30 [ 2132.082415] should_failslab+0x5/0x20 [ 2132.083292] kmem_cache_alloc+0x5b/0x310 [ 2132.084287] ? mark_held_locks+0x9e/0xe0 [ 2132.085226] create_object.isra.0+0x3a/0xa30 [ 2132.086236] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2132.087408] kmem_cache_alloc_trace+0x151/0x320 [ 2132.088500] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2132.089633] __list_lru_init+0x44d/0x890 [ 2132.090573] alloc_super+0x8b8/0xa90 [ 2132.091433] sget_fc+0x110/0x860 [ 2132.092217] ? set_anon_super+0xc0/0xc0 [ 2132.093135] ? shmem_put_link+0x120/0x120 [ 2132.094084] get_tree_nodev+0x24/0x1d0 [ 2132.094978] vfs_get_tree+0x8e/0x300 [ 2132.095844] path_mount+0x1490/0x21e0 [ 2132.096725] ? strncpy_from_user+0x9e/0x470 [ 2132.097717] ? finish_automount+0xa90/0xa90 [ 2132.098706] ? getname_flags.part.0+0x1dd/0x4f0 [ 2132.099794] __x64_sys_mount+0x282/0x300 [ 2132.100728] ? copy_mnt_ns+0xa00/0xa00 [ 2132.101627] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2132.102831] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2132.104026] do_syscall_64+0x33/0x40 [ 2132.104882] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2132.106057] RIP: 0033:0x7f07d2d5a04a [ 2132.106911] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2132.111150] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2132.112918] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2132.114570] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2132.116214] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2132.117849] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2132.119483] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:12:54 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:54 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x80000}, 0x0) [ 2132.129294] FAULT_INJECTION: forcing a failure. [ 2132.129294] name failslab, interval 1, probability 0, space 0, times 0 [ 2132.131908] CPU: 1 PID: 10666 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2132.133487] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2132.135380] Call Trace: [ 2132.135991] dump_stack+0x107/0x167 [ 2132.136825] should_fail.cold+0x5/0xa [ 2132.137695] ? alloc_fs_context+0x57/0x840 [ 2132.138659] should_failslab+0x5/0x20 [ 2132.139529] kmem_cache_alloc_trace+0x55/0x320 [ 2132.140582] alloc_fs_context+0x57/0x840 [ 2132.141515] path_mount+0xab1/0x21e0 [ 2132.142370] ? strncpy_from_user+0x9e/0x470 [ 2132.143354] ? finish_automount+0xa90/0xa90 [ 2132.144348] ? getname_flags.part.0+0x1dd/0x4f0 [ 2132.145410] ? _copy_from_user+0xfb/0x1b0 [ 2132.146365] __x64_sys_mount+0x282/0x300 [ 2132.147290] ? copy_mnt_ns+0xa00/0xa00 [ 2132.148198] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2132.149398] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2132.150582] do_syscall_64+0x33/0x40 [ 2132.151435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2132.152614] RIP: 0033:0x7f9990caeb19 [ 2132.153462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2132.157704] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2132.159444] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2132.161092] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2132.162729] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2132.164372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2132.166001] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:12:54 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:12:54 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000180001"], 0xec}}, 0x0) 11:13:06 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 40) dup2(r0, r1) 11:13:06 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 93) 11:13:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x7ffffff2}, 0x0) 11:13:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x33fe0}}, 0x0) 11:13:06 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:06 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:06 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 11) 11:13:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000190001"], 0xec}}, 0x0) [ 2144.173621] FAULT_INJECTION: forcing a failure. [ 2144.173621] name failslab, interval 1, probability 0, space 0, times 0 [ 2144.176057] CPU: 0 PID: 10699 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2144.177529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2144.179268] Call Trace: [ 2144.179827] dump_stack+0x107/0x167 [ 2144.180633] should_fail.cold+0x5/0xa [ 2144.181438] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2144.182498] should_failslab+0x5/0x20 [ 2144.183293] kmem_cache_alloc_trace+0x55/0x320 [ 2144.184277] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2144.185340] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2144.186364] __list_lru_init+0x44d/0x890 [ 2144.187222] alloc_super+0x8b8/0xa90 [ 2144.188036] sget_fc+0x110/0x860 [ 2144.188743] ? set_anon_super+0xc0/0xc0 [ 2144.189572] ? shmem_put_link+0x120/0x120 [ 2144.190433] get_tree_nodev+0x24/0x1d0 [ 2144.191247] vfs_get_tree+0x8e/0x300 [ 2144.192062] path_mount+0x1490/0x21e0 [ 2144.192872] ? strncpy_from_user+0x9e/0x470 11:13:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x2000096c}}, 0x0) [ 2144.193774] ? finish_automount+0xa90/0xa90 [ 2144.194912] ? getname_flags.part.0+0x1dd/0x4f0 [ 2144.195895] __x64_sys_mount+0x282/0x300 [ 2144.196768] ? copy_mnt_ns+0xa00/0xa00 [ 2144.197601] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2144.198694] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2144.199773] do_syscall_64+0x33/0x40 [ 2144.200592] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2144.201661] RIP: 0033:0x7f07d2d5a04a [ 2144.202435] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2144.206305] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2144.207891] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2144.209404] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2144.210889] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2144.212419] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2144.213927] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2144.220273] FAULT_INJECTION: forcing a failure. [ 2144.220273] name failslab, interval 1, probability 0, space 0, times 0 [ 2144.222599] FAULT_INJECTION: forcing a failure. [ 2144.222599] name failslab, interval 1, probability 0, space 0, times 0 [ 2144.222622] CPU: 1 PID: 10700 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2144.222632] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2144.222645] Call Trace: [ 2144.228749] dump_stack+0x107/0x167 [ 2144.229524] should_fail.cold+0x5/0xa [ 2144.230332] ? __alloc_skb+0x6d/0x5b0 [ 2144.231131] should_failslab+0x5/0x20 [ 2144.231946] kmem_cache_alloc_node+0x55/0x330 [ 2144.232890] __alloc_skb+0x6d/0x5b0 [ 2144.233662] alloc_skb_with_frags+0x92/0x570 [ 2144.234582] ? lock_chain_count+0x20/0x20 [ 2144.235465] ? __local_bh_enable_ip+0x9d/0x100 [ 2144.236420] ? trace_hardirqs_on+0x5b/0x180 [ 2144.237331] sock_alloc_send_pskb+0x7af/0x930 [ 2144.238278] ? lock_acquire+0x197/0x470 [ 2144.239121] ? sk_alloc+0x350/0x350 [ 2144.239896] ? __lock_acquire+0x1657/0x5b00 [ 2144.240805] packet_sendmsg+0x189a/0x5370 [ 2144.241692] ? sock_has_perm+0x1ea/0x280 [ 2144.242529] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2144.243626] ? finish_task_switch+0x126/0x5d0 [ 2144.244576] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2144.245590] sock_sendmsg+0x319/0x390 [ 2144.246384] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2144.247380] ? ____sys_sendmsg+0x870/0x870 [ 2144.248266] ? io_schedule_timeout+0x140/0x140 [ 2144.249224] ? iov_iter_kvec+0x3c/0x130 [ 2144.250048] sock_no_sendpage+0x12c/0x1a0 [ 2144.250916] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2144.251867] ? init_special_inode+0x1f0/0x1f0 [ 2144.252829] kernel_sendpage.part.0+0x146/0x290 [ 2144.253791] sock_sendpage+0xe5/0x140 [ 2144.254599] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2144.255625] pipe_to_sendpage+0x2af/0x380 [ 2144.256503] ? propagate_umount+0x1550/0x1550 [ 2144.257437] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2144.258562] __splice_from_pipe+0x43d/0x890 [ 2144.259468] ? propagate_umount+0x1550/0x1550 [ 2144.260425] generic_splice_sendpage+0xd5/0x140 [ 2144.261398] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2144.262327] ? security_file_permission+0xb1/0xe0 [ 2144.263324] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2144.264255] direct_splice_actor+0x10f/0x170 [ 2144.265165] splice_direct_to_actor+0x387/0x980 [ 2144.266144] ? pipe_to_sendpage+0x380/0x380 [ 2144.267037] ? do_splice_to+0x160/0x160 [ 2144.267871] ? security_file_permission+0xb1/0xe0 [ 2144.268888] do_splice_direct+0x1c4/0x290 [ 2144.269750] ? splice_direct_to_actor+0x980/0x980 [ 2144.270749] ? security_file_permission+0xb1/0xe0 [ 2144.271750] do_sendfile+0x553/0x11e0 [ 2144.272571] ? do_pwritev+0x270/0x270 [ 2144.273373] ? wait_for_completion_io+0x270/0x270 [ 2144.274377] ? rcu_read_lock_any_held+0x75/0xa0 [ 2144.275337] ? vfs_write+0x354/0xb10 [ 2144.276117] __x64_sys_sendfile64+0x1d1/0x210 [ 2144.277055] ? __ia32_sys_sendfile+0x220/0x220 [ 2144.278030] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2144.279145] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2144.280251] do_syscall_64+0x33/0x40 [ 2144.281042] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2144.282132] RIP: 0033:0x7f122aa69b19 [ 2144.282925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2144.286842] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2144.288473] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2144.289983] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2144.291492] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2144.293011] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2144.294534] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 [ 2144.296113] CPU: 0 PID: 10702 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2144.298000] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2144.300253] Call Trace: [ 2144.300973] dump_stack+0x107/0x167 [ 2144.301966] should_fail.cold+0x5/0xa [ 2144.303004] ? create_object.isra.0+0x3a/0xa30 [ 2144.304175] should_failslab+0x5/0x20 [ 2144.305013] kmem_cache_alloc+0x5b/0x310 [ 2144.305880] create_object.isra.0+0x3a/0xa30 [ 2144.306819] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2144.307893] kmem_cache_alloc_trace+0x151/0x320 [ 2144.308921] alloc_fs_context+0x57/0x840 [ 2144.309800] path_mount+0xab1/0x21e0 [ 2144.310605] ? strncpy_from_user+0x9e/0x470 [ 2144.311532] ? finish_automount+0xa90/0xa90 [ 2144.312491] ? getname_flags.part.0+0x1dd/0x4f0 [ 2144.313485] ? _copy_from_user+0xfb/0x1b0 [ 2144.314382] __x64_sys_mount+0x282/0x300 [ 2144.315249] ? copy_mnt_ns+0xa00/0xa00 [ 2144.316123] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2144.317244] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2144.318356] do_syscall_64+0x33/0x40 [ 2144.319154] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2144.320282] RIP: 0033:0x7f9990caeb19 [ 2144.321078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2144.325043] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2144.326678] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2144.328232] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2144.329756] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2144.331280] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2144.332837] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:13:06 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001a0001"], 0xec}}, 0x0) 11:13:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x7ffffff9}, 0x0) 11:13:06 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x600000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:06 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0x7ffff000}}, 0x0) 11:13:06 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x2}, 0x0) [ 2144.464898] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:13:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001c0001"], 0xec}}, 0x0) [ 2144.571759] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.5'. [ 2160.307742] FAULT_INJECTION: forcing a failure. [ 2160.307742] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.310221] CPU: 1 PID: 10732 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2160.311661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2160.313374] Call Trace: [ 2160.313919] dump_stack+0x107/0x167 [ 2160.314683] should_fail.cold+0x5/0xa [ 2160.315485] ? create_object.isra.0+0x3a/0xa30 [ 2160.316433] should_failslab+0x5/0x20 [ 2160.317216] kmem_cache_alloc+0x5b/0x310 [ 2160.318063] ? mark_held_locks+0x9e/0xe0 [ 2160.318903] create_object.isra.0+0x3a/0xa30 [ 2160.319809] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2160.320859] kmem_cache_alloc_trace+0x151/0x320 11:13:22 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 94) 11:13:22 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec000000730001"], 0xec}}, 0x0) 11:13:22 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 12) 11:13:22 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 41) dup2(r0, r1) 11:13:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x3}, 0x0) 11:13:22 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x700000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xfffffdef}}, 0x0) [ 2160.321821] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2160.323025] __list_lru_init+0x44d/0x890 [ 2160.323901] alloc_super+0x8b8/0xa90 [ 2160.324687] sget_fc+0x110/0x860 [ 2160.325386] ? set_anon_super+0xc0/0xc0 [ 2160.326207] ? shmem_put_link+0x120/0x120 [ 2160.327055] get_tree_nodev+0x24/0x1d0 [ 2160.327808] FAULT_INJECTION: forcing a failure. [ 2160.327808] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.327860] vfs_get_tree+0x8e/0x300 [ 2160.330893] path_mount+0x1490/0x21e0 [ 2160.331686] ? strncpy_from_user+0x9e/0x470 [ 2160.332581] ? finish_automount+0xa90/0xa90 [ 2160.333468] ? getname_flags.part.0+0x1dd/0x4f0 [ 2160.334433] __x64_sys_mount+0x282/0x300 [ 2160.335267] ? copy_mnt_ns+0xa00/0xa00 [ 2160.336075] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2160.337166] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2160.338241] do_syscall_64+0x33/0x40 [ 2160.339008] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2160.340062] RIP: 0033:0x7f07d2d5a04a [ 2160.340840] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2160.344650] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2160.346214] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2160.347683] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2160.349157] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2160.350624] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2160.352083] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2160.353592] CPU: 0 PID: 10738 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2160.355031] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2160.356765] Call Trace: [ 2160.357308] dump_stack+0x107/0x167 [ 2160.358061] should_fail.cold+0x5/0xa [ 2160.358842] ? legacy_init_fs_context+0x44/0xe0 [ 2160.359802] should_failslab+0x5/0x20 [ 2160.360610] kmem_cache_alloc_trace+0x55/0x320 [ 2160.361550] ? lockdep_init_map_type+0x2c7/0x780 [ 2160.362530] legacy_init_fs_context+0x44/0xe0 [ 2160.363450] ? generic_parse_monolithic+0x1f0/0x1f0 [ 2160.364498] alloc_fs_context+0x4fd/0x840 [ 2160.365357] path_mount+0xab1/0x21e0 [ 2160.366133] ? strncpy_from_user+0x9e/0x470 [ 2160.367030] ? finish_automount+0xa90/0xa90 [ 2160.367919] ? getname_flags.part.0+0x1dd/0x4f0 [ 2160.368906] ? _copy_from_user+0xfb/0x1b0 [ 2160.369618] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=115 sclass=netlink_route_socket pid=10743 comm=syz-executor.5 [ 2160.369763] __x64_sys_mount+0x282/0x300 [ 2160.373067] ? copy_mnt_ns+0xa00/0xa00 [ 2160.373880] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2160.374963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2160.376032] do_syscall_64+0x33/0x40 [ 2160.376834] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2160.377890] RIP: 0033:0x7f9990caeb19 [ 2160.378656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2160.382486] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2160.384037] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2160.385869] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2160.387607] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2160.389202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2160.390648] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2160.397316] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2160.420510] FAULT_INJECTION: forcing a failure. [ 2160.420510] name failslab, interval 1, probability 0, space 0, times 0 [ 2160.422906] CPU: 0 PID: 10739 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2160.424350] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2160.426072] Call Trace: [ 2160.426626] dump_stack+0x107/0x167 [ 2160.427384] should_fail.cold+0x5/0xa [ 2160.428186] ? create_object.isra.0+0x3a/0xa30 [ 2160.429135] should_failslab+0x5/0x20 [ 2160.429935] kmem_cache_alloc+0x5b/0x310 [ 2160.430778] ? lock_acquire+0x197/0x470 [ 2160.431609] create_object.isra.0+0x3a/0xa30 [ 2160.432544] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2160.433610] kmem_cache_alloc+0x159/0x310 [ 2160.434471] skb_clone+0x14f/0x3d0 [ 2160.435213] dev_queue_xmit_nit+0x3a7/0xb00 [ 2160.436130] dev_hard_start_xmit+0xab/0x6f0 [ 2160.437036] __dev_queue_xmit+0x179a/0x2690 [ 2160.437936] ? packet_parse_headers+0x42f/0x980 [ 2160.438915] ? netdev_core_pick_tx+0x2f0/0x2f0 [ 2160.439866] ? __check_object_size+0x319/0x440 [ 2160.440828] ? tpacket_destruct_skb+0x6d0/0x6d0 [ 2160.441789] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2160.442897] packet_sendmsg+0x31f4/0x5370 [ 2160.443771] ? sock_has_perm+0x1ea/0x280 [ 2160.444631] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2160.445708] ? finish_task_switch+0x126/0x5d0 [ 2160.446637] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2160.447641] sock_sendmsg+0x319/0x390 [ 2160.448439] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2160.449425] ? ____sys_sendmsg+0x870/0x870 [ 2160.450322] ? io_schedule_timeout+0x140/0x140 [ 2160.451280] ? iov_iter_kvec+0x3c/0x130 [ 2160.452127] sock_no_sendpage+0x12c/0x1a0 [ 2160.452987] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2160.453950] ? init_special_inode+0x1f0/0x1f0 [ 2160.454896] kernel_sendpage.part.0+0x146/0x290 [ 2160.455871] sock_sendpage+0xe5/0x140 [ 2160.456678] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2160.457709] pipe_to_sendpage+0x2af/0x380 [ 2160.458581] ? propagate_umount+0x1550/0x1550 [ 2160.459527] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2160.460666] __splice_from_pipe+0x43d/0x890 [ 2160.461571] ? propagate_umount+0x1550/0x1550 [ 2160.462509] generic_splice_sendpage+0xd5/0x140 [ 2160.463473] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2160.464407] ? security_file_permission+0xb1/0xe0 [ 2160.465416] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2160.466328] direct_splice_actor+0x10f/0x170 [ 2160.467248] splice_direct_to_actor+0x387/0x980 [ 2160.468229] ? pipe_to_sendpage+0x380/0x380 [ 2160.469133] ? do_splice_to+0x160/0x160 [ 2160.469973] ? security_file_permission+0xb1/0xe0 [ 2160.470986] do_splice_direct+0x1c4/0x290 [ 2160.471846] ? splice_direct_to_actor+0x980/0x980 [ 2160.472867] ? security_file_permission+0xb1/0xe0 [ 2160.473874] do_sendfile+0x553/0x11e0 [ 2160.474685] ? do_pwritev+0x270/0x270 [ 2160.475478] ? wait_for_completion_io+0x270/0x270 [ 2160.476496] ? rcu_read_lock_any_held+0x75/0xa0 [ 2160.477465] ? vfs_write+0x354/0xb10 [ 2160.478246] __x64_sys_sendfile64+0x1d1/0x210 [ 2160.479180] ? __ia32_sys_sendfile+0x220/0x220 [ 2160.480145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2160.481242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2160.482319] do_syscall_64+0x33/0x40 [ 2160.483093] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2160.484173] RIP: 0033:0x7f122aa69b19 [ 2160.484496] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=797 sclass=netlink_route_socket pid=10749 comm=syz-executor.5 [ 2160.484955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2160.491258] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2160.492856] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2160.494337] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2160.495814] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2160.497308] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2160.498793] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:13:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x8}, 0x0) 11:13:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0300"], 0xec}}, 0x0) 11:13:22 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x600000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4}, 0x0) 11:13:22 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x800000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:22 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x3d}, 0x0) [ 2160.552243] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:13:22 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0400"], 0xec}}, 0x0) 11:13:22 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x5}, 0x0) [ 2160.628528] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1053 sclass=netlink_route_socket pid=10759 comm=syz-executor.5 [ 2160.640439] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:13:36 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 42) dup2(r0, r1) 11:13:36 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x900000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:36 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x700000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x300}, 0x0) 11:13:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0201"], 0xec}}, 0x0) 11:13:36 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 95) [ 2174.471264] FAULT_INJECTION: forcing a failure. [ 2174.471264] name failslab, interval 1, probability 0, space 0, times 0 [ 2174.473686] CPU: 1 PID: 10779 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2174.475131] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2174.475244] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=541 sclass=netlink_route_socket pid=10776 comm=syz-executor.5 [ 2174.476861] Call Trace: [ 2174.476889] dump_stack+0x107/0x167 [ 2174.476912] should_fail.cold+0x5/0xa [ 2174.476935] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2174.476952] should_failslab+0x5/0x20 [ 2174.476972] kmem_cache_alloc_trace+0x55/0x320 [ 2174.476999] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2174.485554] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2174.486579] __list_lru_init+0x44d/0x890 [ 2174.487432] alloc_super+0x8b8/0xa90 11:13:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6}, 0x0) 11:13:36 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 13) [ 2174.488213] sget_fc+0x110/0x860 [ 2174.489126] ? set_anon_super+0xc0/0xc0 [ 2174.489967] ? shmem_put_link+0x120/0x120 [ 2174.490826] get_tree_nodev+0x24/0x1d0 [ 2174.491645] vfs_get_tree+0x8e/0x300 [ 2174.492436] path_mount+0x1490/0x21e0 [ 2174.493233] ? strncpy_from_user+0x9e/0x470 [ 2174.494137] ? finish_automount+0xa90/0xa90 [ 2174.495034] ? getname_flags.part.0+0x1dd/0x4f0 [ 2174.496018] __x64_sys_mount+0x282/0x300 [ 2174.496880] ? copy_mnt_ns+0xa00/0xa00 [ 2174.497706] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2174.498815] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2174.499901] do_syscall_64+0x33/0x40 [ 2174.500693] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2174.501774] RIP: 0033:0x7f07d2d5a04a [ 2174.502558] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2174.502860] FAULT_INJECTION: forcing a failure. [ 2174.502860] name failslab, interval 1, probability 0, space 0, times 0 [ 2174.506440] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2174.506460] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2174.506472] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2174.506484] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2174.506495] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2174.506517] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2174.518072] CPU: 0 PID: 10784 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2174.519645] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2174.521530] Call Trace: [ 2174.522133] dump_stack+0x107/0x167 [ 2174.522963] should_fail.cold+0x5/0xa [ 2174.523837] ? create_object.isra.0+0x3a/0xa30 [ 2174.524885] should_failslab+0x5/0x20 [ 2174.525751] kmem_cache_alloc+0x5b/0x310 [ 2174.526210] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2174.526674] create_object.isra.0+0x3a/0xa30 [ 2174.529447] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2174.530603] kmem_cache_alloc_trace+0x151/0x320 [ 2174.531658] ? lockdep_init_map_type+0x2c7/0x780 [ 2174.532740] legacy_init_fs_context+0x44/0xe0 [ 2174.533750] ? generic_parse_monolithic+0x1f0/0x1f0 [ 2174.534876] alloc_fs_context+0x4fd/0x840 [ 2174.535817] path_mount+0xab1/0x21e0 [ 2174.536677] ? strncpy_from_user+0x9e/0x470 [ 2174.537651] ? finish_automount+0xa90/0xa90 [ 2174.538627] ? getname_flags.part.0+0x1dd/0x4f0 [ 2174.539683] ? _copy_from_user+0xfb/0x1b0 [ 2174.540637] __x64_sys_mount+0x282/0x300 [ 2174.541556] ? copy_mnt_ns+0xa00/0xa00 [ 2174.542447] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2174.543634] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2174.544813] do_syscall_64+0x33/0x40 [ 2174.545657] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2174.546813] RIP: 0033:0x7f9990caeb19 [ 2174.547660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2174.551830] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2174.553571] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2174.555199] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2174.556833] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2174.558443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2174.560059] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2174.574681] FAULT_INJECTION: forcing a failure. [ 2174.574681] name failslab, interval 1, probability 0, space 0, times 0 [ 2174.577264] CPU: 0 PID: 10783 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2174.578829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2174.580717] Call Trace: [ 2174.581318] dump_stack+0x107/0x167 [ 2174.582145] should_fail.cold+0x5/0xa [ 2174.583018] should_failslab+0x5/0x20 [ 2174.583882] __kmalloc_node_track_caller+0x74/0x3b0 [ 2174.585026] ? alloc_skb_with_frags+0x92/0x570 [ 2174.586068] __alloc_skb+0xb1/0x5b0 [ 2174.586905] alloc_skb_with_frags+0x92/0x570 [ 2174.587913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2174.589115] ? __local_bh_enable_ip+0x9d/0x100 [ 2174.590152] ? trace_hardirqs_on+0x5b/0x180 [ 2174.591136] sock_alloc_send_pskb+0x7af/0x930 [ 2174.592201] ? lock_acquire+0x197/0x470 [ 2174.593156] ? sk_alloc+0x350/0x350 [ 2174.593987] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2174.595183] packet_sendmsg+0x189a/0x5370 [ 2174.596134] ? sock_has_perm+0x1ea/0x280 [ 2174.597062] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2174.598232] ? finish_task_switch+0x126/0x5d0 [ 2174.599252] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2174.600360] sock_sendmsg+0x319/0x390 [ 2174.601220] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2174.602290] ? ____sys_sendmsg+0x870/0x870 [ 2174.603259] ? io_schedule_timeout+0x140/0x140 [ 2174.604304] ? iov_iter_kvec+0x3c/0x130 [ 2174.605211] sock_no_sendpage+0x12c/0x1a0 [ 2174.606150] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2174.607197] ? init_special_inode+0x1f0/0x1f0 [ 2174.608229] kernel_sendpage.part.0+0x146/0x290 [ 2174.609309] sock_sendpage+0xe5/0x140 [ 2174.610177] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2174.611306] pipe_to_sendpage+0x2af/0x380 [ 2174.612246] ? propagate_umount+0x1550/0x1550 [ 2174.613266] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2174.614474] __splice_from_pipe+0x43d/0x890 [ 2174.615454] ? propagate_umount+0x1550/0x1550 [ 2174.616490] generic_splice_sendpage+0xd5/0x140 [ 2174.617545] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2174.618555] ? security_file_permission+0xb1/0xe0 [ 2174.619652] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2174.620662] direct_splice_actor+0x10f/0x170 [ 2174.621657] splice_direct_to_actor+0x387/0x980 [ 2174.622711] ? pipe_to_sendpage+0x380/0x380 [ 2174.623692] ? do_splice_to+0x160/0x160 [ 2174.624601] ? security_file_permission+0xb1/0xe0 [ 2174.625697] do_splice_direct+0x1c4/0x290 [ 2174.626635] ? splice_direct_to_actor+0x980/0x980 [ 2174.627736] ? security_file_permission+0xb1/0xe0 [ 2174.628852] do_sendfile+0x553/0x11e0 [ 2174.629725] ? do_pwritev+0x270/0x270 [ 2174.630586] ? wait_for_completion_io+0x270/0x270 [ 2174.631679] ? rcu_read_lock_any_held+0x75/0xa0 [ 2174.632737] ? vfs_write+0x354/0xb10 [ 2174.633592] __x64_sys_sendfile64+0x1d1/0x210 [ 2174.634611] ? __ia32_sys_sendfile+0x220/0x220 [ 2174.635648] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2174.636860] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2174.638026] do_syscall_64+0x33/0x40 [ 2174.638876] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2174.640034] RIP: 0033:0x7f122aa69b19 [ 2174.640885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2174.645081] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2174.646809] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2174.648446] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2174.650064] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2174.651682] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2174.653305] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:13:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0301"], 0xec}}, 0x0) 11:13:36 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x800000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0xc002}, 0x0) [ 2174.673328] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=797 sclass=netlink_route_socket pid=10790 comm=syz-executor.5 11:13:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7}, 0x0) 11:13:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x80000}, 0x0) [ 2174.705889] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:13:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0f01"], 0xec}}, 0x0) 11:13:36 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x8}, 0x0) [ 2174.791952] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=3869 sclass=netlink_route_socket pid=10798 comm=syz-executor.5 [ 2174.817610] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:13:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x2}, 0x0) 11:13:49 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x900000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:49 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 96) 11:13:49 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 14) 11:13:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 43) dup2(r0, r1) [ 2188.078723] FAULT_INJECTION: forcing a failure. [ 2188.078723] name failslab, interval 1, probability 0, space 0, times 0 [ 2188.080819] CPU: 0 PID: 10815 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2188.081795] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2188.082961] Call Trace: [ 2188.083346] dump_stack+0x107/0x167 [ 2188.083862] should_fail.cold+0x5/0xa [ 2188.084402] ? create_object.isra.0+0x3a/0xa30 [ 2188.085057] should_failslab+0x5/0x20 [ 2188.085602] kmem_cache_alloc+0x5b/0x310 [ 2188.086180] ? mark_held_locks+0x9e/0xe0 [ 2188.086763] create_object.isra.0+0x3a/0xa30 11:13:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001dc002"], 0xec}}, 0x0) 11:13:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x9}, 0x0) 11:13:49 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2188.087392] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2188.088239] kmem_cache_alloc_trace+0x151/0x320 [ 2188.088848] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2188.089412] __list_lru_init+0x44d/0x890 [ 2188.089880] alloc_super+0x8b8/0xa90 [ 2188.090307] sget_fc+0x110/0x860 [ 2188.090692] ? set_anon_super+0xc0/0xc0 [ 2188.091152] ? shmem_put_link+0x120/0x120 [ 2188.091624] get_tree_nodev+0x24/0x1d0 [ 2188.092068] vfs_get_tree+0x8e/0x300 [ 2188.092499] path_mount+0x1490/0x21e0 [ 2188.092940] ? strncpy_from_user+0x9e/0x470 [ 2188.093430] ? finish_automount+0xa90/0xa90 [ 2188.093923] ? getname_flags.part.0+0x1dd/0x4f0 [ 2188.094456] __x64_sys_mount+0x282/0x300 [ 2188.094919] ? copy_mnt_ns+0xa00/0xa00 [ 2188.095361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2188.095955] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2188.096549] do_syscall_64+0x33/0x40 [ 2188.096975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2188.097557] RIP: 0033:0x7f07d2d5a04a [ 2188.097979] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2188.100064] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2188.100942] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2188.101753] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2188.102565] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2188.103370] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2188.104179] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2188.111245] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=49181 sclass=netlink_route_socket pid=10820 comm=syz-executor.5 [ 2188.112819] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2188.126588] FAULT_INJECTION: forcing a failure. [ 2188.126588] name failslab, interval 1, probability 0, space 0, times 0 [ 2188.128420] CPU: 0 PID: 10825 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2188.129532] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2188.130839] Call Trace: [ 2188.131256] dump_stack+0x107/0x167 [ 2188.131824] should_fail.cold+0x5/0xa [ 2188.132423] ? v9fs_mount+0x5a/0x8f0 [ 2188.132975] should_failslab+0x5/0x20 [ 2188.133411] kmem_cache_alloc_trace+0x55/0x320 [ 2188.133931] ? v9fs_write_inode+0x60/0x60 [ 2188.134390] v9fs_mount+0x5a/0x8f0 [ 2188.134784] ? v9fs_write_inode+0x60/0x60 [ 2188.135254] legacy_get_tree+0x105/0x220 [ 2188.135717] vfs_get_tree+0x8e/0x300 [ 2188.136140] path_mount+0x1490/0x21e0 [ 2188.136586] ? strncpy_from_user+0x9e/0x470 [ 2188.137074] ? finish_automount+0xa90/0xa90 [ 2188.137567] ? getname_flags.part.0+0x1dd/0x4f0 [ 2188.138101] ? _copy_from_user+0xfb/0x1b0 [ 2188.138577] __x64_sys_mount+0x282/0x300 [ 2188.139037] ? copy_mnt_ns+0xa00/0xa00 [ 2188.139483] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2188.140075] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2188.140676] do_syscall_64+0x33/0x40 [ 2188.141106] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2188.141689] RIP: 0033:0x7f9990caeb19 [ 2188.142111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2188.144209] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2188.145085] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2188.145891] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2188.146701] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2188.147520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2188.148331] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2188.165383] FAULT_INJECTION: forcing a failure. [ 2188.165383] name failslab, interval 1, probability 0, space 0, times 0 [ 2188.166704] CPU: 0 PID: 10826 Comm: syz-executor.0 Not tainted 5.10.247 #1 [ 2188.167491] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2188.168443] Call Trace: [ 2188.168747] dump_stack+0x107/0x167 [ 2188.169159] should_fail.cold+0x5/0xa [ 2188.169591] ? create_object.isra.0+0x3a/0xa30 [ 2188.170111] should_failslab+0x5/0x20 [ 2188.170543] kmem_cache_alloc+0x5b/0x310 [ 2188.171007] create_object.isra.0+0x3a/0xa30 [ 2188.171509] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 11:13:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d003d"], 0xec}}, 0x0) [ 2188.172092] kmem_cache_alloc_node+0x169/0x330 [ 2188.172803] __alloc_skb+0x6d/0x5b0 [ 2188.173222] alloc_skb_with_frags+0x92/0x570 [ 2188.173726] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2188.174320] ? __local_bh_enable_ip+0x9d/0x100 [ 2188.174833] ? trace_hardirqs_on+0x5b/0x180 [ 2188.175322] sock_alloc_send_pskb+0x7af/0x930 [ 2188.175831] ? lock_acquire+0x197/0x470 [ 2188.176287] ? sk_alloc+0x350/0x350 [ 2188.176715] ? skb_copy_datagram_from_iter+0x471/0x6c0 [ 2188.177318] packet_sendmsg+0x189a/0x5370 [ 2188.177794] ? sock_has_perm+0x1ea/0x280 [ 2188.178255] ? selinux_socket_post_create+0x7f0/0x7f0 [ 2188.178835] ? finish_task_switch+0x126/0x5d0 [ 2188.179348] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2188.179894] sock_sendmsg+0x319/0x390 [ 2188.180324] ? packet_cached_dev_get+0x2c0/0x2c0 [ 2188.180869] ? ____sys_sendmsg+0x870/0x870 [ 2188.181351] ? io_schedule_timeout+0x140/0x140 [ 2188.181869] ? iov_iter_kvec+0x3c/0x130 [ 2188.182323] sock_no_sendpage+0x12c/0x1a0 [ 2188.182790] ? sk_page_frag_refill+0x1d0/0x1d0 [ 2188.183317] ? init_special_inode+0x1f0/0x1f0 [ 2188.183829] kernel_sendpage.part.0+0x146/0x290 [ 2188.184359] sock_sendpage+0xe5/0x140 [ 2188.184802] ? __sock_recv_ts_and_drops+0x430/0x430 [ 2188.185366] pipe_to_sendpage+0x2af/0x380 [ 2188.185835] ? propagate_umount+0x1550/0x1550 [ 2188.186340] ? splice_from_pipe_next.part.0+0x166/0x520 [ 2188.186949] __splice_from_pipe+0x43d/0x890 [ 2188.187440] ? propagate_umount+0x1550/0x1550 [ 2188.187951] generic_splice_sendpage+0xd5/0x140 [ 2188.188486] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2188.188988] ? security_file_permission+0xb1/0xe0 [ 2188.189533] ? __do_sys_vmsplice+0x8d0/0x8d0 [ 2188.190039] direct_splice_actor+0x10f/0x170 [ 2188.190541] splice_direct_to_actor+0x387/0x980 [ 2188.191073] ? pipe_to_sendpage+0x380/0x380 [ 2188.191566] ? do_splice_to+0x160/0x160 [ 2188.192020] ? security_file_permission+0xb1/0xe0 [ 2188.192581] do_splice_direct+0x1c4/0x290 [ 2188.193050] ? splice_direct_to_actor+0x980/0x980 [ 2188.193602] ? security_file_permission+0xb1/0xe0 [ 2188.194160] do_sendfile+0x553/0x11e0 [ 2188.194599] ? do_pwritev+0x270/0x270 [ 2188.195029] ? wait_for_completion_io+0x270/0x270 [ 2188.195576] ? rcu_read_lock_any_held+0x75/0xa0 [ 2188.196102] ? vfs_write+0x354/0xb10 [ 2188.196532] __x64_sys_sendfile64+0x1d1/0x210 [ 2188.197040] ? __ia32_sys_sendfile+0x220/0x220 [ 2188.197565] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2188.198165] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2188.198753] do_syscall_64+0x33/0x40 [ 2188.199180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2188.199767] RIP: 0033:0x7f122aa69b19 [ 2188.200191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2188.202274] RSP: 002b:00007f1227fdf188 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2188.203135] RAX: ffffffffffffffda RBX: 00007f122ab7cf60 RCX: 00007f122aa69b19 [ 2188.203940] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 2188.204752] RBP: 00007f1227fdf1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2188.205559] R10: 0000000500000001 R11: 0000000000000246 R12: 0000000000000002 [ 2188.206365] R13: 00007ffc5d59e67f R14: 00007f1227fdf300 R15: 0000000000022000 11:13:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xa}, 0x0) 11:13:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x8}, 0x0) 11:13:50 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 15) [ 2188.243557] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2188.245069] FAULT_INJECTION: forcing a failure. [ 2188.245069] name failslab, interval 1, probability 0, space 0, times 0 [ 2188.246359] CPU: 0 PID: 10831 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2188.247146] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2188.248085] Call Trace: [ 2188.248388] dump_stack+0x107/0x167 [ 2188.248813] should_fail.cold+0x5/0xa [ 2188.249246] ? create_object.isra.0+0x3a/0xa30 [ 2188.249762] should_failslab+0x5/0x20 [ 2188.250191] kmem_cache_alloc+0x5b/0x310 [ 2188.250652] ? cred_has_capability.isra.0+0x152/0x2b0 [ 2188.251235] create_object.isra.0+0x3a/0xa30 [ 2188.251731] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2188.252311] kmem_cache_alloc_trace+0x151/0x320 [ 2188.252853] ? v9fs_write_inode+0x60/0x60 [ 2188.253333] v9fs_mount+0x5a/0x8f0 [ 2188.253744] ? v9fs_write_inode+0x60/0x60 [ 2188.254212] legacy_get_tree+0x105/0x220 [ 2188.254674] vfs_get_tree+0x8e/0x300 [ 2188.255093] path_mount+0x1490/0x21e0 [ 2188.255526] ? strncpy_from_user+0x9e/0x470 [ 2188.256017] ? finish_automount+0xa90/0xa90 [ 2188.256514] ? getname_flags.part.0+0x1dd/0x4f0 [ 2188.257041] ? _copy_from_user+0xfb/0x1b0 [ 2188.257519] __x64_sys_mount+0x282/0x300 [ 2188.257978] ? copy_mnt_ns+0xa00/0xa00 [ 2188.258425] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2188.259021] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2188.259612] do_syscall_64+0x33/0x40 [ 2188.260033] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2188.260623] RIP: 0033:0x7f9990caeb19 [ 2188.261048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2188.263153] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2188.264017] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2188.264838] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2188.265652] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2188.266463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2188.267279] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:13:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xd00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:13:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf}, 0x0) 11:13:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2188.310006] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:14:05 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0002"], 0xec}}, 0x0) 11:14:05 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) (fail_nth: 44) dup2(r0, r1) 11:14:05 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 97) 11:14:05 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x48}, 0x0) 11:14:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:05 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 16) 11:14:05 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf}, 0x0) [ 2203.141544] FAULT_INJECTION: forcing a failure. [ 2203.141544] name failslab, interval 1, probability 0, space 0, times 0 [ 2203.144181] CPU: 1 PID: 10860 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2203.145653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2203.146438] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2203.147395] Call Trace: [ 2203.147422] dump_stack+0x107/0x167 [ 2203.147452] should_fail.cold+0x5/0xa [ 2203.151358] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2203.152422] should_failslab+0x5/0x20 [ 2203.153250] kmem_cache_alloc_trace+0x55/0x320 [ 2203.154203] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2203.155273] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2203.156304] __list_lru_init+0x44d/0x890 [ 2203.157171] alloc_super+0x8b8/0xa90 [ 2203.157957] sget_fc+0x110/0x860 [ 2203.158669] ? set_anon_super+0xc0/0xc0 [ 2203.159512] ? shmem_put_link+0x120/0x120 [ 2203.160381] get_tree_nodev+0x24/0x1d0 [ 2203.161202] vfs_get_tree+0x8e/0x300 [ 2203.161986] path_mount+0x1490/0x21e0 [ 2203.162806] ? strncpy_from_user+0x9e/0x470 [ 2203.163710] ? finish_automount+0xa90/0xa90 [ 2203.164625] ? getname_flags.part.0+0x1dd/0x4f0 [ 2203.165622] __x64_sys_mount+0x282/0x300 [ 2203.166477] ? copy_mnt_ns+0xa00/0xa00 [ 2203.167298] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2203.168414] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2203.169507] do_syscall_64+0x33/0x40 [ 2203.170285] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2203.171364] RIP: 0033:0x7f07d2d5a04a [ 2203.172146] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2203.176023] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2203.177632] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2203.179123] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2203.180675] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2203.182166] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2203.183663] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2203.187100] FAULT_INJECTION: forcing a failure. [ 2203.187100] name failslab, interval 1, probability 0, space 0, times 0 [ 2203.189547] CPU: 1 PID: 10864 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2203.190990] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2203.192733] Call Trace: [ 2203.193287] dump_stack+0x107/0x167 [ 2203.194050] should_fail.cold+0x5/0xa [ 2203.194845] should_failslab+0x5/0x20 [ 2203.195640] __kmalloc_track_caller+0x79/0x370 [ 2203.196594] ? v9fs_session_init+0xa7/0x1680 [ 2203.197523] ? kernel_text_address+0xf2/0x120 [ 2203.198462] kstrdup+0x36/0x70 [ 2203.199139] v9fs_session_init+0xa7/0x1680 [ 2203.200040] ? lock_release+0x680/0x680 [ 2203.200881] ? find_held_lock+0x2c/0x110 [ 2203.201738] ? kmem_cache_alloc_trace+0x151/0x320 [ 2203.202746] ? v9fs_show_options+0x690/0x690 [ 2203.203682] ? trace_hardirqs_on+0x5b/0x180 [ 2203.204584] ? kasan_unpoison_shadow+0x33/0x50 [ 2203.205545] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2203.206618] v9fs_mount+0x79/0x8f0 [ 2203.207367] ? v9fs_write_inode+0x60/0x60 [ 2203.208235] legacy_get_tree+0x105/0x220 [ 2203.209098] vfs_get_tree+0x8e/0x300 [ 2203.209890] path_mount+0x1490/0x21e0 [ 2203.210701] ? strncpy_from_user+0x9e/0x470 [ 2203.211603] ? finish_automount+0xa90/0xa90 [ 2203.212515] ? getname_flags.part.0+0x1dd/0x4f0 [ 2203.213503] ? _copy_from_user+0xfb/0x1b0 [ 2203.214376] __x64_sys_mount+0x282/0x300 [ 2203.215223] ? copy_mnt_ns+0xa00/0xa00 [ 2203.216039] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2203.217156] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2203.218234] do_syscall_64+0x33/0x40 [ 2203.219011] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2203.220090] RIP: 0033:0x7f9990caeb19 [ 2203.220882] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2203.224761] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2203.226349] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2203.227846] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2203.229352] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2203.230850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2203.232346] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:14:05 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4c}, 0x0) 11:14:05 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1800000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:05 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1800000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2203.282004] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:14:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 17) 11:14:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0008"], 0xec}}, 0x0) 11:14:18 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) [ 2216.850616] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:14:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:18 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x68}, 0x0) 11:14:18 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 98) 11:14:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xcf}, 0x0) [ 2216.861793] FAULT_INJECTION: forcing a failure. [ 2216.861793] name failslab, interval 1, probability 0, space 0, times 0 [ 2216.864328] CPU: 0 PID: 10881 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2216.865484] FAULT_INJECTION: forcing a failure. [ 2216.865484] name failslab, interval 1, probability 0, space 0, times 0 [ 2216.865824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2216.865839] Call Trace: [ 2216.870526] dump_stack+0x107/0x167 [ 2216.871302] should_fail.cold+0x5/0xa [ 2216.872144] ? create_object.isra.0+0x3a/0xa30 [ 2216.873158] should_failslab+0x5/0x20 [ 2216.873988] kmem_cache_alloc+0x5b/0x310 [ 2216.874856] create_object.isra.0+0x3a/0xa30 [ 2216.875788] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2216.876888] __kmalloc_track_caller+0x177/0x370 [ 2216.877872] ? v9fs_session_init+0xa7/0x1680 [ 2216.878808] ? kernel_text_address+0xf2/0x120 [ 2216.879759] kstrdup+0x36/0x70 [ 2216.880443] v9fs_session_init+0xa7/0x1680 [ 2216.881350] ? lock_release+0x680/0x680 [ 2216.882194] ? find_held_lock+0x2c/0x110 [ 2216.883064] ? kmem_cache_alloc_trace+0x151/0x320 [ 2216.884096] ? v9fs_show_options+0x690/0x690 [ 2216.885051] ? trace_hardirqs_on+0x5b/0x180 [ 2216.885979] ? kasan_unpoison_shadow+0x33/0x50 [ 2216.886967] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2216.888055] v9fs_mount+0x79/0x8f0 [ 2216.888823] ? v9fs_write_inode+0x60/0x60 [ 2216.889698] legacy_get_tree+0x105/0x220 [ 2216.890567] vfs_get_tree+0x8e/0x300 [ 2216.891363] path_mount+0x1490/0x21e0 [ 2216.892181] ? strncpy_from_user+0x9e/0x470 [ 2216.893100] ? finish_automount+0xa90/0xa90 [ 2216.894014] ? getname_flags.part.0+0x1dd/0x4f0 [ 2216.895006] ? _copy_from_user+0xfb/0x1b0 [ 2216.895904] __x64_sys_mount+0x282/0x300 [ 2216.896786] ? copy_mnt_ns+0xa00/0xa00 [ 2216.897632] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2216.898755] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2216.899865] do_syscall_64+0x33/0x40 [ 2216.900668] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2216.901779] RIP: 0033:0x7f9990caeb19 [ 2216.902576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2216.906529] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2216.908159] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2216.909687] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2216.911205] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2216.912728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2216.914261] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2216.915818] CPU: 1 PID: 10891 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2216.917665] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2216.919439] Call Trace: [ 2216.920016] dump_stack+0x107/0x167 [ 2216.920817] should_fail.cold+0x5/0xa [ 2216.921640] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2216.922732] should_failslab+0x5/0x20 [ 2216.923549] kmem_cache_alloc_trace+0x55/0x320 [ 2216.924525] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2216.925623] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2216.926675] __list_lru_init+0x44d/0x890 [ 2216.927550] alloc_super+0x8b8/0xa90 [ 2216.928351] sget_fc+0x110/0x860 [ 2216.929090] ? set_anon_super+0xc0/0xc0 [ 2216.929944] ? shmem_put_link+0x120/0x120 [ 2216.930831] get_tree_nodev+0x24/0x1d0 [ 2216.931664] vfs_get_tree+0x8e/0x300 [ 2216.932467] path_mount+0x1490/0x21e0 [ 2216.933306] ? strncpy_from_user+0x9e/0x470 [ 2216.934226] ? finish_automount+0xa90/0xa90 [ 2216.935149] ? getname_flags.part.0+0x1dd/0x4f0 [ 2216.936155] __x64_sys_mount+0x282/0x300 [ 2216.937035] ? copy_mnt_ns+0xa00/0xa00 [ 2216.937877] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2216.939002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2216.940106] do_syscall_64+0x33/0x40 [ 2216.940917] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2216.942013] RIP: 0033:0x7f07d2d5a04a [ 2216.942811] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2216.946765] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2216.948401] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2216.949946] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2216.951474] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2216.953008] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2216.954533] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 [ 2233.000206] FAULT_INJECTION: forcing a failure. [ 2233.000206] name failslab, interval 1, probability 0, space 0, times 0 [ 2233.001963] CPU: 1 PID: 10909 Comm: syz-executor.6 Not tainted 5.10.247 #1 11:14:34 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf0}, 0x0) 11:14:34 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2010000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:34 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 18) 11:14:34 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000002) dup2(r0, r1) 11:14:34 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d003d"], 0xec}}, 0x0) [ 2233.002947] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2233.004362] Call Trace: [ 2233.004751] dump_stack+0x107/0x167 [ 2233.005302] should_fail.cold+0x5/0xa [ 2233.005854] should_failslab+0x5/0x20 [ 2233.006391] __kmalloc_track_caller+0x79/0x370 [ 2233.007053] ? v9fs_session_init+0xe9/0x1680 [ 2233.007682] ? kernel_text_address+0xf2/0x120 [ 2233.008313] kstrdup+0x36/0x70 [ 2233.008786] v9fs_session_init+0xe9/0x1680 [ 2233.009430] ? lock_release+0x680/0x680 [ 2233.010025] ? find_held_lock+0x2c/0x110 [ 2233.010622] ? kmem_cache_alloc_trace+0x151/0x320 [ 2233.011332] ? v9fs_show_options+0x690/0x690 [ 2233.011978] ? trace_hardirqs_on+0x5b/0x180 [ 2233.012612] ? kasan_unpoison_shadow+0x33/0x50 11:14:34 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2010000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:34 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 99) 11:14:34 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6c}, 0x0) [ 2233.013293] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2233.013906] FAULT_INJECTION: forcing a failure. [ 2233.013906] name failslab, interval 1, probability 0, space 0, times 0 [ 2233.014112] v9fs_mount+0x79/0x8f0 [ 2233.014128] ? v9fs_write_inode+0x60/0x60 [ 2233.016515] legacy_get_tree+0x105/0x220 [ 2233.017284] vfs_get_tree+0x8e/0x300 [ 2233.018210] path_mount+0x1490/0x21e0 [ 2233.019186] ? strncpy_from_user+0x9e/0x470 [ 2233.020284] ? finish_automount+0xa90/0xa90 [ 2233.021390] ? getname_flags.part.0+0x1dd/0x4f0 [ 2233.022563] ? _copy_from_user+0xfb/0x1b0 [ 2233.023616] __x64_sys_mount+0x282/0x300 [ 2233.024623] ? copy_mnt_ns+0xa00/0xa00 [ 2233.025612] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2233.026922] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2233.028197] do_syscall_64+0x33/0x40 [ 2233.029148] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2233.030427] RIP: 0033:0x7f9990caeb19 [ 2233.031344] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.035927] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2233.037816] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2233.039564] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2233.041341] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2233.043089] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2233.044851] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2233.046644] CPU: 0 PID: 10912 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2233.047454] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2233.048409] Call Trace: [ 2233.048718] dump_stack+0x107/0x167 [ 2233.049146] should_fail.cold+0x5/0xa [ 2233.049598] ? __memcg_init_list_lru_node+0x7f/0x1e0 [ 2233.050189] should_failslab+0x5/0x20 [ 2233.050628] kmem_cache_alloc_trace+0x55/0x320 [ 2233.051156] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2233.051756] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2233.052323] __list_lru_init+0x44d/0x890 [ 2233.052795] alloc_super+0x8b8/0xa90 [ 2233.053240] sget_fc+0x110/0x860 [ 2233.053633] ? set_anon_super+0xc0/0xc0 [ 2233.054096] ? shmem_put_link+0x120/0x120 [ 2233.054579] get_tree_nodev+0x24/0x1d0 [ 2233.055039] vfs_get_tree+0x8e/0x300 [ 2233.055465] path_mount+0x1490/0x21e0 [ 2233.055918] ? strncpy_from_user+0x9e/0x470 [ 2233.056431] ? finish_automount+0xa90/0xa90 [ 2233.056927] ? getname_flags.part.0+0x1dd/0x4f0 [ 2233.057497] __x64_sys_mount+0x282/0x300 [ 2233.057972] ? copy_mnt_ns+0xa00/0xa00 [ 2233.058428] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2233.059027] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2233.059631] do_syscall_64+0x33/0x40 [ 2233.060063] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2233.060645] RIP: 0033:0x7f07d2d5a04a [ 2233.061129] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.061666] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2233.063271] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2233.063283] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2233.063289] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2233.063296] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2233.063302] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2233.063316] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:14:35 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) (fail_nth: 100) 11:14:35 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000003) dup2(r0, r1) [ 2233.123866] FAULT_INJECTION: forcing a failure. [ 2233.123866] name failslab, interval 1, probability 0, space 0, times 0 [ 2233.125299] CPU: 0 PID: 10922 Comm: syz-executor.3 Not tainted 5.10.247 #1 [ 2233.126097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2233.127047] Call Trace: [ 2233.127360] dump_stack+0x107/0x167 [ 2233.127784] should_fail.cold+0x5/0xa [ 2233.128234] ? create_object.isra.0+0x3a/0xa30 [ 2233.128757] should_failslab+0x5/0x20 [ 2233.129207] kmem_cache_alloc+0x5b/0x310 [ 2233.129680] create_object.isra.0+0x3a/0xa30 [ 2233.130185] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2233.130776] kmem_cache_alloc_trace+0x151/0x320 [ 2233.131319] __memcg_init_list_lru_node+0x7f/0x1e0 [ 2233.131891] __list_lru_init+0x44d/0x890 [ 2233.132363] alloc_super+0x8b8/0xa90 [ 2233.132796] sget_fc+0x110/0x860 [ 2233.133195] ? set_anon_super+0xc0/0xc0 [ 2233.133660] ? shmem_put_link+0x120/0x120 [ 2233.134138] get_tree_nodev+0x24/0x1d0 [ 2233.134586] vfs_get_tree+0x8e/0x300 [ 2233.135018] path_mount+0x1490/0x21e0 [ 2233.135465] ? strncpy_from_user+0x9e/0x470 [ 2233.135963] ? finish_automount+0xa90/0xa90 [ 2233.136459] ? getname_flags.part.0+0x1dd/0x4f0 [ 2233.137006] __x64_sys_mount+0x282/0x300 [ 2233.137472] ? copy_mnt_ns+0xa00/0xa00 [ 2233.137930] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2233.138536] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2233.139132] do_syscall_64+0x33/0x40 [ 2233.139562] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2233.140153] RIP: 0033:0x7f07d2d5a04a [ 2233.140583] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.142756] RSP: 002b:00007f07d02cdfa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 2233.143646] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f07d2d5a04a [ 2233.144502] RDX: 0000000020000080 RSI: 00000000200000c0 RDI: 0000000000000000 [ 2233.145349] RBP: 00007f07d02ce040 R08: 00007f07d02ce040 R09: 0000000020000080 [ 2233.146193] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000020000080 [ 2233.147032] R13: 00000000200000c0 R14: 00007f07d02ce000 R15: 00000000200008c0 11:14:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf00}, 0x0) 11:14:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x74}, 0x0) 11:14:35 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:35 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0000"], 0xec}}, 0x0) [ 2233.211873] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:14:35 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0002"], 0xec}}, 0x0) 11:14:35 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xcf00}, 0x0) 11:14:35 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 19) 11:14:35 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7a}, 0x0) 11:14:35 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2233.313988] FAULT_INJECTION: forcing a failure. [ 2233.313988] name failslab, interval 1, probability 0, space 0, times 0 11:14:35 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000010) dup2(r0, r1) 11:14:35 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2233.315361] CPU: 0 PID: 10940 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2233.316273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2233.317246] Call Trace: [ 2233.317563] dump_stack+0x107/0x167 [ 2233.317984] should_fail.cold+0x5/0xa [ 2233.318425] ? create_object.isra.0+0x3a/0xa30 [ 2233.318965] should_failslab+0x5/0x20 [ 2233.319408] kmem_cache_alloc+0x5b/0x310 [ 2233.319881] create_object.isra.0+0x3a/0xa30 [ 2233.320385] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2233.320996] __kmalloc_track_caller+0x177/0x370 [ 2233.321534] ? v9fs_session_init+0xe9/0x1680 [ 2233.322051] ? kernel_text_address+0xf2/0x120 [ 2233.322577] kstrdup+0x36/0x70 [ 2233.322949] v9fs_session_init+0xe9/0x1680 [ 2233.323442] ? lock_release+0x680/0x680 [ 2233.323903] ? find_held_lock+0x2c/0x110 [ 2233.324379] ? kmem_cache_alloc_trace+0x151/0x320 [ 2233.324944] ? v9fs_show_options+0x690/0x690 [ 2233.325468] ? trace_hardirqs_on+0x5b/0x180 [ 2233.325973] ? kasan_unpoison_shadow+0x33/0x50 [ 2233.326498] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2233.327092] v9fs_mount+0x79/0x8f0 [ 2233.327503] ? v9fs_write_inode+0x60/0x60 [ 2233.327989] legacy_get_tree+0x105/0x220 [ 2233.328461] vfs_get_tree+0x8e/0x300 [ 2233.328894] path_mount+0x1490/0x21e0 [ 2233.329348] ? strncpy_from_user+0x9e/0x470 [ 2233.329846] ? finish_automount+0xa90/0xa90 [ 2233.330350] ? getname_flags.part.0+0x1dd/0x4f0 [ 2233.330892] ? _copy_from_user+0xfb/0x1b0 [ 2233.331060] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2233.331379] __x64_sys_mount+0x282/0x300 [ 2233.331390] ? copy_mnt_ns+0xa00/0xa00 [ 2233.331403] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2233.331415] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2233.331434] do_syscall_64+0x33/0x40 [ 2233.335894] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2233.336487] RIP: 0033:0x7f9990caeb19 [ 2233.336917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2233.339055] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2233.339939] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2233.340764] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2233.341593] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2233.342416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2233.343240] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:14:51 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000011) dup2(r0, r1) 11:14:51 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f00000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:51 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 20) 11:14:51 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0000"], 0xec}}, 0x0) 11:14:51 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf000}, 0x0) 11:14:51 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:14:51 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf0}, 0x0) 11:14:51 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2249.595380] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2249.632462] FAULT_INJECTION: forcing a failure. [ 2249.632462] name failslab, interval 1, probability 0, space 0, times 0 [ 2249.634501] CPU: 1 PID: 10974 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2249.635581] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2249.636888] Call Trace: [ 2249.637324] dump_stack+0x107/0x167 [ 2249.637904] should_fail.cold+0x5/0xa [ 2249.638516] should_failslab+0x5/0x20 [ 2249.639115] __kmalloc_track_caller+0x79/0x370 [ 2249.639843] ? v9fs_session_init+0xe9/0x1680 [ 2249.640519] ? kernel_text_address+0xf2/0x120 [ 2249.641223] kstrdup+0x36/0x70 [ 2249.641726] v9fs_session_init+0xe9/0x1680 [ 2249.642382] ? lock_release+0x680/0x680 [ 2249.642994] ? find_held_lock+0x2c/0x110 [ 2249.643625] ? kmem_cache_alloc_trace+0x151/0x320 [ 2249.644350] ? v9fs_show_options+0x690/0x690 [ 2249.645016] ? trace_hardirqs_on+0x5b/0x180 [ 2249.645696] ? kasan_unpoison_shadow+0x33/0x50 [ 2249.646383] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2249.647146] v9fs_mount+0x79/0x8f0 [ 2249.647678] ? v9fs_write_inode+0x60/0x60 [ 2249.648296] legacy_get_tree+0x105/0x220 [ 2249.648910] vfs_get_tree+0x8e/0x300 [ 2249.649484] path_mount+0x1490/0x21e0 [ 2249.650058] ? strncpy_from_user+0x9e/0x470 [ 2249.650873] ? finish_automount+0xa90/0xa90 [ 2249.652129] ? getname_flags.part.0+0x1dd/0x4f0 [ 2249.653249] ? _copy_from_user+0xfb/0x1b0 [ 2249.654231] __x64_sys_mount+0x282/0x300 [ 2249.655185] ? copy_mnt_ns+0xa00/0xa00 [ 2249.656107] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2249.657350] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2249.658556] do_syscall_64+0x33/0x40 [ 2249.659435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2249.660630] RIP: 0033:0x7f9990caeb19 [ 2249.661516] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2249.665799] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2249.667570] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2249.669332] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2249.671215] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2249.673019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2249.674664] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:14:51 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x10b}, 0x0) 11:15:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5103000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x5000001da) dup2(r0, r1) 11:15:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xf}}, 0x0) 11:15:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 21) 11:15:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x80000}, 0x0) [ 2262.394816] FAULT_INJECTION: forcing a failure. [ 2262.394816] name failslab, interval 1, probability 0, space 0, times 0 [ 2262.396671] CPU: 1 PID: 10991 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2262.397778] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2262.399103] Call Trace: [ 2262.399530] dump_stack+0x107/0x167 [ 2262.400115] should_fail.cold+0x5/0xa [ 2262.400725] ? create_object.isra.0+0x3a/0xa30 [ 2262.401471] should_failslab+0x5/0x20 [ 2262.402077] kmem_cache_alloc+0x5b/0x310 [ 2262.402728] ? kernel_text_address+0xf2/0x120 [ 2262.403456] create_object.isra.0+0x3a/0xa30 [ 2262.404150] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2262.404961] kmem_cache_alloc_trace+0x151/0x320 [ 2262.405713] ? find_held_lock+0x2c/0x110 [ 2262.406362] p9_client_create+0xaf/0x1230 [ 2262.407019] ? lock_downgrade+0x6d0/0x6d0 [ 2262.407680] ? p9_client_flush+0x430/0x430 [ 2262.408354] ? trace_hardirqs_on+0x5b/0x180 [ 2262.409042] ? lockdep_init_map_type+0x2c7/0x780 [ 2262.409811] ? __raw_spin_lock_init+0x36/0x110 [ 2262.410539] v9fs_session_init+0x1dd/0x1680 [ 2262.411225] ? lock_release+0x680/0x680 [ 2262.411863] ? kmem_cache_alloc_trace+0x151/0x320 [ 2262.412627] ? v9fs_show_options+0x690/0x690 [ 2262.413339] ? trace_hardirqs_on+0x5b/0x180 [ 2262.414026] ? kasan_unpoison_shadow+0x33/0x50 [ 2262.414750] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2262.415557] v9fs_mount+0x79/0x8f0 [ 2262.416126] ? v9fs_write_inode+0x60/0x60 [ 2262.416782] legacy_get_tree+0x105/0x220 [ 2262.417436] vfs_get_tree+0x8e/0x300 [ 2262.418032] path_mount+0x1490/0x21e0 [ 2262.418643] ? strncpy_from_user+0x9e/0x470 [ 2262.419325] ? finish_automount+0xa90/0xa90 [ 2262.420011] ? getname_flags.part.0+0x1dd/0x4f0 [ 2262.420751] ? _copy_from_user+0xfb/0x1b0 [ 2262.421424] __x64_sys_mount+0x282/0x300 [ 2262.421479] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2262.422074] ? copy_mnt_ns+0xa00/0xa00 [ 2262.422093] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2262.422120] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2262.426552] do_syscall_64+0x33/0x40 [ 2262.427143] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2262.427957] RIP: 0033:0x7f9990caeb19 [ 2262.428548] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2262.431479] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2262.432697] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2262.433860] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2262.435000] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2262.436134] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2262.437273] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:15:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0x10}}, 0x0) 11:15:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf0ffff}, 0x0) 11:15:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x300}, 0x0) 11:15:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2262.545011] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8004000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0x2c0}}, 0x0) 11:15:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x1000000}, 0x0) 11:15:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x500}, 0x0) 11:15:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 22) 11:15:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000600) dup2(r0, r1) 11:15:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x2000000}, 0x0) 11:15:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8004000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2262.657823] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8cffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2262.695725] FAULT_INJECTION: forcing a failure. [ 2262.695725] name failslab, interval 1, probability 0, space 0, times 0 [ 2262.697473] CPU: 1 PID: 11022 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2262.698510] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2262.699751] Call Trace: [ 2262.700146] dump_stack+0x107/0x167 [ 2262.700688] should_fail.cold+0x5/0xa [ 2262.701248] ? p9_client_create+0xaf/0x1230 [ 2262.701898] should_failslab+0x5/0x20 [ 2262.702459] kmem_cache_alloc_trace+0x55/0x320 [ 2262.703135] ? find_held_lock+0x2c/0x110 [ 2262.703734] p9_client_create+0xaf/0x1230 [ 2262.704345] ? lock_downgrade+0x6d0/0x6d0 [ 2262.704956] ? p9_client_flush+0x430/0x430 [ 2262.705589] ? trace_hardirqs_on+0x5b/0x180 [ 2262.706228] ? lockdep_init_map_type+0x2c7/0x780 [ 2262.706927] ? __raw_spin_lock_init+0x36/0x110 [ 2262.707604] v9fs_session_init+0x1dd/0x1680 [ 2262.708239] ? lock_release+0x680/0x680 [ 2262.708827] ? kmem_cache_alloc_trace+0x151/0x320 [ 2262.709543] ? v9fs_show_options+0x690/0x690 [ 2262.710192] ? trace_hardirqs_on+0x5b/0x180 [ 2262.710825] ? kasan_unpoison_shadow+0x33/0x50 [ 2262.711496] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2262.712243] v9fs_mount+0x79/0x8f0 [ 2262.712765] ? v9fs_write_inode+0x60/0x60 [ 2262.713382] legacy_get_tree+0x105/0x220 [ 2262.713981] vfs_get_tree+0x8e/0x300 [ 2262.714527] path_mount+0x1490/0x21e0 [ 2262.715090] ? strncpy_from_user+0x9e/0x470 [ 2262.715723] ? finish_automount+0xa90/0xa90 [ 2262.716360] ? getname_flags.part.0+0x1dd/0x4f0 [ 2262.717046] ? _copy_from_user+0xfb/0x1b0 [ 2262.717674] __x64_sys_mount+0x282/0x300 [ 2262.718275] ? copy_mnt_ns+0xa00/0xa00 [ 2262.718849] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2262.719620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2262.720382] do_syscall_64+0x33/0x40 [ 2262.720929] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2262.721694] RIP: 0033:0x7f9990caeb19 [ 2262.722238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2262.724942] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2262.726072] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2262.727129] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2262.728135] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2262.729181] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2262.730199] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:15:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000700) dup2(r0, r1) 11:15:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec0}}, 0x0) 11:15:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 23) 11:15:15 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc400000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf000000}, 0x0) 11:15:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x600}, 0x0) 11:15:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8cffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2273.897763] FAULT_INJECTION: forcing a failure. [ 2273.897763] name failslab, interval 1, probability 0, space 0, times 0 [ 2273.899473] CPU: 0 PID: 11050 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2273.899887] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2273.900469] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2273.900476] Call Trace: [ 2273.900495] dump_stack+0x107/0x167 [ 2273.900518] should_fail.cold+0x5/0xa [ 2273.905350] ? create_object.isra.0+0x3a/0xa30 [ 2273.906015] should_failslab+0x5/0x20 [ 2273.906556] kmem_cache_alloc+0x5b/0x310 [ 2273.907137] ? lock_downgrade+0x6d0/0x6d0 [ 2273.907733] create_object.isra.0+0x3a/0xa30 [ 2273.908350] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2273.909072] __kmalloc_track_caller+0x177/0x370 [ 2273.909747] ? p9_client_create+0x41d/0x1230 [ 2273.910381] kstrdup+0x36/0x70 [ 2273.910851] p9_client_create+0x41d/0x1230 [ 2273.911449] ? lock_downgrade+0x6d0/0x6d0 [ 2273.912042] ? p9_client_flush+0x430/0x430 [ 2273.912661] ? trace_hardirqs_on+0x5b/0x180 [ 2273.913269] ? lockdep_init_map_type+0x2c7/0x780 [ 2273.913941] ? __raw_spin_lock_init+0x36/0x110 [ 2273.914594] v9fs_session_init+0x1dd/0x1680 [ 2273.915209] ? lock_release+0x680/0x680 [ 2273.915771] ? kmem_cache_alloc_trace+0x151/0x320 [ 2273.916453] ? v9fs_show_options+0x690/0x690 [ 2273.917078] ? trace_hardirqs_on+0x5b/0x180 [ 2273.917700] ? kasan_unpoison_shadow+0x33/0x50 [ 2273.918348] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2273.919067] v9fs_mount+0x79/0x8f0 [ 2273.919572] ? v9fs_write_inode+0x60/0x60 [ 2273.920153] legacy_get_tree+0x105/0x220 [ 2273.920734] vfs_get_tree+0x8e/0x300 [ 2273.921259] path_mount+0x1490/0x21e0 [ 2273.921809] ? strncpy_from_user+0x9e/0x470 [ 2273.922438] ? finish_automount+0xa90/0xa90 [ 2273.923046] ? getname_flags.part.0+0x1dd/0x4f0 [ 2273.923709] ? _copy_from_user+0xfb/0x1b0 [ 2273.924311] __x64_sys_mount+0x282/0x300 [ 2273.924883] ? copy_mnt_ns+0xa00/0xa00 [ 2273.925454] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2273.926200] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2273.926928] do_syscall_64+0x33/0x40 [ 2273.927455] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2273.928173] RIP: 0033:0x7f9990caeb19 [ 2273.928697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2273.931290] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2273.932345] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2273.933333] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2273.934342] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2273.935368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2273.936402] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:15:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x9effffff}, 0x0) 11:15:28 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 24) 11:15:28 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc100000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500080000) dup2(r0, r1) [ 2286.838535] FAULT_INJECTION: forcing a failure. [ 2286.838535] name failslab, interval 1, probability 0, space 0, times 0 [ 2286.839899] CPU: 0 PID: 11074 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2286.840697] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2286.841653] Call Trace: [ 2286.841958] dump_stack+0x107/0x167 [ 2286.842371] should_fail.cold+0x5/0xa [ 2286.842807] ? create_object.isra.0+0x3a/0xa30 [ 2286.843332] should_failslab+0x5/0x20 [ 2286.843767] kmem_cache_alloc+0x5b/0x310 [ 2286.844228] ? lock_downgrade+0x6d0/0x6d0 [ 2286.844698] create_object.isra.0+0x3a/0xa30 [ 2286.845198] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2286.845784] __kmalloc_track_caller+0x177/0x370 [ 2286.846314] ? p9_client_create+0x41d/0x1230 [ 2286.846815] kstrdup+0x36/0x70 [ 2286.847193] p9_client_create+0x41d/0x1230 [ 2286.847689] ? lock_downgrade+0x6d0/0x6d0 [ 2286.848185] ? p9_client_flush+0x430/0x430 [ 2286.848680] ? trace_hardirqs_on+0x5b/0x180 [ 2286.849181] ? lockdep_init_map_type+0x2c7/0x780 [ 2286.849752] ? __raw_spin_lock_init+0x36/0x110 [ 2286.850272] v9fs_session_init+0x1dd/0x1680 [ 2286.850761] ? lock_release+0x680/0x680 [ 2286.851236] ? kmem_cache_alloc_trace+0x151/0x320 [ 2286.851801] ? v9fs_show_options+0x690/0x690 [ 2286.852323] ? trace_hardirqs_on+0x5b/0x180 [ 2286.852830] ? kasan_unpoison_shadow+0x33/0x50 [ 2286.853359] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2286.853944] v9fs_mount+0x79/0x8f0 [ 2286.854347] ? v9fs_write_inode+0x60/0x60 [ 2286.854819] legacy_get_tree+0x105/0x220 [ 2286.855283] vfs_get_tree+0x8e/0x300 [ 2286.855727] path_mount+0x1490/0x21e0 [ 2286.856184] ? strncpy_from_user+0x9e/0x470 [ 2286.856688] ? finish_automount+0xa90/0xa90 [ 2286.857197] ? getname_flags.part.0+0x1dd/0x4f0 [ 2286.857750] ? _copy_from_user+0xfb/0x1b0 [ 2286.858239] __x64_sys_mount+0x282/0x300 [ 2286.858708] ? copy_mnt_ns+0xa00/0xa00 [ 2286.859150] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2286.859744] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2286.860330] do_syscall_64+0x33/0x40 [ 2286.860753] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2286.861339] RIP: 0033:0x7f9990caeb19 [ 2286.861777] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2286.863923] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2286.864786] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2286.865611] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 11:15:28 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x700}, 0x0) 11:15:28 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0x33fe0}}, 0x0) 11:15:28 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xcf000000}, 0x0) 11:15:28 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf0ffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2286.866423] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2286.867419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2286.868232] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2286.877206] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:28 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf0ffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf6ffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0x2000096c}}, 0x0) 11:15:28 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x900}, 0x0) 11:15:28 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf6ffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:28 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf0ffffff}, 0x0) 11:15:28 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2287.041000] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0x7ffff000}}, 0x0) 11:15:43 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf9fdffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2301.897993] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:43 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf9fdffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xa00}, 0x0) 11:15:43 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:43 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 25) 11:15:43 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xfffff000}, 0x0) 11:15:43 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = syz_mount_image$nfs4(&(0x7f0000000040), &(0x7f0000000080)='./file1\x00', 0x8, 0x4, &(0x7f0000000500)=[{&(0x7f0000000340)="82e01a4048445278f03747b0b93035f94714c35032594742777227aac77a27e1329ecd22758958dd5a66a6fb4bc83a78c0cd917d158e818e0693de8fefd65b89e9670b7a175acd0d066650f5172165a348a2a11a2cf75b16fa79af3eb3b618403d09bf37ca6d44ac02530692224ca47694e14bd81d102ba0f203fbce769d8f9bfe7fce2eb75329182309ac6248739865f6f5972eaf495c3d0e367dce92c86b8c288469740242a2ca94f404dd1eae10f8498d2f185c60182df60ba8c05d600218b4132e8f7d", 0xc5, 0x3ff}, {&(0x7f0000000180)="c63b2e4ad2777e73e0b19176e2d1a036135641b7f59cc36b2878f29c24153d1f7cbd7b2c9a10db27fdfc63cac3b2f4e17cdd48b1c67feefae4eb26ea8859d05ef75019b6045b046d7aa31058fb05bea05d96df072a7e760276314b644ffd9b6910a9ca44bea03080e040d27616a6c0b4a0b2", 0x72, 0x9}, {&(0x7f00000000c0)="aa88984528df56420d885f", 0xb, 0x6}, {&(0x7f0000000440)="700233bff252ff33388deedea37ca038c565870dfe9db7498a94ac45b3fc708729065653da5c31d2701b518dc5828426102c75ec23615f99691d1ac060d21afa5f81069a7c21c7f5a4b7bbdf358570a225649fd80ea1a7c484ab580f753df5102611d3905660e002aa2a826e6261ae28150ff5cd5227a53ec130ac9de0c2a4f29a03aa9ae5f8b95329e138dd1a8cb8d1d24f94f6bb28eeab29391f03", 0x9c, 0x4}], 0x1080000, &(0x7f0000000580)={[{'\x00'}, {'$(:*@/'}, {'{[\\+,.{!{-'}, {'\x00'}], [{@smackfsroot={'smackfsroot', 0x3d, '\x00'}}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@uid_eq={'uid', 0x3d, 0xffffffffffffffff}}]}) openat(r4, &(0x7f0000000280)='./file1\x00', 0x80000, 0x88) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) [ 2301.925890] FAULT_INJECTION: forcing a failure. [ 2301.925890] name failslab, interval 1, probability 0, space 0, times 0 [ 2301.927534] CPU: 1 PID: 11121 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2301.928498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2301.929659] Call Trace: [ 2301.930045] dump_stack+0x107/0x167 [ 2301.930555] should_fail.cold+0x5/0xa [ 2301.931090] ? create_object.isra.0+0x3a/0xa30 [ 2301.931732] should_failslab+0x5/0x20 [ 2301.932265] kmem_cache_alloc+0x5b/0x310 [ 2301.932844] ? lock_downgrade+0x6d0/0x6d0 [ 2301.933427] create_object.isra.0+0x3a/0xa30 [ 2301.934051] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2301.934767] __kmalloc_track_caller+0x177/0x370 [ 2301.935423] ? p9_client_create+0x41d/0x1230 [ 2301.936049] kstrdup+0x36/0x70 [ 2301.936490] p9_client_create+0x41d/0x1230 [ 2301.937081] ? lock_downgrade+0x6d0/0x6d0 [ 2301.937659] ? p9_client_flush+0x430/0x430 [ 2301.938271] ? trace_hardirqs_on+0x5b/0x180 [ 2301.938866] ? lockdep_init_map_type+0x2c7/0x780 [ 2301.939517] ? __raw_spin_lock_init+0x36/0x110 [ 2301.940146] v9fs_session_init+0x1dd/0x1680 [ 2301.940737] ? lock_release+0x680/0x680 [ 2301.941294] ? kmem_cache_alloc_trace+0x151/0x320 [ 2301.941977] ? v9fs_show_options+0x690/0x690 [ 2301.942591] ? trace_hardirqs_on+0x5b/0x180 [ 2301.943192] ? kasan_unpoison_shadow+0x33/0x50 [ 2301.943820] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2301.944522] v9fs_mount+0x79/0x8f0 [ 2301.945026] ? v9fs_write_inode+0x60/0x60 [ 2301.945599] legacy_get_tree+0x105/0x220 [ 2301.946166] vfs_get_tree+0x8e/0x300 [ 2301.946681] path_mount+0x1490/0x21e0 [ 2301.947221] ? strncpy_from_user+0x9e/0x470 [ 2301.947815] ? finish_automount+0xa90/0xa90 [ 2301.948413] ? getname_flags.part.0+0x1dd/0x4f0 [ 2301.949063] ? _copy_from_user+0xfb/0x1b0 [ 2301.949649] __x64_sys_mount+0x282/0x300 [ 2301.950224] ? copy_mnt_ns+0xa00/0xa00 [ 2301.950770] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2301.951495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2301.952206] do_syscall_64+0x33/0x40 [ 2301.952726] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2301.953440] RIP: 0033:0x7f9990caeb19 [ 2301.953966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2301.956524] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2301.957584] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2301.958582] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2301.959561] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2301.960552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2301.961539] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2301.970778] loop0: detected capacity change from 0 to 1536 11:15:43 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xb01}, 0x0) 11:15:43 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xffffff7f}, 0x0) [ 2302.024318] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:43 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xfffffdef}}, 0x0) 11:15:43 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfeffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:43 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfeffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:43 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xffffff9e}, 0x0) 11:15:44 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf00}, 0x0) [ 2302.105330] loop0: detected capacity change from 0 to 1536 [ 2302.143509] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:44 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x2}, 0x0) 11:15:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 26) 11:15:44 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xfffffff0}, 0x0) 11:15:44 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r6, 0x0, 0x500000001) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x500000001) accept(0xffffffffffffffff, &(0x7f0000000540)=@in6={0xa, 0x0, 0x0, @mcast1}, &(0x7f00000001c0)=0x80) clone3(&(0x7f00000004c0)={0x10300, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x15}, &(0x7f0000000340)=""/172, 0xac, &(0x7f0000000400)=""/157, &(0x7f0000000180)=[0xffffffffffffffff], 0x1, {r6}}, 0x58) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) [ 2302.230966] FAULT_INJECTION: forcing a failure. [ 2302.230966] name failslab, interval 1, probability 0, space 0, times 0 [ 2302.233242] CPU: 1 PID: 11155 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2302.234103] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2302.235128] Call Trace: [ 2302.235455] dump_stack+0x107/0x167 [ 2302.235910] should_fail.cold+0x5/0xa [ 2302.236372] should_failslab+0x5/0x20 [ 2302.236839] __kmalloc_track_caller+0x79/0x370 [ 2302.237415] ? parse_opts.part.0+0x8e/0x340 [ 2302.237944] kstrdup+0x36/0x70 [ 2302.238344] parse_opts.part.0+0x8e/0x340 [ 2302.238847] ? p9_fd_show_options+0x1c0/0x1c0 [ 2302.239393] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2302.240025] ? quarantine_put+0x8b/0x1a0 [ 2302.240518] ? trace_hardirqs_on+0x5b/0x180 [ 2302.241043] ? kfree+0xd7/0x340 [ 2302.241444] p9_fd_create+0x98/0x4a0 [ 2302.241896] ? p9_conn_create+0x510/0x510 [ 2302.242397] ? p9_client_create+0x798/0x1230 [ 2302.242927] ? kfree+0xd7/0x340 [ 2302.243326] ? do_raw_spin_unlock+0x4f/0x220 [ 2302.243863] p9_client_create+0x7ff/0x1230 [ 2302.244380] ? p9_client_flush+0x430/0x430 [ 2302.244888] ? trace_hardirqs_on+0x5b/0x180 [ 2302.245411] ? lockdep_init_map_type+0x2c7/0x780 [ 2302.245990] ? __raw_spin_lock_init+0x36/0x110 [ 2302.246542] v9fs_session_init+0x1dd/0x1680 [ 2302.247064] ? lock_release+0x680/0x680 [ 2302.247550] ? kmem_cache_alloc_trace+0x151/0x320 [ 2302.248147] ? v9fs_show_options+0x690/0x690 [ 2302.248690] ? trace_hardirqs_on+0x5b/0x180 [ 2302.249211] ? kasan_unpoison_shadow+0x33/0x50 [ 2302.249765] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2302.250385] v9fs_mount+0x79/0x8f0 [ 2302.250814] ? v9fs_write_inode+0x60/0x60 [ 2302.251318] legacy_get_tree+0x105/0x220 [ 2302.251807] vfs_get_tree+0x8e/0x300 [ 2302.252256] path_mount+0x1490/0x21e0 [ 2302.252721] ? strncpy_from_user+0x9e/0x470 [ 2302.253238] ? finish_automount+0xa90/0xa90 [ 2302.253755] ? getname_flags.part.0+0x1dd/0x4f0 [ 2302.254329] ? _copy_from_user+0xfb/0x1b0 [ 2302.254830] __x64_sys_mount+0x282/0x300 [ 2302.255316] ? copy_mnt_ns+0xa00/0xa00 [ 2302.255783] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2302.256411] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2302.257028] do_syscall_64+0x33/0x40 [ 2302.257484] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2302.258126] RIP: 0033:0x7f9990caeb19 [ 2302.258578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2302.260833] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2302.261749] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2302.262619] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2302.263482] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2302.264349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2302.265210] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2302.266240] 9pnet: Insufficient options for proto=fd [ 2314.099459] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:56 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x8}, 0x0) 11:15:56 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(0xffffffffffffffff, r2, 0x0, 0x500000001) dup2(r0, r1) 11:15:56 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 27) 11:15:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4800}, 0x0) 11:15:56 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff03000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x8000000000000}, 0x0) 11:15:56 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff03000000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff1f0000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf0ffffffffffff}, 0x0) [ 2314.156010] FAULT_INJECTION: forcing a failure. [ 2314.156010] name failslab, interval 1, probability 0, space 0, times 0 [ 2314.157346] CPU: 0 PID: 11182 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2314.158150] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2314.159097] Call Trace: [ 2314.159407] dump_stack+0x107/0x167 [ 2314.159827] should_fail.cold+0x5/0xa [ 2314.160266] ? create_object.isra.0+0x3a/0xa30 [ 2314.160785] should_failslab+0x5/0x20 [ 2314.161221] kmem_cache_alloc+0x5b/0x310 [ 2314.161685] ? legacy_get_tree+0x105/0x220 [ 2314.162177] ? vfs_get_tree+0x8e/0x300 [ 2314.162622] create_object.isra.0+0x3a/0xa30 [ 2314.163127] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2314.163708] __kmalloc_track_caller+0x177/0x370 [ 2314.164235] ? parse_opts.part.0+0x8e/0x340 [ 2314.164733] kstrdup+0x36/0x70 [ 2314.165101] parse_opts.part.0+0x8e/0x340 [ 2314.165580] ? p9_fd_show_options+0x1c0/0x1c0 [ 2314.166101] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2314.166704] ? quarantine_put+0x8b/0x1a0 [ 2314.167167] ? trace_hardirqs_on+0x5b/0x180 [ 2314.167663] ? kfree+0xd7/0x340 [ 2314.168041] p9_fd_create+0x98/0x4a0 [ 2314.168466] ? p9_conn_create+0x510/0x510 [ 2314.168937] ? p9_client_create+0x798/0x1230 [ 2314.169437] ? kfree+0xd7/0x340 [ 2314.169815] ? do_raw_spin_unlock+0x4f/0x220 [ 2314.170331] p9_client_create+0x7ff/0x1230 [ 2314.170815] ? p9_client_flush+0x430/0x430 [ 2314.171295] ? trace_hardirqs_on+0x5b/0x180 [ 2314.171787] ? lockdep_init_map_type+0x2c7/0x780 [ 2314.172329] ? __raw_spin_lock_init+0x36/0x110 [ 2314.172855] v9fs_session_init+0x1dd/0x1680 [ 2314.173348] ? lock_release+0x680/0x680 [ 2314.173811] ? kmem_cache_alloc_trace+0x151/0x320 [ 2314.174367] ? v9fs_show_options+0x690/0x690 [ 2314.174870] ? trace_hardirqs_on+0x5b/0x180 [ 2314.175365] ? kasan_unpoison_shadow+0x33/0x50 [ 2314.175891] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2314.176474] v9fs_mount+0x79/0x8f0 [ 2314.176881] ? v9fs_write_inode+0x60/0x60 [ 2314.177353] legacy_get_tree+0x105/0x220 [ 2314.177815] vfs_get_tree+0x8e/0x300 [ 2314.178249] path_mount+0x1490/0x21e0 [ 2314.178686] ? strncpy_from_user+0x9e/0x470 [ 2314.179175] ? finish_automount+0xa90/0xa90 [ 2314.179667] ? getname_flags.part.0+0x1dd/0x4f0 [ 2314.180201] ? _copy_from_user+0xfb/0x1b0 [ 2314.180683] __x64_sys_mount+0x282/0x300 [ 2314.181146] ? copy_mnt_ns+0xa00/0xa00 [ 2314.181589] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2314.182193] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2314.182780] do_syscall_64+0x33/0x40 [ 2314.183208] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2314.183793] RIP: 0033:0x7f9990caeb19 [ 2314.184217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2314.186329] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2314.187209] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2314.188023] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2314.188838] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 11:15:56 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x3d}, 0x0) [ 2314.189668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2314.190682] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:15:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4c00}, 0x0) [ 2314.240783] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:15:56 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff7f00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) [ 2314.314804] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. sendmmsg$inet6(r4, &(0x7f00000044c0)=[{{&(0x7f0000000040)={0xa, 0x4e20, 0xfffff301, @remote, 0x1000}, 0x1c, &(0x7f00000001c0)=[{&(0x7f0000000080)="ee111501bd7123f4adbf415dd08437c31d88a14c0ca086f06682932290b15039694896386c9aeaaa0d9bb9e2a1fa82f131c2f1eff8", 0x35}, {&(0x7f00000000c0)="bfb60d9edeaed5a9738f29c9ec650fd9cad8624378a41cd33e6c7ce4564322ba18ef67297f8231352f", 0x29}, {&(0x7f0000000180)="dddd75dd53242f37ac8f664ce604638dfb6f74d45e78c838ff298fb1fcc37f912d524e", 0x23}], 0x3}}, {{&(0x7f0000000280)={0xa, 0x4e23, 0x9, @loopback}, 0x1c, &(0x7f00000008c0)=[{&(0x7f0000000340)="19b637d808396e7725283963e1573ce9dfb987dd3c2ca16fcd6bbc5a2a6b2709e14f9c05453547df05d8fce4c32f696e1ac06e15738875cc75493cb63657e2ef4162666f23c291b75816d051ab712a4338a66f9f61f520df97aca59ea4d41e56572671e64a6e94617874b8791b1a6531394290fb6ac95cfa92e6ecbac52c", 0x7e}, {&(0x7f00000003c0)="c432696fabc67c0fd364c7919526ab26c10c6ba336f1cdfab00ecf12b305975857313569eff031b65e78b16788ad9dca66050058385ffa9d9f38ecd62f48d73623bdb31eda2f1fb39dfe03fe79a7cc9d331da5f5041e39", 0x57}, {&(0x7f0000000440)="d6e3cccace320c056415f47c8cc371609633daed3ed54c705a03112c5677bcbae68af55770e110fc027508479257d4c6a604550ba3c633d72601b80ff0532e010eac25a9ac179493309dc9142e9a39c46b8e1fa8542554e48ed4594de82c711bf557aeb0e510321bdcf4e182e46acc7dd9c79c3e0ce79908af4b4c3e09977604a25e3c47dea98585739cbfd46fdd1315c8d44e0bc5d5f179e009f41a642d42000ea0f3f46f58", 0xa6}, {&(0x7f0000000500)="d6a3549bb194ec2f0d7338dbfb4606ba8e4741cfdd26a89228b4762e26a9d57344565d", 0x23}, {&(0x7f0000000540)="3b06ea9b46dde244dc9fac0b824506963dccdf88bd9cafe068c2727b", 0x1c}, {&(0x7f0000000580)="defd09710ef26660d770c954a4ca96a246bf8eb54fb31115346b8940e0af2cd5c81b48d065befb9023fcfdb85c1d3c42d0103f45088360cefe165dbf13eaf62fd9ff328ba6c995dd5ef5534698c35f81befd4628358b3ae85f57b404779563158366ae9e13728fb17a228e9f129e73a66272c3951dd1a518a5e612e023754e687c038ab66104d81fa93584a9c2f452526fefac4cde1b58c21f7111e9b9c46432d0d9e6fa9b2626973063c1a03d2fa1db996e3f33fb57ec1471", 0xb9}, {&(0x7f0000000640)="50d3203c2926c43e09620e30c79a4eab4c70c9e5ed", 0x15}, {&(0x7f0000000680)="f0637a3e61b6297d20fe9ae6ad77540352f8afd4964837686536f48cc8bae0da08f19d04542a260e416dfbbabf0f59e745baf7de3fdcd28ccf76bff3a599c235a0e3492a9241df741a20da69060e5124dcfad9d221a00ec032ada9dce3982efcd6fd1653c25965eda88dd39abb8278c7f3a64ec6d3ff6e951f0d889668c6d561d37e00b89b12", 0x86}, {&(0x7f0000000740)="b777fd7fc2fcc0d001296e06054db923b1a59cbc59497b68e1a49cb7de37831c9e61e507f9a59e825ca6f289ffea230d7aed0a22638e800ed2e5e91babaa8df0544b271815f4025782e18b994673c9f9aa189234df860ca3483dba2b60008bb56bcadb9f05fc5fdc4f7d41f900cc1763390091581f", 0x75}, {&(0x7f00000007c0)="ef72404ba38f302e30da9662c713bec5fc4a1447110276bb299510eb50d6904a31a1345a09e5f73dd41307a1918e2ee5cec78f7d35341a29a59a3dbaceaf4ddbb4137cba62b276e06b2854e0d5a7366e7cde90304dd027b6eafd00129936059a0a2183a794e5651d12d0c618e983c942b4df5b2f6206716fee9469d8886100858f552e2f9572eac32cc766947137e35439ded7296466b8f80c5abdbc0e784b73e1165ed98f452d694f866eb7042aaf3a6472c799b59693a158e032f6473fae21e22aa508e6bffe0d04a9c70a55ef3549a3af44de6ef1425150d50a255e3d298d926a40e34e4aea5f5cbf9bf8e37d99", 0xef}], 0xa, &(0x7f0000000980)=[@rthdr_2292={{0xa8, 0x29, 0x39, {0x1, 0x12, 0x1, 0x8, 0x0, [@private2, @local, @private0={0xfc, 0x0, '\x00', 0x1}, @mcast2, @dev={0xfe, 0x80, '\x00', 0xf}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @private1]}}}], 0xa8}}, {{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f0000000a40)="38873b4b85ee49e2c4647e0db9afe9e4da17080effe6aa50159f025b979ae9ba40475acaf02550d1ab77669c89fe4adeb7ccdffd4a9b119f9881f9c38bbbe0b83485567047de6ba85479316fa7bb7d6e940a01214261821f6d0057a7d7c79d64711909d981d9d27561cb0d3354464cb337fee84f77da132c6906e50000ac51b73421fea33f2175f39cb46e0e325470a9fda5777cde0b959b118ddfb6c2b3495c4a56f29c67fac84d55cc211e0e2ab700704630086d9b04f87bf5425ee67a22d0b196143d1db08b0e1a26f3011c75d774f122122eee697bbdc4e12363e4b15db029c6205d3da570a79a5f7a116b74bba958b0f922f36652b290456fddeeb9f32cf33398a65f8ef0ba4fb27241a1d90414dc385353afbeefdb3be3e2f1fca8212a307da6393c2fc140b3ddb3c12093e4fd025149d08619bb60bcfb4ef6e6ba9f7e39c1b1d63b1faf1941290f28a95982703569ba7199ed78a86323287e4a5ccef929f7bd7801ad89d60042a78d1654a62e94bee9308f6bd7d288fa0213ce5e67cf5bcce44e6c8aaad9455289af43b48cace796276f132db6dfcb24166f94c2aa9fd89218623f0ad3fc2f83c4c30bfc922185afbcaa947355850a64446d91ef4115da008b5d71bc2272b08020f1994aecea69662ca7de7691bd046165a123ff9f7d7dd7e2103cf31242c71ad059ad8761a18e98b863ae8e7b7acdf99da39ffddffc8ca6fae4815025eeab73c2095c21b3ab09ad34abd087a11d08b34d8b712341273ce71a42e161606c701eb9c168c3b73ca001caf85ebdb20bc6c2f0a59b3e514e845b4b050ba576214a8e45bfad58837117546bd4fd1acf5c8f23ee99af7c3cbaf771b43f5fe3d03d0de130e22e3441a8113205bc5fabfd9f76029e3e28000fe675ee89da56df3d824aee968b11183d1f9c3aca2ee97e2a435b3e16156a236cc0323e076f4e7ed60a58fd93be2a11313faadab45ac3c12a40fd862a9c8aa860043b8e893d8367e9b651189798b3dea27914c250033885e88b799681209dea02210c67096cc953692d72727098f693a89c23f553c01cd28e24cfa7d1930df6e4abf780351f5e76dcd146ee17abce57fe5042bdaf67808648a1e4edd2a8837ff164411dea515b5b96bb44fbb569014998324a4f1609ac5c1f254e94829d72c573e003c15e089ece654d6a40d45c1a56e7aaff7e7e3f6b5d580667ba6c3378a18476a4affbca63eed51f0f01649072b49118f34ac563fd4fbf0b20efd32c8b4f5f7225b86b42ec20ebb07c29c3bfd10cfe1137bebf0ff41240f97d99e57d45b09776e04d11064e98976c6d6a67c06fec93a22aecafa15cc627392d817cde1af80b5a366752b5074d982a82a41441f030d6f5c224bf19a95a3a71b0532b66f71baefd46f811bd8ee35f2dde0245c4d52997eab833d71c997f32355288e2045ba033802f3b5892cbefcfbda7946bdc8f9f176a5bb32bca92b3fce6358b5ba99a0f6cd951cd1b2024a2f8f92204de6bf370695acb6ec5c8c7ed199a1caa9dd968a1c616092c5f53fcbf9ee73f1eed2f25d3660279bb250d961949324608e37359f9527350f962ff8f914c037a29c3c8552c4d8d24d85acc52040cddd35c8dd6b4b4dbcd000e8da6c55ebc302adab03bef428c0073efb0caff9f2cb2736ccf5efd235b826d83c4cab56a338a87c25892d5c822aecb4b210f201df5268f5b04163daba78a13df2b0e852c04341b5e63aa125ca11d8c3c24b16105ec0e2d21e33c4100174ce44cfe15f8e6dc856047de3d7e353a4a381127fa3bb927ba6cf418b0e742eac928bfa3259b708a8b32e5460c168cdfdd5ae3951c54f630cc44d131f685f0a352f9e4f1ae317c694dfecd240f883c89819ca1d154a60c2e728fa3247b56f69176c2d4da8e1c311a8b0d8c43936d103de90b5ded7c258ae36e8e10b1fb260a7f5e83afdb838472ea90205eb3b2ca584a95310061e385d83230f04cd2474747908fab0e2ab627e8c050d988c68e1f4ce6251c17173903e4830ac4ac782301632390c2d2f74e9964ed97f247c8e9b5e4cd5b00ebc22f280e709a44f3f6d1345a3fc75ec71584fdf63d0428f4eb77cacec49bd5d842295e44382423ee8aeffa72cfc6d6f87e11d24db66838f1e0b5493f114e0aa35cf22839e05a1e45c424ee16ab1a974a177593d2259425d3b5879d7be414b6d761ffecc2a9b80cafc4610522e71645ad999d69ed21b371591322275be56677b8fd9b096ced1aa02a341b2a373acf7aad5e5f38053a0c75d567faa5ede04aaa9af1740e4f666c13f0919e34a0916d2563f0b96cf4488a03f9ed419a3d74db11ae796e378058201c7c084dc237319b634c2086867ed15434cfb8c6b8b1a25bfd70d7f1a34083dcfb77622e2fe663f0527c6a13f8a2cbc328b2dc9ef768659d4ce7df8e68e297339fd6ba22e308581e5463eb52c07411ebc408bc4cfd81e763a0b993678909d31061b5cb9f2ba69bc5a9627f08881a7462fed32a7a31877242b686c27db1feff29d40850ddd9a5c17fd1cf6e125d5bc3671d76d89aed10c57765b959389389f9b5ef29eaf2334406f8f4e2e6e62cf0f6c4167059d7bea6407352695ffaa255fc4ed4559654223ea7c9b376cef682e6f14d617f67b250648173e0a1a89a185fbfa6018d854f3c90b7080a4dbf8ce498da98525afca82b147dec51ba8045af9cc18d5c34ef72313e906ec0035dabeaa1cd57ed408c908a4bb9ce3c34a0c793b4f061f7594b0fbc49276430d8fef422becb91693e0acf3f6dd06e4d3ff98f9edb115ad3daad02a876c6e84c276b63005273b8925288857b2d9d891eb646712af3a40238974f03938e109272ca6fba50495aad992744eaec12ccb8dcc09b82ed0b24390f77f62bde55173415aed55be29e95f2709df205c2a600c26b93fe9620cef6085b13480cf52cd8233e7b3d562ed08e21a9dba0b5c0f8e0dcd0370c442b651519b3a15f54498d6d166cd07b314859bd353fb40adf93348cb26c0f69f62f62400f9326a456c9fc7f19bdf8173c6d3ef3e57ab61522ca21a56de06b4dab4f8e51e64717bc02cb122ac299ea58e932d14f32e66f5616cd16a50826be9f6617d8bb6e82215cb7c7c51b337b9b94d8cccdc065365f53f0fd9c94d1fe224c0d43892bdf81fbdd3f6fd1dbf5d23df96584e7651454c11b48401d52d897c595a2e459738f359aa04abdadc801d53f3ccceffc48d9d1f05e07b535e90e034abc13fbd3255524fb5573d14f021e3546d49425b9ce4deceb15ed9443f2631cf53c3e3e79d235c82bc0d50e1ac5552556e5bf0a32b9bb101760468edc9078dcd1e3c66002e0efd6757bcc5b5cbd893e503f945ea0c714eddd1b91dbbbd0239d2e4e2c2f4782923d8f92e38555b35d82db21c652f3ca5d866bc191668e73e5d31631aac566f3e30e64a84867d1199950c6527a9c45526757a1ee7aa80c857c2cf8e5fb3e2e2023877cc3785475e0587ef5b4214d08251deeead4ad1c4938fcd52335ad388c74c1f3bcae9081b4a59e1ebeaf31a61e227e3a7ea40853edbd2cb05282a9014574c24843334d87d08b12dcf4707f43b1b060cfc12b2b95767b05357606cf81e05d40321d001a51dd991ae6023edfd1c7658f942fca95e1a1be505e2fd6726f3613a22799edbd645a2c3e8b87593d90b132648850b13b03aca3e40c6cc710b3af34f153601bf3d49e6f03434c8c3310bab079161a5f67de28159a4adad22c9f82d9d68be309f9e6f3f0e5d2738a31cac539f22f2f95548a86171ef18071429449fc2571cf78b6bd3fb1b161106d5f7b53879dbeaf1a694147adead05c0a7edfb15f0608b6f537071522f14da82a2d54fb635fd8925c57ade1284c68e8ece4838d18b84392409ea99b62f6f4ec5fa2eb2b72ee7808de79b12622850a6c69febff7056a95f680701a7db05616083bb57a51785a319e5a00632cd9b2d17b5a8757ff2033822b78f3f1b0aaf6a1ca4fd39d4146949f860efdb7e6ae983c330f8268fca7e68b716e3a66bc96918e58945a59d54a676343e22ddbb732c304202a3d96044067ff299b6ee9ccad79234839b70cfc8806e2b168d128bdad724dff5f87073510d4746c8e31b7e1474ae11e6ef8e66ed0c6c1a0d19d3dd8570dda0eb1c8ab9cfb021ef005a36e4fdb3c75d7407c744e040d3dd11506934eb78e8344d7cd625b435e123a7c75c5ffd0ec3a0ff0691ea6c54ce42447d1f3d739bf209cd45a75d68da1ef6a75e1ad613faa288aaf3ed84eeb9f240423a62c1d81350d25972509de0e80532050454acbbf734c5ce60543125f5c0b8370297ca0fadc4ffb047ae39a7500d7f517af76438558a7869ca8907d1c0e1d57d9943c29ac7f1ad6778760110339504d168fb25d84cd56eb65b5a18a7ae1642f79c22723e847e4110196a0ce9892ab969069fe66c90eb775a06eef476410282a5431e564d2e3ef2a18ba986a3cbb23e2ccbaaec2d793758cde314f6cc5a4033f016fd27532a579b891de2ef911f75faf5e35f86a17e294334c427add018352cf2c09501233e8a93de8f42ca93f576e59c4e9a50351fadb0f78e78712d5597872a25a9eda991bc60d3c90ecf87d5030ed1e2ec4e4bc0b33aacd9f1fafc9bdd085bf0067c480312b99cc4487d4735c6e9cbbe1e6decfe2467a851279907bcd306d89928df8b58fcf57dbc5b7a318681201bb773e9f9148847929587547fa4d92334dc4909f90ed40936a2035a8365fa05df583309f20a16c797962b2d2007b422fc6c8b5d5e38e39c0ea24ada6f40fd7e5a0933fd77aff501fc67be71928c9310697f395d7189a8a12fcf76d0f7ae73ba11e46e28f5b73ad3ffeb5fbdeffdb4131e084a05d5b14c7840f472ef65350157279682c6907c0fe0e13ebb47861743a42dc39ed2a2d1c02bf71e246ba4400acee3e15d6fd8b5730e2f4f5f0b4af2109d72aeda652769ffa3b977f1d98e749c607a3593ce5257b3a350522febcbe3ff1018b5b071bf1971ae473793c1bb1e7add6292d504301f5086c1541928ce2b12e83a24e2f9d6d52261e48e76dbcee8e08ace34f915de4f09fc0c0f96c7ceffc8c5ad2ae4f785eb2e559d39e2f03e8eab80815fa25d04ab878efd2436e20485a64c40422a0b1d52dc7039f8241c153549c9275119374482feb1fc62e360d020093470e1c333ab4cafa549aaa155d1900bf49b60e371b2fc02026ba8d75891d983f15365a708f0f754a25c65fc7ff18502958c093e1252bb2002c3ab0d2a9d7b8808f34a08c15b1ebd1ffa5b3b94c0b0d0bcaabdaa0b639e591a22d602aabcb6d2b011f2379a8e17b82499c8d5f2c70d204d591d9b07ee6eb2cd96ce6ece33ceb89c87776cf6e8b9f33cb14341c0fb41eee4f3783c61ffe86cb6626ee563e9e04b7dadf793f832baa32f16041ead1e4500af36c4851819848629e06d0fa43166700aa07822a2a79abfddc50acf2e9cd1feaaa8997920b84915db3f9f34df8c1b96f77087cbfa501755245345918e27db6f620a5ea0170931ca84c151813bc8f83c22525020a49031786c6e57dd14f7515014ebf4dbbc583394423ad0ff210aaac330d0e47adc80970538b47f036abe9bef5359867f990307beec4877931c77a5a80f0207568c4b36472ea51e856c6b9ae9d202374780714010a977a8dcce2163c13a3be41b2b851c3f88e9a9b6fa593070f494701b3d41b8eba81fe986c5e08b104e55932360b93ae6f3b209adc4033525d0230a3e0d62e89ad46b7c8ac7d84ee60cb8924aef43b01453c496ca99b3f4bf2f5efb577cbdb5c", 0x1000}, {&(0x7f0000001a40)="50f699f3ed2735e0139bc7209383f91e2468e18ddc6ea40343674fa6b3e103fe4f69b128bf21750690b383a39e76d12c360efee06e9099a558c0c19b0ae26786c6e6fa93ab3a996ed5886ec3ba3bf13483d4024b9830a675b660ef39a3d746c051fac14c0170d4fd0ec51a78689217c2dc13dbfa62b448083317f781815f26cfb5117e054e83f9573918cfbef77e8d46c83b851b16edf502b4eab0f39e84381988f559c74cf6ac3c56af2cd10e55a54290eae6e2d685cab1f65ce17972eab31b0f248d3dd21c45a4b790c24a66b480e0c59784af320ac5783b5761bd93dbaaecf344b4f8b4e1", 0xe6}, {&(0x7f0000001b40)="b891c1008852fa7114b88b90b90ca529dbe7dacca3739c741774086b4d1119695e58465ea629b5457d676cf8c3b90e919281b24d6cf0e00b07a5cc16a5e51ad3b1f2eed97ff5371b5f1dd0170f59f8cdafb1096e059cbf8374ad0397496f12e5dcec6ccefb42a97198ca4a9e9ea6e2c05620b6255941c22ec7eb694b4237289fe1d99b377f28f3b23bc8e136acf96b8f1a49acd51b8c0b0fd5d4946adabdc5c7d9186dd3c79480e7988e35fc6e28e358a9aceb674494a65a85cb09de3c", 0xbd}, {&(0x7f0000001c00)="fdeec87a656ab6ead76a6fc9", 0xc}, {&(0x7f0000001c40)="f81c3265153202b434a0949215e394115fbe6551ccfe31a452ba0e4c3207b4ac9e48c13d382a3bfa128d12df2f222a3be0ff0bc6307e2c9243bafd6396d404061bc4cc92cc9803dfc7532bf59f33784d57e22dabd25a3e0e0c19ab7b17b59513cc3e79e700dfa4c121a4851971dd1deb449c263022898d8bbd4b3bf72a18d689fba9e07b9c2036bee499e30c30e2987da6c1eab24fab4f09681eb3f8f58d38258ab0b849f9f6e193a00b8bb872d47fba7d8776b43a1f77662a0f54c7d8f0467a8fee878d7c3b7e775c64648702acb38a1f13bde822a648c21a0eb54325037f16858975224f3b4d5a66e22c3a6f96dcfd6cc76c66265878187a", 0xf9}, {&(0x7f0000001d40)="3984b1c858fc3791a0c125bbb0ab246cdf9d97c4be13949bf82df5dfc70f9bf7475eebc728573fe6b1f3cee7b5d0c05ccf2c5fedc56d06b9bcc671043597a928cc2425de2591f3aa4b6997b4879c81495942115bb54795dbe871da93c9ad36017b69e5", 0x63}, {&(0x7f0000001dc0)="5b9f9586754e3399567d975d594da48f88e09b81c06a59a654b72336555843a65aba0bcd7580cf7144efd9bcbb93418c6be004ee1aa8d39c24", 0x39}, {&(0x7f0000001e00)="88c2598e9bb656c247c421dd271e4607a6a283e2f617ef22ab27100778847b2be2104dfe3ac4202aff836dcfdc6a6dbe0b192c81dd610c727399d67a34", 0x3d}, {&(0x7f0000001e40)="a58039d01d2ceebf66cb36c7114d8c941664f372f5431e92e4bff2312dcbd915789c538c7e91bf681aa6df65c61ca570ac51aa32976f11c9b4d8f6798c5b19d90927df08bf6ab7843805b49ca405d10523b3a140c513ad4573b580", 0x5b}, {&(0x7f0000001ec0)="caf710b89671596dfd516ccb8a00a18765df1c32dc135a6d0fb51f828cf20b4ae40f3b0a78e8adab0eeb260f345e404ce50f7a452d0f8a289ec72ac70941e589854c0af79565cdc10ad77bd2f76b8583da4d7136584f6c8a38375fb83accd4dac3ddc3d6570e1f377907cee1fbfe92c3a83e8adfa4863a6d1094d153ddcc583fd3db1b72e0fdc9f7f693e4cccc9620e961991727ad732f5d4daeb6bccea8c70682434706c30dfd798143305733ba86655d2fd94c4224826dd73ec8cf", 0xbc}], 0xa, &(0x7f0000002040)=[@pktinfo={{0x24, 0x29, 0x32, {@empty, r5}}}, @hopopts={{0xa0, 0x29, 0x36, {0x62, 0x10, '\x00', [@calipso={0x7, 0x40, {0x0, 0xe, 0x8, 0x4, [0x8000, 0x1, 0x2835, 0x65, 0x3, 0x40, 0x2]}}, @calipso={0x7, 0x40, {0x1, 0xe, 0x9, 0x1, [0x40, 0xfffffffffffeffff, 0x8, 0x42e9, 0x8001, 0x2d88, 0x80]}}, @enc_lim={0x4, 0x1, 0x3f}]}}}, @dstopts_2292={{0xd8, 0x29, 0x4, {0x0, 0x18, '\x00', [@calipso={0x7, 0x50, {0x1, 0x12, 0x40, 0x6, [0x9, 0x2, 0x5, 0x2, 0xfff, 0x5, 0x3, 0x3, 0x4]}}, @hao={0xc9, 0x10, @ipv4={'\x00', '\xff\xff', @private=0xa010101}}, @calipso={0x7, 0x40, {0x1, 0xe, 0x0, 0x1f, [0x2, 0x20400000000000, 0x3f, 0x80, 0x8, 0x6, 0x9]}}, @calipso={0x7, 0x18, {0x3, 0x4, 0x0, 0x8, [0x1000, 0x2]}}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x8}}], 0x1b8}}, {{&(0x7f0000002200)={0xa, 0x4e22, 0x7, @private0, 0x1}, 0x1c, &(0x7f0000003500)=[{&(0x7f0000002240)="9cf859c9dfa178cb7d1a25b76b5e1fb5101c325a81a733bb920ac677588acb444909fd9598e8e11c484def77094bb96852a7c682b6c4e30d6749bb0b77c4f1a4b303dc773b2a11087f8ac3d527", 0x4d}, {&(0x7f00000022c0)="78e36280a3818e222f249e8668acc59dd041bf0a1cdaf54766b20b28f931c53208ab22b9096d135378d96106fa3e59dfb161cb98f8f4cf62cff6cf7ee51ca6d3db43a328c4971e4eec46d2becf3ca725be25cf2ae83cf589f6a9f8a4289292ee49aa3a936671897b695103ed5b7e86142e97b3666709367de702861bd78b2cc596b9144beb6e0072dfb60451dde229f3483c4c03ba3ef6b2f4ccae2c64fee3a9179123bcdb0f996d89e4dc9a21dea41ec825bb96140eb7755cd112d633c6c4f98fc17bc6a11d6a47b568db2d913019bfcabcd7209482cdb88510f46517b15bc168134ab646cfb726d37c7b8e84f536f5a88466da2d4605f54ac24a4a1344271adf51f3bf893a71641ce9698dde77a978c1904777cf9f2167badca312d910a1411dd31a3fd09244dc6fc116e63510da3a601c501ee83edee38129384dee771253fcbee57071fcbfbd819f4c5729b7f349704939e0433147fee6b6e48773b475778a5a4459b36318a6f4973d4a4c28be29b695a4f187375d71d12668310a30b7ff321b81bb0fbaa4ce0c19029347653860de96dfe43f7251055f1400f4ee0a0ae9f5b21ab27c713d3425151af24c1cef3e7620bf5de69e3e1f9c9b7b7c5d5fb42db1f713bdfeb0fabb6ab4005e7819b8f7d46d9c55f5c01f54f3c771e23c12985742d68082327aa90346c8135931991b79b5c8a2ab9af78af33b671a16ec9cfb4fb3c51732614b701c80bc98e135c092c412381bd3600106ef7f42a1d4ebfd2dba94f3eac91e025ab4728154fb9da554eb4b1b69b228b1af8d2a5f391f31ee782de1269f07e3cb4c452d3c34af11e01bc656d836209b82053e48457573e5f73c6c2dd2c9dc61d2537623843c4d34395146b949656134a8ab7e58ffbf377c115ac7d4d94ead5f9a8ad64a322c626f630f6961fdb479b0df1d74c5dc97e8b0ee3814a482bea47c5ec03d4b32d2cf30952fc90ec5dc02ee71fb33de1db94384df0a39e9b0b325cf7019a8719f89d7fae473e3c4645e7ac6342de1bdf0cfd7e9a5df4eb0e9b888c3f633ff0bf8184ec56605e0938fd93bc1282c9ed0f4f477571442320ad9847ebb346513d717013bf490bac3746f5c2c4019c0cced9392cca8f9ba21868efebcf0cb48bc575b6f330504bdf7776c147f4bebbbe0c466e66badf966bdfe95d1af82dfd88309a5eebe1568e320b14801cd4ee8c09708778748f439fafb184a98bf5b0ce72228b1d254eb8f70fdfc744a997c833a0e53c697165ed67b6e1ad38936f478851b406ee5f447574cbbe425f737ec3d7e0cff837f1bda82b70b28466e25766f9d9f141133c19fa338a95ddd6302d5c35ca7f430b94684a60dba23521e90660718efca1c68066c4308c0ce8da23b5c2de1eaced9d09307b2e4a6fe46206d356b033afac084173c2206bee58fcef8fa14fb93130ced0658d04ffb92ae4156acff5c51b3ebe641934753b853c9376b1cfa5301af53935f9ba9be6cbb882d5adc3ad42a81edf10ae661f18e8f22e3f47d10203c83c93dac459d5c00cdf7ef46f9f5ef01a8d8c01804c8721c85a1416ba70cd313ea24bcda5a10b797e5c97a6318be044153a159bc0986fe0d33331ef9c161fc6764ca86be52184905f1e73d689bd737ac8fa7c235bcb2c1c6898386b1e8a406af7a798e17e3bf842ee2842cdb033983ac49343291fcf5480ee45f6709a87baee5e5898419b9db10657b27b9c5d4283a7f2c307eee7fd5ecc60489b45338118670ee8a53e518c70bdd9a1d3b01d6e7042c1dfb3c40f7161b45a3b2bfd04d53dfc81792a935057537aa41a3334a56bb5247c5e6dc1e9c88995ec16fb030c8a7323b6f6d2e6b209e813c6906ef07db36a3c4a1382a8e430e8c83d11903f48f0a1c921b50c5dbb0c5b0a17847aaa7eab10f2c349c1702124b7ef08fa632b16f2593bff69c4f182d46fb7df50a1ffca00c20ab2aec60b06b15d42c0742f5bb7cd88bf2d4e66d02b6c3a8849c32f00ec4091d54c2d4fd8cc20f0fc0710666885457b7fc1376136f2e226fbf5b5b320891c02710556837a37fc6df3676e3517bc3c4d08b23d07d27caf7f061597c1ec3168f9dd696b7dd6fa829d90cd9c6c036480f378d46c447dcc4fa4407998dbfa8ccbe2cc6dfd47f9a3c6482ef039254273f54f303af9d1716c2af21448c12d83540eaf3f3d94a5349d83d1e9487a4a6080eb36346787f2c60c4a942bdb0df001637e096fd57d8739baf295e4fc90c414b34bc21729e72cb324027b58bc9f187385f93451653a06801feb6839530463fa5bce644233822a270d36147119ed0fddfb0cb7746aadddee36080ff4e472d753cf7f30ecfffbe4bfb5a29828fb4359cd2f650030cdfc6f15463a85237a680276e1ee546a11d0081422a1f0fdcb8614d607e43595fd4d38f1737a13ff5619cc7d91564d31234114292b4375ec5fff1466939c806242d7d8d86adc80424947775e02513f602a01d752f88f12ecbf4172f5c0d80bbc73508f9048e85c1ce8a203fa74cd26da7406eec6259c1926473306d5860c2013c38e22e140c0bbd06a3f41b80b1eecfd87d5e630d25e8a39abb41697b3149338f77f66dac35b16f474665333828be518587aabd8b62ba06f96d050e183339e93f6ddab2c3485c6d583d89c2d48c3f5b5ca9fcd56d763560c539649196610f2e0a0914403ff86cbf08814e00c587e306e6b4d948fe81e1bc6954363450729ab8b0072a4d8f0ae6ad53a9b8292cdc13e31f5da4a2a1191449ca7f5127121f2e117b3d3503938ea80f9f83eb12bc8611024ffc24ecbc5e331e35ff809967e6350ffeff95c2aea788636507f4adc242c4bada0a9b7f444a564ca15784863ae94267b8d79ea9383f97b2a0d25a9f83b3c47ccf3d48782826fe451d29bd28d16774e2c30f78126c2939f70948c5ab311c314e240cb509f90bfd6c1782c2b7320f4ec566905ace0c36fff57c607c77b28a69d77954bfd232a67ab809d5050dfff65485315a0745faefe5aa098bc22c4d6c263c98dc85f175726aa1fa6a16bf03be7f3235a7fd45aeab94cae769df6d9f49c455a68a367405e83b2970e8816538a51de05ebe2774f827e03186759682690d940d5622d35c8eb7bf71774531f189bf222a36bfc5a6a0579da97a11bef6e4f86452499de0a5d6f5d5baad6f80cac388fd58ad2cda084c3c5e81656274bd915bf5040ebd4a901cd82918189aa4c6a41345d19aa1fbefe3ec9d8df3217ef2a51f30e484b858e1d3574f746a011fbb1dc70d2451a3cc60afc966f4a6baf1963e353b8716d4520ac6a387fff6fb8e2ee4f922567ba29a3bb7c21021008ef8a2dc4506516683058a56fd64cbe9938fd8853246300c824ec361b76848422914ad5ad164fbc59f476a9ebc82491d39f81a8d106d62747b0b99fd80307044ee869670f28e58af940b0a6a974f2f8628d25b9fe97c53cd9cf8e2aab758836fd51bba8df6f6a368087cb2d6b22ed99e8b84aeb5a2f6d37b31d496a4eb2418af0108067dc81a7ed33295331dd6b763e2dfa25457f3276e5c5dde1f9e42b5de3bfb704651a68fe40c8675d98a2df8c7d69b97c52f2c13a50c390ada9b03857dc2d0c4d0a3b8f6652e3f439c09f735680c44499012d330ab21b9bceb6f7c66eef85514dc412fca5c21768f88bfe3e79bf42753597d73453a86ac9700b24e07ed06eba95170a8b3fd601622de860d0fb1798515328c1facbe28052d3ecaeeaf059d4433128c49af156e55fa76ea60fd8572ff52e515ceb3280b3db1b393d8b38c92e3e52936bf5e926f2a8405a4faed48f206a5b8a6bfb8f4e80a621740698ccb8f02a085e508c0f6a78d6f2a89246f625875e31ab1e17b27fe6f4d76a2bc5c386561b8d11bdbdf8faf002249090e8c1f82c5c00bc4fdfb5025d07743dfb2a09fccc24c429e1b48cdf892d2e308da6b26c6bd61a8eb6f87eda333fa6d006b5e7f3d6d1d00d2c3396ac7df9599915b74fdc2f3c14d90c5e22c24f3e5e4f4a7a1b079cb3b2d8976267a48025f92e14537135e7920d7643f877789fb7edbc51d644dfd68e4e5b4737854f7d13db3d8dc671f88abb24e65b67a4e9e5c0506ca239b03d3f878ba51bc03317780e6009519621a06bd0051da996e00b83ab6aa405054a43f6496901b5056cafc5d4778561bd7aa872111c9235815d93509653cc7b41ceed6eaa882feac101e77ed95b915a534765f1edb25b72b39cd79f650d0e2f16db28c6c233dec15dd40c745daec3225057a725d7b45e1893e540abb9a20ca3a7fd00d095c31fd5255abe431dbe2da2ee126c79f1eec2b1b6f166af1747c9a615ddbfce277ee9ee213f0f61fe6d1202f44fd0ac11bd2a3c996b49c9c763984b67324fecaf93f16ab44b55fba2702baab0a848f1c209320b0e482d72621fdd49723720fcebf727ef42494fdffd50908bee43ae8942e1411c818848d02abd8b65e5929f04d7c56065c1ca88de2f90efe008ba7481c888a8e826725ea336c567dfc085b701a9a4281a4f68f7647c3758d28eb49cb93bd1404618adc76945efac75e09de9631728272d75676f057e7ec49d7669673ec1d34a1ab6b3923a42c5fa7c5aad2bb9331676f6641a722746c3b31df77dfb2de52380ca03ee87e79f86dc4e6b1975d5787b205401cad7e8fc13f1bb78272d7b3c202f1b5463db547481c4c67f97029672403f5ec1117a3d91bfda00ac3b551dffd28d0190a115f4396898d7c67aa5ec29337ae825946b5bfe67f4810d5f6eabfd5be3c11fb6986d7fd06b45b4bd647db5ebeaf697edd14aa0a2ad740bdea2f7076abe106e1c7c8f86dd674663d21a7069501d84a33e064229b3c332b5b1b1cb29a0c1be888419c73c6eeb59fb00573834a1200b4fcb0274ac64e9bb41066d490f2ff81081c7f8bf5238892f275e9b1b07871877db682aeb34837d62e7e9289497fd839ec25f4d3f55db210e4da398eeba66ef0a5dce3ba0aa5c2790adfb190bbe50c01dd67fae1d81ead8b8683b643496f6d88626a3b46c6f14f899b9138b86f20aa0b1a1a51b6e4cb89f337a5595d7f35c0ae02d4be2b4b015dc281de598f048ddb2f2eb98b0df4aafdef0ebd4f22741de93ead5ad1573a30c9ae93f7d908d90875c1ecd664024fdfb0b9c8e0e2ff46f0d31192bce09a61b9d8349681127665c88ad91f80e8cf8926a58b351cb9cda75f148df5f6d7e7aec98d05b96348e2c3d938cb6fffcf7cda5c1ff3a6505ae616f1b1b85f9ee8fbc376819ac024402193176bc3e536d4d648479ae5bf271f34940271f3a69d1a7f60fe2b46762c5e7ee0c48a39a0024384598cff952f576edf069f86345595b3d7cd045cb39b8c2255167635f158cac717276022be82664fcc2afd66b1f76cde42a54dacd577cf4f4a015e74cf133ee1cfa5c0b8ad927a276a2bf1938161910aa99ed015605acd19457ab4d76c1a3bf86357aba9236c5399ecc06cfc4271d5dbff7a2fdbdd66ee702e74ac29897c96d84b50a7f4b05f2b54308f8b0db5dd9954f3c38efa673c3ab796c249e28958cf7228e37e06402e06ab7a9a69bd76eb3724c1ea86c7af4eea6e99cacf2f2e9807561b7d38570a6c63c20a75fb87ba24b6b48e625aa52fc89d3b19bcd42ec3b4c924bff8ca2adde5966b1c8051c6d541c34b7ee1731fdba2aa5790ab3fe477d56d6512ec3673928498d36513e19dd46d8067661f96c02bf14b74217a13bb6ebd9632269ebbbafb64a1ffa6a02976e9ed08f111dd75fbd7cee93ae0be297f6fcd77f7d3652ee09e4b6081ffc372e6f28595ed9517dc96e72b250470", 0x1000}, {&(0x7f00000032c0)="7fa75564ff0751e0fa3b935b05ece9a57c48fdf602081925b3021ee454d1cc6dd9a96bb7b41e28bb62601d", 0x2b}, {&(0x7f0000003300)="e2358bf4b7dd9f3ca031904198e4c3513a9628cf2f5039bf4c82320d959737cb82f8e45e16fbbe294140871e8795af087698eb2f7644186ce876d56c9e0ce3b7b40edd896a5e904b46e6ea01466b9b13eabc749189b8036e12146d10aa9d820a90e6c08095648678d1fec15ff70dd0e40a2be5552992d4a486fe54f75c77feefc0ccd96dac5413dc793b2cf6cc7a973e4cac0cd33cfd41c33f89667b4c", 0x9d}, {&(0x7f00000033c0)="2bcb1b0ca592f59c1f557a1fa4c393bd0bec5c", 0x13}, {&(0x7f0000003400)="3a59775bbbffee1dcee2301c250ce7f657d2917556cbaadf61c44dac86f4c91a46221672c63e9a040a106f3881155a2d310463047c865de9727b21dafd4610141d622bd8a71a52ea0e52377e654687ae5c02cafd3231b067331812b149cad686825ff54dc40a690210b5e4bcf7bad9d8ef09d4addcff26db11eca3ee122056795369d264addbb774561b04b90ac00b75bf4748c6dcc3ddcc818fe03e8a7462b5af3840f646165576fb2721a09a0ee67d7c91687a50a8c7405fcbec193e90f2bd48047f112dc70a72a839a181161d79eb7d5b6b354d3f66f642ce1fee64e0c4", 0xdf}], 0x6, &(0x7f0000003580)=[@hopopts_2292={{0x60, 0x29, 0x36, {0x33, 0x8, '\x00', [@padn={0x1, 0x1, [0x0]}, @enc_lim={0x4, 0x1, 0x5}, @enc_lim={0x4, 0x1, 0x28}, @calipso={0x7, 0x38, {0x2, 0xc, 0xd4, 0xff, [0x1, 0x6, 0x1, 0x2a, 0x669, 0x3270]}}]}}}, @hopopts={{0x38, 0x29, 0x36, {0x84, 0x3, '\x00', [@pad1, @jumbo={0xc2, 0x4, 0x7}, @calipso={0x7, 0x10, {0x0, 0x2, 0x1, 0x26, [0x26]}}, @pad1]}}}, @tclass={{0x14, 0x29, 0x43, 0x4}}, @flowinfo={{0x14, 0x29, 0xb, 0x7f}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x89, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x8ac3}}, @dstopts_2292={{0xa0, 0x29, 0x4, {0x2f, 0x10, '\x00', [@pad1, @hao={0xc9, 0x10, @loopback}, @jumbo={0xc2, 0x4, 0x7}, @calipso={0x7, 0x10, {0x0, 0x2, 0x6, 0x995b, [0x0]}}, @enc_lim={0x4, 0x1, 0x7}, @hao={0xc9, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @padn={0x1, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x28, {0x1, 0x8, 0x2, 0x2, [0x3fbe709d, 0x100, 0x8, 0x0]}}, @hao={0xc9, 0x10, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}], 0x1b8}}, {{&(0x7f0000003740)={0xa, 0x4e23, 0x6000000, @loopback, 0xa66c}, 0x1c, &(0x7f0000003840)=[{&(0x7f0000003780)="3972b0d77efca1396f7e46026e1449b8dd5bbf885c311e5ba44e106a3657b140e546accd4b5add556e89daa0159ee785d65dca721ac569364d3fef6df556049df3796649bdb0453ecea9e9e7eb9caa3d1deb41397f0de119c195884e2c89e4727a69ee190296ae2315d954f6b233d4962ea5003934f3721474785285f900f9fe8db4d1bc1b14ed19ea5c4d", 0x8b}], 0x1, &(0x7f0000003880)=[@pktinfo={{0x24, 0x29, 0x32, {@loopback, r5}}}, @dstopts={{0xf0, 0x29, 0x37, {0x32, 0x1a, '\x00', [@calipso={0x7, 0x50, {0x1, 0x12, 0x6, 0x7fff, [0x0, 0x0, 0x8, 0x7, 0x3, 0x3, 0xb7, 0x100000000, 0x401]}}, @calipso={0x7, 0x50, {0x2, 0x12, 0x8, 0x1, [0x0, 0xbf, 0x2000000, 0x0, 0x400, 0x6, 0x4000000000, 0x8, 0x7]}}, @generic={0x1}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x20, {0x0, 0x6, 0x0, 0x1, [0x10100000000, 0x4, 0x4836]}}, @padn={0x1, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x9}}], 0x130}}, {{&(0x7f00000039c0)={0xa, 0x4e22, 0xa7dc, @private1, 0x6}, 0x1c, &(0x7f0000003e00)=[{&(0x7f0000003a00)="f3bcec7f58157731dc814689242db72474c8f928d3026557d59a6c8c543034", 0x1f}, {&(0x7f0000003a40)="35cfcecf6b37b63a4379c03f463d9ca2ae84dc4ae26a98f49d959e6914c71ab0ecc6f5ec5f052f24edcc62453860a5c82ec88e878cceae804dedef74673256c41617ea7bce1eae1056042323828f12e05e5ff6d8884c7dcf08e40927514ba84054bda2f36fd85f5d3a52c67d9609dc4a53a7fa1623319efa67a9c1db763cf52448592ff32d2c3957ebb2a79d14c0303c74e6be454ae2c82e10da1f12b91b01649ca1ad201ee567d381b3e9429c956c921fe65afafe16008af00ebf2d7ad204286661fd268836174ede1baa095ad6e93367b5eead86b2e413067e16d5de90bc6c44ad6a6672730eb0ac0d1fd8afebccc108465dae8400", 0xf6}, {&(0x7f0000003b40)="e470a90414eee6e3bf920a4fa4474390c290f223ae42b8b3e5140d9e15209d26df23fe5c317fd622bc66f50c77f2e620277910e47eb533b282751901395a26d720a0f874dd60dffc223ba3fb042033794de7ed021b0313df2a0403652b6b108a157f7401c6d47936a4b8c57f71220c3550083de3fe91dee00d737052ed794e8225779b40f5ee12262a0922c69f47ad317072953c5dd9", 0x96}, {&(0x7f0000003c00)="3c39c1d91fef5b3554f6c6263620d721a71031f9b39e20dea9fe2d7208f34684cb62f59ebd44213eb60a1c3cc11a969e9f28d48c4c67faca92acbacee27e5d40c7f4a295b200975cf3a125fcc3eab2aef2eeb2e24a69a66850a8923cfea9bcaa5231fbb84334375c514e730068c6cfb9977dd212784cfc704b2a7a0ff562e8b55cecd363ea08730ee3f42b7f96fb0527fb48acafad896943e158fb401afb212c898bf452eda854b9f11e30d83ba1b30b98ec4addbaa0affb4e571de8a65907d024a0fad09f8cc0ce7d1cc9711139e3aefa703a1c66af894a54c5b29e6883fe12ef9b2f1765bfa1d3b9", 0xe9}, {&(0x7f0000003d00)="af7da5d5f9d3768212671ae56baffbe6bd1ddbb5b196f07420949b20e4dac79222f03aeb640b5870e976f37f58d785d9079480cefa2f5daec9bc822906fa49d6b25db0e9773b3a54fbf897e7bc4d14f98714c291b5c2597386b311bca509e9aff32ad88c34f421dbec9eb33efa0861563937d071f43dd17a105b44c57a09c394a09a4b6acb7117638bc5e8219fede3e09287ac29b49594d29c685abb9ec5fc7f375bc4e5dce522ebb1c9241d173eca15b3feb0f4d481fa91c2b3088019c0e9b8ad5ea98c92fcfe02029ab67491a00afc9a43e810b91ced5759518420a5536c0cce891999db744541132f4e50c1a0ca0b2ac51ef8bb98865bb98c8fad48", 0xfd}], 0x5, &(0x7f0000003e80)=[@rthdr_2292={{0xa8, 0x29, 0x39, {0xc5, 0x12, 0x2, 0x8, 0x0, [@mcast2, @empty, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast2, @mcast1, @dev={0xfe, 0x80, '\x00', 0x37}, @loopback, @ipv4={'\x00', '\xff\xff', @remote}]}}}, @dontfrag={{0x14}}, @hoplimit={{0x14}}, @hopopts_2292={{0x28, 0x29, 0x36, {0x32, 0x1, '\x00', [@padn={0x1, 0x3, [0x0, 0x0, 0x0]}, @ra={0x5, 0x2, 0x3}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x7}}, @dstopts={{0xd0, 0x29, 0x37, {0x29, 0x16, '\x00', [@enc_lim={0x4, 0x1, 0x80}, @generic={0x10, 0x14, "c5f6cd40ca47d30834c02e987610587782253684"}, @generic={0x80, 0x88, "e71e16ccc00fd5a7ad049f2cbc29a5fa29254b518822e03a9732ed685893defe959c8bda7e7ad5eb482517bf3d3a8dff66aca3e3866445fa681c5828acfce7616909fcbd8eb542373af707c205a172c369fc808d8c2f66a456c2d04a1f62626eb73f7686aed72f4a873e3245ec20610730ec1a40674833e523d0700644f0112d96b7c9effd4d01cb"}, @ra={0x5, 0x2, 0x400}, @jumbo={0xc2, 0x4, 0x7fff}, @enc_lim, @ra={0x5, 0x2, 0x215}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}], 0x200}}, {{&(0x7f0000004080)={0xa, 0x4e22, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x5}, 0x1c, &(0x7f00000043c0)=[{&(0x7f00000040c0)="5028d4c391063f5cd1c6a86ce7a9585a6964f7d04c3b1bbe6389be7ee30021e763f161a4f18136bcd9085e197489b30edf771f1e67b7b6bec72cdfba9a352df6df53a7dfd300419b5a3fe80d7d2f2839d0", 0x51}, {&(0x7f0000004140)="150bcd3f94c0ec", 0x7}, {&(0x7f0000004180)="babcbadb0eabfba8944b54d8f652088708d721d17ffb5966739f87201f219374c5cfd7a0e0b40175a03f2e9662eb419c82acd4d46dd4f14108205b97f5a6e633f97092b116215ecccefe116095469f9abd329d1b5ba99989f96ea555701002d45fb724c09c3bf80ae7eda3e930f0fc9d70d7234ac6eeff509c81c7d1794510101a45f527b5f5913219f6788b2b7f0896bcce6666d8fc94916aecb9290069e483cc23826aad36859f2902b8078f2fd86d91", 0xb1}, {&(0x7f0000004240)="24e8e5908d2678b5634427190b5875585f04a1f525a47942684bd9a9ba61febb9efdb5991b183fe8ef54e51b8ace4ece4256e1e82b4230bb867d14ed73662f72cd485f8ffe4d26c129e2e832c2935d2a617abbb889eb4d17bd", 0x59}, {&(0x7f00000042c0)="5ff9886e586f4d1c61b8d0a6ba5e15db7b1cece7c74d3c24ae47a7bce14eb909851e475ac6173919a6da2cf13edfb7c983a1c3a1957ca999ee0cbf87531f4be05d1fbbe43a3802986401ec7ab829259e2f5abe7799d67e85d21e866492ab9d013a0c5a07470180f3730345cb962cd75e0779d3e0d87b31378a938989d71ab7d47917c583b4e55b3588dbc6c2ab8de1774dfb44ec14b02cde18a81ffe1621caebb3b93ec2d2f5696ac3f973be4c8041060348e7a55671e9b0e3cdfeb3c9d91b84fe", 0xc1}], 0x5, &(0x7f0000004440)=[@rthdr={{0x58, 0x29, 0x39, {0x2e, 0x8, 0x2, 0x8, 0x0, [@private2, @empty, @remote, @rand_addr=' \x01\x00']}}}, @dstopts_2292={{0x28, 0x29, 0x4, {0x33, 0x1, '\x00', [@padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}]}}}], 0x80}}], 0x7, 0x4000) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:15:56 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff1f0000000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:15:56 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6800}, 0x0) 11:15:56 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x100000000000000}, 0x0) 11:16:09 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x401) dup2(0xffffffffffffffff, r3) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r2, 0x0, 0x500000001) ioctl$F2FS_IOC_GARBAGE_COLLECT(r4, 0x4004f506, &(0x7f0000000040)) dup2(r0, r1) [ 2327.175978] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:16:09 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6c00}, 0x0) 11:16:09 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffff7f00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x300}, 0x0) 11:16:09 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 28) 11:16:09 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7400}, 0x0) [ 2327.230881] FAULT_INJECTION: forcing a failure. [ 2327.230881] name failslab, interval 1, probability 0, space 0, times 0 [ 2327.232435] CPU: 0 PID: 11231 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2327.233342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.234410] Call Trace: [ 2327.234753] dump_stack+0x107/0x167 [ 2327.235224] should_fail.cold+0x5/0xa [ 2327.235715] should_failslab+0x5/0x20 [ 2327.236202] __kmalloc_track_caller+0x79/0x370 [ 2327.236786] ? match_number+0xaf/0x1d0 [ 2327.237296] kmemdup_nul+0x2d/0xa0 [ 2327.237748] match_number+0xaf/0x1d0 [ 2327.238236] ? match_u64+0x190/0x190 [ 2327.238710] ? __kmalloc_track_caller+0x2c6/0x370 [ 2327.239325] ? memcpy+0x39/0x60 [ 2327.239747] parse_opts.part.0+0x1f3/0x340 [ 2327.240291] ? p9_fd_show_options+0x1c0/0x1c0 [ 2327.240867] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2327.241535] ? trace_hardirqs_on+0x5b/0x180 [ 2327.242091] ? kfree+0xd7/0x340 [ 2327.242527] p9_fd_create+0x98/0x4a0 [ 2327.242999] ? p9_conn_create+0x510/0x510 [ 2327.243541] ? p9_client_create+0x798/0x1230 [ 2327.244104] ? kfree+0xd7/0x340 [ 2327.244523] ? do_raw_spin_unlock+0x4f/0x220 [ 2327.245086] p9_client_create+0x7ff/0x1230 [ 2327.245638] ? p9_client_flush+0x430/0x430 [ 2327.246184] ? trace_hardirqs_on+0x5b/0x180 [ 2327.246737] ? lockdep_init_map_type+0x2c7/0x780 [ 2327.247339] ? __raw_spin_lock_init+0x36/0x110 [ 2327.247921] v9fs_session_init+0x1dd/0x1680 [ 2327.248475] ? lock_release+0x680/0x680 [ 2327.248986] ? kmem_cache_alloc_trace+0x151/0x320 [ 2327.249606] ? v9fs_show_options+0x690/0x690 [ 2327.250189] ? trace_hardirqs_on+0x5b/0x180 [ 2327.250739] ? kasan_unpoison_shadow+0x33/0x50 [ 2327.251321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2327.251968] v9fs_mount+0x79/0x8f0 [ 2327.252427] ? v9fs_write_inode+0x60/0x60 [ 2327.252953] legacy_get_tree+0x105/0x220 [ 2327.253471] vfs_get_tree+0x8e/0x300 [ 2327.253948] path_mount+0x1490/0x21e0 [ 2327.254447] ? strncpy_from_user+0x9e/0x470 [ 2327.254995] ? finish_automount+0xa90/0xa90 [ 2327.255551] ? getname_flags.part.0+0x1dd/0x4f0 [ 2327.256142] ? _copy_from_user+0xfb/0x1b0 [ 2327.256672] __x64_sys_mount+0x282/0x300 [ 2327.257184] ? copy_mnt_ns+0xa00/0xa00 [ 2327.257677] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2327.258370] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2327.259025] do_syscall_64+0x33/0x40 [ 2327.259495] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2327.260140] RIP: 0033:0x7f9990caeb19 [ 2327.260619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2327.262952] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2327.263925] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2327.264840] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2327.265741] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2327.266650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2327.267555] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:16:09 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffffffff00000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0xc002}, 0x0) [ 2327.289751] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:16:09 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:09 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x200000000000000}, 0x0) [ 2327.319210] 9pnet: Insufficient options for proto=fd 11:16:09 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x480, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:23 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 29) 11:16:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:23 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7a00}, 0x0) 11:16:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x80000}, 0x0) 11:16:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) syz_io_uring_setup(0x31d5, &(0x7f0000000040)={0x0, 0x85bf, 0x20, 0x2, 0xa5, 0x0, r1}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000180)=0x0) syz_io_uring_submit(r2, r7, &(0x7f00000001c0)=@IORING_OP_SYNC_FILE_RANGE={0x8, 0x1, 0x0, @fd_index}, 0x3) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:16:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf00000000000000}, 0x0) 11:16:23 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2341.194840] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2341.205904] FAULT_INJECTION: forcing a failure. [ 2341.205904] name failslab, interval 1, probability 0, space 0, times 0 [ 2341.207408] CPU: 0 PID: 11261 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2341.208265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2341.209295] Call Trace: [ 2341.209627] dump_stack+0x107/0x167 [ 2341.210086] should_fail.cold+0x5/0xa [ 2341.210568] should_failslab+0x5/0x20 [ 2341.211038] __kmalloc_track_caller+0x79/0x370 [ 2341.211611] ? match_number+0xaf/0x1d0 [ 2341.212127] kmemdup_nul+0x2d/0xa0 [ 2341.212573] match_number+0xaf/0x1d0 [ 2341.213052] ? match_u64+0x190/0x190 [ 2341.213516] ? __kmalloc_track_caller+0x2c6/0x370 [ 2341.214109] ? memcpy+0x39/0x60 [ 2341.214528] parse_opts.part.0+0x1f3/0x340 [ 2341.215057] ? p9_fd_show_options+0x1c0/0x1c0 [ 2341.215618] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2341.216271] ? trace_hardirqs_on+0x5b/0x180 [ 2341.216804] ? kfree+0xd7/0x340 [ 2341.217214] p9_fd_create+0x98/0x4a0 [ 2341.217675] ? p9_conn_create+0x510/0x510 [ 2341.218185] ? p9_client_create+0x798/0x1230 [ 2341.218739] ? kfree+0xd7/0x340 [ 2341.219145] ? do_raw_spin_unlock+0x4f/0x220 [ 2341.219689] p9_client_create+0x7ff/0x1230 [ 2341.220216] ? p9_client_flush+0x430/0x430 [ 2341.220737] ? trace_hardirqs_on+0x5b/0x180 [ 2341.221268] ? lockdep_init_map_type+0x2c7/0x780 [ 2341.221849] ? __raw_spin_lock_init+0x36/0x110 [ 2341.222420] v9fs_session_init+0x1dd/0x1680 [ 2341.222949] ? lock_release+0x680/0x680 [ 2341.223442] ? kmem_cache_alloc_trace+0x151/0x320 [ 2341.224031] ? v9fs_show_options+0x690/0x690 [ 2341.224575] ? trace_hardirqs_on+0x5b/0x180 [ 2341.225103] ? kasan_unpoison_shadow+0x33/0x50 [ 2341.225661] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2341.226314] v9fs_mount+0x79/0x8f0 [ 2341.226765] ? v9fs_write_inode+0x60/0x60 [ 2341.227282] legacy_get_tree+0x105/0x220 [ 2341.227784] vfs_get_tree+0x8e/0x300 [ 2341.228243] path_mount+0x1490/0x21e0 [ 2341.228715] ? strncpy_from_user+0x9e/0x470 [ 2341.229247] ? finish_automount+0xa90/0xa90 [ 2341.229774] ? getname_flags.part.0+0x1dd/0x4f0 [ 2341.230356] ? _copy_from_user+0xfb/0x1b0 [ 2341.230869] __x64_sys_mount+0x282/0x300 [ 2341.231366] ? copy_mnt_ns+0xa00/0xa00 [ 2341.231846] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2341.232496] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2341.233128] do_syscall_64+0x33/0x40 [ 2341.233585] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2341.234213] RIP: 0033:0x7f9990caeb19 [ 2341.234681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2341.236935] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2341.237869] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2341.238753] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2341.239631] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2341.240503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2341.241379] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:16:23 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x9effffff00000000}, 0x0) [ 2341.271736] 9pnet: Insufficient options for proto=fd 11:16:23 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:23 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x8100}, 0x0) 11:16:23 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x2}, 0x0) 11:16:23 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 30) 11:16:23 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) syz_io_uring_setup(0x4d4b, &(0x7f0000000080)={0x0, 0x40000, 0x8, 0x3, 0x1, 0x0, r1}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:16:23 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:23 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2341.370081] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2341.419790] FAULT_INJECTION: forcing a failure. [ 2341.419790] name failslab, interval 1, probability 0, space 0, times 0 [ 2341.422465] CPU: 1 PID: 11284 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2341.424036] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2341.425908] Call Trace: [ 2341.426511] dump_stack+0x107/0x167 [ 2341.427329] should_fail.cold+0x5/0xa [ 2341.428186] should_failslab+0x5/0x20 [ 2341.429051] __kmalloc_track_caller+0x79/0x370 [ 2341.430081] ? match_number+0xaf/0x1d0 [ 2341.430969] ? kfree+0xd7/0x340 [ 2341.431712] kmemdup_nul+0x2d/0xa0 [ 2341.432517] match_number+0xaf/0x1d0 [ 2341.433359] ? match_u64+0x190/0x190 [ 2341.434203] ? __kmalloc_track_caller+0x2c6/0x370 [ 2341.435303] ? memcpy+0x39/0x60 [ 2341.436045] parse_opts.part.0+0x1f3/0x340 [ 2341.436992] ? p9_fd_show_options+0x1c0/0x1c0 [ 2341.438009] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2341.439195] ? trace_hardirqs_on+0x5b/0x180 [ 2341.440163] ? kfree+0xd7/0x340 [ 2341.440910] p9_fd_create+0x98/0x4a0 [ 2341.441745] ? p9_conn_create+0x510/0x510 [ 2341.442686] ? p9_client_create+0x798/0x1230 [ 2341.443675] ? kfree+0xd7/0x340 [ 2341.444411] ? do_raw_spin_unlock+0x4f/0x220 [ 2341.445402] p9_client_create+0x7ff/0x1230 [ 2341.446366] ? p9_client_flush+0x430/0x430 [ 2341.447316] ? trace_hardirqs_on+0x5b/0x180 [ 2341.448286] ? lockdep_init_map_type+0x2c7/0x780 [ 2341.449348] ? __raw_spin_lock_init+0x36/0x110 [ 2341.450385] v9fs_session_init+0x1dd/0x1680 [ 2341.451356] ? lock_release+0x680/0x680 [ 2341.452261] ? kmem_cache_alloc_trace+0x151/0x320 [ 2341.453341] ? v9fs_show_options+0x690/0x690 [ 2341.454354] ? trace_hardirqs_on+0x5b/0x180 [ 2341.455321] ? kasan_unpoison_shadow+0x33/0x50 [ 2341.456341] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2341.457473] v9fs_mount+0x79/0x8f0 [ 2341.458277] ? v9fs_write_inode+0x60/0x60 [ 2341.459205] legacy_get_tree+0x105/0x220 [ 2341.460099] vfs_get_tree+0x8e/0x300 [ 2341.460931] path_mount+0x1490/0x21e0 [ 2341.461792] ? strncpy_from_user+0x9e/0x470 [ 2341.462768] ? finish_automount+0xa90/0xa90 [ 2341.463734] ? getname_flags.part.0+0x1dd/0x4f0 [ 2341.464772] ? _copy_from_user+0xfb/0x1b0 [ 2341.465708] __x64_sys_mount+0x282/0x300 [ 2341.466627] ? copy_mnt_ns+0xa00/0xa00 [ 2341.467502] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2341.468683] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2341.469839] do_syscall_64+0x33/0x40 [ 2341.470690] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2341.471848] RIP: 0033:0x7f9990caeb19 [ 2341.472688] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2341.476829] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2341.478552] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2341.480158] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2341.481763] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2341.483379] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2341.484984] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2341.486763] 9pnet: Insufficient options for proto=fd 11:16:38 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:38 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000940)='./file1\x00', 0x105142, 0x1) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r6, 0x0, 0x500000001) sendmsg(r6, &(0x7f0000000280)={&(0x7f0000000040)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes256\x00'}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000340)="a37d08cdabd239144f7db620856a582ecef11454e24518cdf25a566dada6193a2475b78a8cf7c072dfaecb846735ea73a253b95eaae8959b338f55704b4bc87a40aad60600ae8a6cc9a2899a029414d45117335964198264abd1d578881b6e8c832c58e6ad60e8490aa91fdf440cbf7c77d5e0bd5029f3d38c804b110d972d0fd7594ebb88e321fe865722d08ebd4cc762171442a901b76d05f2620f7fb27300d81d50ea4985a9bdb7085936583b909e2f91bd45bafd9fa945cfdd2b457dcef7f91321877ce724dae0d60c7a4b56dea7959dc9343ae05d510eaf3c732ac14e80b9c398", 0xe3}, {&(0x7f0000000180)="69ac8f2261cdd9090fbbb7937c75cbe54701dd36dd979d0b24b3f55cc26190d9ea23bbca526d4ee8e292c513505135ad531dce8b4199c523c8d400e055746db6793fed92123af158fb8e9594ff4877450dbe96ae", 0x54}, {&(0x7f0000000440)="eff4ae987132201805fab98031f0ebe718640a0b69ee831ccd8e5ae1393e49499647e1758c48a3b5a374c26df0ac2b698ef6d05f98138c9758e6a599b575ef6e5c0748390635000212f548e5479183a19b22f1850ee37ed613e7b20faaa32eda3a5936e5206e7018c9ba060fa564fa7239a57f74c10b003db9e0b56f4c2b6ceb03fd5bac851ccb6981877bfb58f2bf055e45f856e101541eb525144122faeb8296926538885ee09b74ebf5de07883a36c25ab42961cc08fbee4d80213b82dbc8321e5eafd5713508d05dea2e9a8c88e03e6b248b4d013b7f", 0xd8}], 0x3, &(0x7f0000000540)=[{0x90, 0x117, 0x8, "a11c27068705fea33b441470acb424043bf2dd5780c57762dbb017dfc7488e02f4b8ed79f73e9ec31be8d5f287c0c7f1603e73c542c03967e04fdae2fc078813369a5555e1ddd89859c3b3a2c415d28ae02ae9ce70661dc45d59d282c91b4517239f8457cac6546539dd2558d0a99cf265e0e898ad29d73bb7dd"}, {0x78, 0x114, 0x3ff, "d8e41ded15e0c528abcda8b9612502ea5e8e2b7078aa7f75318d426df55c5513fb466a0057326e1c52a59d893740b3ac6c63f288a8cf5df57c4dcb07e252e1f0e8411607ecaac233d27a4b158ea5ab05887b71db1658d04eef6d1b2c32a779a3ba0cc6d105af"}, {0xe8, 0x11, 0x81, "00619ebe10192e9eaedcfd845895b53a16650562f06578bdd96f4747030fe8d92fb4b9279b7fdc0a77c09d347ad5757b5ab9f3f9a67c1d8a52f0175ee9fe8b8bd42f38bd74c11ad8656c47a973b06919311fe67c77c5f628ff4ee1620e5df930fe4fb1cd105eaf455f9be592166074074511cc1906691ace137de5e2512e5ac8269ff5327521cd8bdf31b1bbbc60ea93e28e3b0acf843795bc2f76fe5e9b568410867c0cb124c0be5a3f1148cb9c9fd47e99cd7ff3b87b678d457feaa53a5a8dc90b9b7a23f32b3524739c1ff3c3560f91cdc202054215"}, {0x50, 0x10f, 0x8, "8940922937f5de7b89cf6e5a1b51b4e75dde14b47dd40b3884adba2374fcadcbcb304aa78c463801f43349b92fff2bc283f7302348a28d7e4a50e8"}, {0xd8, 0x10f, 0x1ce, "d55d95c7254b6ab4f7e6d8854a544e3f8090fb1ea97002033bf75f1d31ca1fc5d20413b9b484a0d2b498bd4e493cbbf48c72cfae7153a45e458f92309bca311bdda5622885bfd4e0152f79169f61a4fd4d14dcd1b42490f01a0454dace5a7b0c874328a38a953b170181f13afd3504253586939994f8445696310020a20e18c0a5fee7657b5fb4dde2094527f73be45ede97db0e1f01d8b1a4f29d288fabe14775dd2d137d76126a9876b2dec04f401952d51bd0485c9ab455bbd1ad535c8fbf487fff0231"}, {0xb0, 0x108, 0x8, "97dcafd158b9aa7c2460085d89e50a16792de103ce1fbb66ad23fd9f67f931e4c23834e7f52592f2b46a525425a0966d94619d32d96378b34461f7ea94ea94125a547a099a50a0bd46ca4fb72774b76f7a7227099fd9b536d309ea2dc555de9f9de876f2f0ea8b85027073a8d77ce7eb98f111cb6564ab690a63a780f8a959a3a06224a872105eee899a3ccaf8f3a9d9649b818fb246307e49e413aad0"}], 0x3c8}, 0x4000089) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000100)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd, 0x5, 0x0, 0xe2, 0x0, 0x1, {0x0, r9}}, 0x2) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:16:38 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 31) 11:16:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xcf00000000000000}, 0x0) 11:16:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x3}, 0x0) 11:16:38 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf000}, 0x0) [ 2356.284682] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2356.293727] FAULT_INJECTION: forcing a failure. [ 2356.293727] name failslab, interval 1, probability 0, space 0, times 0 [ 2356.296157] CPU: 1 PID: 11298 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2356.297612] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2356.299380] Call Trace: [ 2356.299942] dump_stack+0x107/0x167 [ 2356.300716] should_fail.cold+0x5/0xa [ 2356.301518] ? create_object.isra.0+0x3a/0xa30 [ 2356.302502] should_failslab+0x5/0x20 [ 2356.303307] kmem_cache_alloc+0x5b/0x310 [ 2356.304173] create_object.isra.0+0x3a/0xa30 [ 2356.305090] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2356.306158] __kmalloc_track_caller+0x177/0x370 [ 2356.307162] ? match_number+0xaf/0x1d0 [ 2356.307987] kmemdup_nul+0x2d/0xa0 [ 2356.308739] match_number+0xaf/0x1d0 [ 2356.309526] ? match_u64+0x190/0x190 [ 2356.310299] ? __kmalloc_track_caller+0x2c6/0x370 [ 2356.311349] ? memcpy+0x39/0x60 [ 2356.312048] parse_opts.part.0+0x1f3/0x340 [ 2356.312950] ? p9_fd_show_options+0x1c0/0x1c0 [ 2356.313903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2356.315045] ? trace_hardirqs_on+0x5b/0x180 [ 2356.315971] ? kfree+0xd7/0x340 [ 2356.316675] p9_fd_create+0x98/0x4a0 [ 2356.317466] ? p9_conn_create+0x510/0x510 [ 2356.318340] ? p9_client_create+0x798/0x1230 [ 2356.319336] ? kfree+0xd7/0x340 [ 2356.320038] ? do_raw_spin_unlock+0x4f/0x220 [ 2356.320975] p9_client_create+0x7ff/0x1230 [ 2356.321880] ? p9_client_flush+0x430/0x430 [ 2356.322809] ? trace_hardirqs_on+0x5b/0x180 [ 2356.323729] ? lockdep_init_map_type+0x2c7/0x780 [ 2356.324736] ? __raw_spin_lock_init+0x36/0x110 [ 2356.325710] v9fs_session_init+0x1dd/0x1680 [ 2356.326655] ? lock_release+0x680/0x680 [ 2356.327508] ? kmem_cache_alloc_trace+0x151/0x320 [ 2356.328534] ? v9fs_show_options+0x690/0x690 [ 2356.329474] ? trace_hardirqs_on+0x5b/0x180 [ 2356.330396] ? kasan_unpoison_shadow+0x33/0x50 [ 2356.331393] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2356.332470] v9fs_mount+0x79/0x8f0 [ 2356.333227] ? v9fs_write_inode+0x60/0x60 [ 2356.334103] legacy_get_tree+0x105/0x220 [ 2356.334999] vfs_get_tree+0x8e/0x300 [ 2356.335792] path_mount+0x1490/0x21e0 [ 2356.336606] ? strncpy_from_user+0x9e/0x470 [ 2356.337516] ? finish_automount+0xa90/0xa90 [ 2356.338444] ? getname_flags.part.0+0x1dd/0x4f0 [ 2356.339451] ? _copy_from_user+0xfb/0x1b0 [ 2356.340334] __x64_sys_mount+0x282/0x300 [ 2356.341206] ? copy_mnt_ns+0xa00/0xa00 [ 2356.342033] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2356.343173] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2356.344261] do_syscall_64+0x33/0x40 [ 2356.345048] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2356.346128] RIP: 0033:0x7f9990caeb19 [ 2356.346944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2356.350874] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2356.352491] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2356.353992] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2356.355522] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2356.357021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2356.358552] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:16:38 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x8}, 0x0) 11:16:38 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xf0ffffff00000000}, 0x0) 11:16:38 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x7, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:38 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x80000}, 0x0) 11:16:38 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:38 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2356.507939] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:16:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xffffff7f00000000}, 0x0) 11:16:53 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x68f4, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) syz_io_uring_setup(0x71f2, &(0x7f0000000180)={0x0, 0x7eba, 0x0, 0x1, 0x19c, 0x0, r2}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fec000/0x14000)=nil, &(0x7f00000000c0), &(0x7f0000000280)) r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x4a0000, 0x0) write$P9_RREADLINK(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="310000000000000000000000000000000c1f60d91061e42e29eca1e7c119ff6772eb1c57da8cbb4a3b8880885a2c58fd4fa7ef7499c7bfaa973088625352fe34f0bd7861d125bee859920433835ce1587f84a33fe02aaee21c42b775a7d0123ba7e5e319d6195d2e382b70b8b8bb3d44540072568766baa7e48f73e3ac701419a1d8cfa2faf44365d08da7f67490ee3b"], 0x10) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r8, &(0x7f0000000240)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r8, r7, 0x0, 0x500000001) dup2(r0, r1) 11:16:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 32) 11:16:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf0ffff}, 0x0) 11:16:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf}, 0x0) [ 2371.714019] FAULT_INJECTION: forcing a failure. [ 2371.714019] name failslab, interval 1, probability 0, space 0, times 0 [ 2371.716759] CPU: 0 PID: 11343 Comm: syz-executor.6 Not tainted 5.10.247 #1 11:16:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0xfffffffffffff000}, 0x0) [ 2371.718402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2371.720510] Call Trace: [ 2371.721155] dump_stack+0x107/0x167 [ 2371.722050] should_fail.cold+0x5/0xa [ 2371.722988] ? p9_fd_create+0x161/0x4a0 [ 2371.723946] should_failslab+0x5/0x20 [ 2371.724860] kmem_cache_alloc_trace+0x55/0x320 [ 2371.725959] p9_fd_create+0x161/0x4a0 [ 2371.726877] ? p9_conn_create+0x510/0x510 [ 2371.727859] ? p9_client_create+0x798/0x1230 [ 2371.728915] ? kfree+0xd7/0x340 [ 2371.729701] ? do_raw_spin_unlock+0x4f/0x220 [ 2371.730777] p9_client_create+0x7ff/0x1230 [ 2371.731800] ? p9_client_flush+0x430/0x430 [ 2371.732808] ? trace_hardirqs_on+0x5b/0x180 [ 2371.733848] ? lockdep_init_map_type+0x2c7/0x780 [ 2371.735000] ? __raw_spin_lock_init+0x36/0x110 [ 2371.736108] v9fs_session_init+0x1dd/0x1680 [ 2371.737145] ? lock_release+0x680/0x680 [ 2371.738096] ? kmem_cache_alloc_trace+0x151/0x320 [ 2371.739261] ? v9fs_show_options+0x690/0x690 [ 2371.740318] ? trace_hardirqs_on+0x5b/0x180 [ 2371.741347] ? kasan_unpoison_shadow+0x33/0x50 [ 2371.742446] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2371.743672] v9fs_mount+0x79/0x8f0 [ 2371.744526] ? v9fs_write_inode+0x60/0x60 [ 2371.745513] legacy_get_tree+0x105/0x220 [ 2371.746486] vfs_get_tree+0x8e/0x300 [ 2371.747379] path_mount+0x1490/0x21e0 [ 2371.748295] ? strncpy_from_user+0x9e/0x470 [ 2371.749321] ? finish_automount+0xa90/0xa90 [ 2371.750356] ? getname_flags.part.0+0x1dd/0x4f0 [ 2371.751491] ? _copy_from_user+0xfb/0x1b0 [ 2371.752512] __x64_sys_mount+0x282/0x300 [ 2371.753473] ? copy_mnt_ns+0xa00/0xa00 11:16:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf0}, 0x0) 11:16:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x9, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2371.754391] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2371.755703] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2371.756946] do_syscall_64+0x33/0x40 [ 2371.757833] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2371.759086] RIP: 0033:0x7f9990caeb19 [ 2371.759983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2371.764448] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2371.766275] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2371.768001] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2371.769703] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2371.771447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2371.773164] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:16:53 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x2}, 0x0) 11:16:53 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x1000000}, 0x0) 11:16:53 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:53 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x233}, 0x0) 11:16:53 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x7, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:16:53 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2371.923898] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x2000000}, 0x0) 11:17:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x8}, 0x0) [ 2385.525007] FAULT_INJECTION: forcing a failure. [ 2385.525007] name failslab, interval 1, probability 0, space 0, times 0 [ 2385.526437] CPU: 1 PID: 11386 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2385.527293] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2385.527766] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2385.528302] Call Trace: [ 2385.528320] dump_stack+0x107/0x167 [ 2385.528333] should_fail.cold+0x5/0xa [ 2385.528352] ? create_object.isra.0+0x3a/0xa30 [ 2385.531996] should_failslab+0x5/0x20 [ 2385.532462] kmem_cache_alloc+0x5b/0x310 [ 2385.532958] ? p9_fd_show_options+0x1c0/0x1c0 [ 2385.533512] create_object.isra.0+0x3a/0xa30 [ 2385.534045] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2385.534670] kmem_cache_alloc_trace+0x151/0x320 [ 2385.535244] p9_fd_create+0x161/0x4a0 [ 2385.535707] ? p9_conn_create+0x510/0x510 [ 2385.536216] ? p9_client_create+0x798/0x1230 [ 2385.536758] ? kfree+0xd7/0x340 [ 2385.537168] ? do_raw_spin_unlock+0x4f/0x220 [ 2385.537706] p9_client_create+0x7ff/0x1230 [ 2385.538236] ? p9_client_flush+0x430/0x430 [ 2385.538779] ? trace_hardirqs_on+0x5b/0x180 [ 2385.539305] ? lockdep_init_map_type+0x2c7/0x780 [ 2385.539888] ? __raw_spin_lock_init+0x36/0x110 11:17:07 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xb, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:07 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 33) 11:17:07 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:07 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x300}, 0x0) [ 2385.540454] v9fs_session_init+0x1dd/0x1680 [ 2385.541178] ? lock_release+0x680/0x680 [ 2385.541673] ? kmem_cache_alloc_trace+0x151/0x320 [ 2385.542263] ? v9fs_show_options+0x690/0x690 [ 2385.542824] ? trace_hardirqs_on+0x5b/0x180 [ 2385.543356] ? kasan_unpoison_shadow+0x33/0x50 [ 2385.543909] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2385.544527] v9fs_mount+0x79/0x8f0 [ 2385.544957] ? v9fs_write_inode+0x60/0x60 [ 2385.545481] legacy_get_tree+0x105/0x220 [ 2385.545980] vfs_get_tree+0x8e/0x300 [ 2385.546436] path_mount+0x1490/0x21e0 [ 2385.546912] ? strncpy_from_user+0x9e/0x470 [ 2385.547447] ? finish_automount+0xa90/0xa90 [ 2385.547989] ? getname_flags.part.0+0x1dd/0x4f0 [ 2385.548553] ? _copy_from_user+0xfb/0x1b0 [ 2385.549071] __x64_sys_mount+0x282/0x300 [ 2385.549599] ? copy_mnt_ns+0xa00/0xa00 [ 2385.550076] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2385.550714] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2385.551359] do_syscall_64+0x33/0x40 [ 2385.551814] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2385.552443] RIP: 0033:0x7f9990caeb19 [ 2385.552897] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2385.555129] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2385.556048] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2385.556916] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2385.557779] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2385.558658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2385.559519] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:17:07 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x25e, &(0x7f00000002c0)={0x0, 0x0, 0x8, 0x2}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000180)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r6, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000480)={'vxcan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_PAUSE_GET(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000600)={&(0x7f00000004c0)={0x12c, 0x0, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@HEADER={0x4c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}]}, @HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x12c}, 0x1, 0x0, 0x0, 0xd}, 0x4) r8 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r9 = accept4$packet(r0, 0x0, &(0x7f0000000040), 0x0) bind$packet(r9, &(0x7f0000000080)={0x11, 0xf7, r5, 0x1, 0xa3, 0x6, @broadcast}, 0x14) sendfile(r8, r2, 0x0, 0x2) dup2(r0, r1) 11:17:07 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x9, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf}, 0x0) 11:17:07 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x16, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x3000000}, 0x0) 11:17:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf00}, 0x0) 11:17:07 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1600, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2385.692648] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:07 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xcf}, 0x0) 11:17:07 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4000000}, 0x0) 11:17:07 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 34) [ 2385.759709] FAULT_INJECTION: forcing a failure. [ 2385.759709] name failslab, interval 1, probability 0, space 0, times 0 [ 2385.761070] CPU: 1 PID: 11418 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2385.761862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2385.762823] Call Trace: [ 2385.763133] dump_stack+0x107/0x167 [ 2385.763553] should_fail.cold+0x5/0xa [ 2385.763993] ? create_object.isra.0+0x3a/0xa30 [ 2385.764523] should_failslab+0x5/0x20 [ 2385.764959] kmem_cache_alloc+0x5b/0x310 [ 2385.765432] ? p9_fd_show_options+0x1c0/0x1c0 [ 2385.765945] create_object.isra.0+0x3a/0xa30 [ 2385.766445] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2385.767040] kmem_cache_alloc_trace+0x151/0x320 [ 2385.767572] p9_fd_create+0x161/0x4a0 [ 2385.768007] ? p9_conn_create+0x510/0x510 [ 2385.768478] ? p9_client_create+0x798/0x1230 [ 2385.768978] ? kfree+0xd7/0x340 [ 2385.769356] ? do_raw_spin_unlock+0x4f/0x220 [ 2385.769856] p9_client_create+0x7ff/0x1230 11:17:07 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x3302}, 0x0) [ 2385.770341] ? p9_client_flush+0x430/0x430 [ 2385.771025] ? trace_hardirqs_on+0x5b/0x180 [ 2385.771528] ? lockdep_init_map_type+0x2c7/0x780 [ 2385.772071] ? __raw_spin_lock_init+0x36/0x110 [ 2385.772600] v9fs_session_init+0x1dd/0x1680 [ 2385.773091] ? lock_release+0x680/0x680 [ 2385.773555] ? kmem_cache_alloc_trace+0x151/0x320 [ 2385.774108] ? v9fs_show_options+0x690/0x690 [ 2385.774613] ? trace_hardirqs_on+0x5b/0x180 [ 2385.775116] ? kasan_unpoison_shadow+0x33/0x50 [ 2385.775638] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2385.776209] v9fs_mount+0x79/0x8f0 [ 2385.776595] ? v9fs_write_inode+0x60/0x60 [ 2385.777044] legacy_get_tree+0x105/0x220 [ 2385.777490] vfs_get_tree+0x8e/0x300 [ 2385.777917] path_mount+0x1490/0x21e0 [ 2385.778406] ? strncpy_from_user+0x9e/0x470 [ 2385.778993] ? finish_automount+0xa90/0xa90 [ 2385.779510] ? getname_flags.part.0+0x1dd/0x4f0 [ 2385.780075] ? _copy_from_user+0xfb/0x1b0 [ 2385.780614] __x64_sys_mount+0x282/0x300 [ 2385.781102] ? copy_mnt_ns+0xa00/0xa00 [ 2385.781601] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2385.782279] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2385.782940] do_syscall_64+0x33/0x40 [ 2385.783403] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2385.784027] RIP: 0033:0x7f9990caeb19 [ 2385.784462] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2385.786673] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2385.787606] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2385.788412] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2385.789250] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2385.790074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2385.790889] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2385.800759] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:19 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x18, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:19 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf0}, 0x0) 11:17:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x8100}, 0x0) 11:17:19 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 35) 11:17:19 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) dup2(r0, r1) 11:17:19 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x5000000}, 0x0) 11:17:19 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1800, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:19 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2398.008174] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2398.015426] FAULT_INJECTION: forcing a failure. [ 2398.015426] name failslab, interval 1, probability 0, space 0, times 0 [ 2398.016723] CPU: 0 PID: 11441 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2398.017511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2398.018468] Call Trace: [ 2398.018777] dump_stack+0x107/0x167 [ 2398.019206] should_fail.cold+0x5/0xa [ 2398.019650] ? create_object.isra.0+0x3a/0xa30 [ 2398.020173] should_failslab+0x5/0x20 [ 2398.020610] kmem_cache_alloc+0x5b/0x310 [ 2398.021075] ? p9_fd_show_options+0x1c0/0x1c0 [ 2398.021597] create_object.isra.0+0x3a/0xa30 [ 2398.022100] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2398.022689] kmem_cache_alloc_trace+0x151/0x320 [ 2398.023227] p9_fd_create+0x161/0x4a0 [ 2398.023666] ? p9_conn_create+0x510/0x510 [ 2398.024141] ? p9_client_create+0x798/0x1230 [ 2398.024651] ? kfree+0xd7/0x340 [ 2398.025029] ? do_raw_spin_unlock+0x4f/0x220 [ 2398.025534] p9_client_create+0x7ff/0x1230 [ 2398.026022] ? p9_client_flush+0x430/0x430 [ 2398.026511] ? trace_hardirqs_on+0x5b/0x180 [ 2398.027015] ? lockdep_init_map_type+0x2c7/0x780 [ 2398.027556] ? __raw_spin_lock_init+0x36/0x110 [ 2398.028091] v9fs_session_init+0x1dd/0x1680 [ 2398.028591] ? lock_release+0x680/0x680 [ 2398.029052] ? kmem_cache_alloc_trace+0x151/0x320 [ 2398.029604] ? v9fs_show_options+0x690/0x690 [ 2398.030117] ? trace_hardirqs_on+0x5b/0x180 [ 2398.030615] ? kasan_unpoison_shadow+0x33/0x50 [ 2398.031148] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2398.031733] v9fs_mount+0x79/0x8f0 [ 2398.032142] ? v9fs_write_inode+0x60/0x60 [ 2398.032620] legacy_get_tree+0x105/0x220 [ 2398.033089] vfs_get_tree+0x8e/0x300 [ 2398.033514] path_mount+0x1490/0x21e0 [ 2398.033955] ? strncpy_from_user+0x9e/0x470 [ 2398.034447] ? finish_automount+0xa90/0xa90 [ 2398.034948] ? getname_flags.part.0+0x1dd/0x4f0 [ 2398.035484] ? _copy_from_user+0xfb/0x1b0 [ 2398.035960] __x64_sys_mount+0x282/0x300 [ 2398.036421] ? copy_mnt_ns+0xa00/0xa00 [ 2398.036869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2398.037474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2398.038068] do_syscall_64+0x33/0x40 [ 2398.038494] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2398.039095] RIP: 0033:0x7f9990caeb19 [ 2398.039527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2398.041641] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2398.042524] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2398.043405] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2398.044236] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2398.045054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2398.045876] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:17:19 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf000}, 0x0) 11:17:19 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xb, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:19 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6000000}, 0x0) [ 2398.120984] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:20 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2e, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:20 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf00}, 0x0) 11:17:20 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 36) 11:17:20 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7000000}, 0x0) [ 2398.171309] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2398.204766] FAULT_INJECTION: forcing a failure. [ 2398.204766] name failslab, interval 1, probability 0, space 0, times 0 [ 2398.206163] CPU: 0 PID: 11459 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2398.206962] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2398.207932] Call Trace: [ 2398.208243] dump_stack+0x107/0x167 [ 2398.208660] should_fail.cold+0x5/0xa [ 2398.209106] ? p9_fcall_init+0x97/0x290 [ 2398.209563] should_failslab+0x5/0x20 [ 2398.209999] __kmalloc+0x72/0x390 [ 2398.210401] p9_fcall_init+0x97/0x290 [ 2398.210845] p9_client_prepare_req.part.0+0x8c/0xac0 [ 2398.211442] p9_client_rpc+0x220/0x1370 [ 2398.211901] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2398.212508] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2398.213122] ? pipe_poll+0x21b/0x800 [ 2398.213551] ? p9_fd_close+0x4a0/0x4a0 [ 2398.213998] ? wait_for_partner+0x3c0/0x3c0 [ 2398.214495] ? p9_fd_poll+0x1e0/0x2c0 [ 2398.214945] ? p9_fd_create+0x357/0x4a0 [ 2398.215398] ? p9_conn_create+0x510/0x510 [ 2398.215872] ? p9_client_create+0x798/0x1230 [ 2398.216376] ? kfree+0xd7/0x340 [ 2398.216752] ? do_raw_spin_unlock+0x4f/0x220 [ 2398.217256] p9_client_create+0xa76/0x1230 [ 2398.217744] ? p9_client_flush+0x430/0x430 [ 2398.218234] ? trace_hardirqs_on+0x5b/0x180 [ 2398.218727] ? lockdep_init_map_type+0x2c7/0x780 [ 2398.219281] ? __raw_spin_lock_init+0x36/0x110 [ 2398.219804] v9fs_session_init+0x1dd/0x1680 [ 2398.220297] ? lock_release+0x680/0x680 [ 2398.220755] ? kmem_cache_alloc_trace+0x151/0x320 [ 2398.221312] ? v9fs_show_options+0x690/0x690 [ 2398.221818] ? trace_hardirqs_on+0x5b/0x180 [ 2398.222315] ? kasan_unpoison_shadow+0x33/0x50 [ 2398.222835] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2398.223425] v9fs_mount+0x79/0x8f0 [ 2398.223833] ? v9fs_write_inode+0x60/0x60 [ 2398.224315] legacy_get_tree+0x105/0x220 [ 2398.224781] vfs_get_tree+0x8e/0x300 [ 2398.225208] path_mount+0x1490/0x21e0 [ 2398.225647] ? strncpy_from_user+0x9e/0x470 [ 2398.226140] ? finish_automount+0xa90/0xa90 [ 2398.226635] ? getname_flags.part.0+0x1dd/0x4f0 [ 2398.227178] ? _copy_from_user+0xfb/0x1b0 [ 2398.227658] __x64_sys_mount+0x282/0x300 [ 2398.228123] ? copy_mnt_ns+0xa00/0xa00 [ 2398.228569] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2398.229173] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2398.229762] do_syscall_64+0x33/0x40 [ 2398.230196] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2398.230776] RIP: 0033:0x7f9990caeb19 [ 2398.231211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2398.233321] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2398.234192] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2398.235016] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2398.235836] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2398.236653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2398.237473] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:17:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x80000}, 0x0) [ 2410.037831] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 37) 11:17:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x9000000}, 0x0) 11:17:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xcf00}, 0x0) 11:17:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x64, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xd, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000001c0), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r3, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) syz_io_uring_setup(0x38a8, &(0x7f0000000040)={0x0, 0x321b, 0x2, 0x3, 0x301, 0x0, r2}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000180)) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r9 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$inet_mreqn(r9, 0x0, 0x20, 0x0, &(0x7f0000005000)) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r6, 0x0, 0x500000001) dup2(r0, r1) [ 2410.065857] FAULT_INJECTION: forcing a failure. [ 2410.065857] name failslab, interval 1, probability 0, space 0, times 0 [ 2410.067256] CPU: 0 PID: 11476 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2410.068081] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2410.069066] Call Trace: [ 2410.069389] dump_stack+0x107/0x167 [ 2410.069823] should_fail.cold+0x5/0xa [ 2410.070282] ? create_object.isra.0+0x3a/0xa30 [ 2410.070831] should_failslab+0x5/0x20 [ 2410.071298] kmem_cache_alloc+0x5b/0x310 [ 2410.071788] create_object.isra.0+0x3a/0xa30 [ 2410.072314] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2410.072923] kmem_cache_alloc+0x159/0x310 [ 2410.073421] p9_client_prepare_req.part.0+0x3a/0xac0 [ 2410.074022] p9_client_rpc+0x220/0x1370 [ 2410.074494] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2410.075122] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2410.075755] ? pipe_poll+0x21b/0x800 [ 2410.076194] ? p9_fd_close+0x4a0/0x4a0 [ 2410.076651] ? wait_for_partner+0x3c0/0x3c0 [ 2410.077163] ? p9_fd_poll+0x1e0/0x2c0 [ 2410.077615] ? p9_fd_create+0x357/0x4a0 [ 2410.078083] ? p9_conn_create+0x510/0x510 [ 2410.078573] ? p9_client_create+0x798/0x1230 [ 2410.079104] ? kfree+0xd7/0x340 [ 2410.079495] ? do_raw_spin_unlock+0x4f/0x220 [ 2410.080016] p9_client_create+0xa76/0x1230 [ 2410.080519] ? p9_client_flush+0x430/0x430 [ 2410.081018] ? trace_hardirqs_on+0x5b/0x180 [ 2410.081530] ? lockdep_init_map_type+0x2c7/0x780 [ 2410.082085] ? __raw_spin_lock_init+0x36/0x110 [ 2410.082630] v9fs_session_init+0x1dd/0x1680 [ 2410.083148] ? lock_release+0x680/0x680 [ 2410.083623] ? kmem_cache_alloc_trace+0x151/0x320 [ 2410.084192] ? v9fs_show_options+0x690/0x690 [ 2410.084721] ? trace_hardirqs_on+0x5b/0x180 [ 2410.085236] ? kasan_unpoison_shadow+0x33/0x50 [ 2410.085778] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2410.086379] v9fs_mount+0x79/0x8f0 [ 2410.086798] ? v9fs_write_inode+0x60/0x60 [ 2410.087297] legacy_get_tree+0x105/0x220 [ 2410.087777] vfs_get_tree+0x8e/0x300 [ 2410.088216] path_mount+0x1490/0x21e0 [ 2410.088668] ? strncpy_from_user+0x9e/0x470 [ 2410.089173] ? finish_automount+0xa90/0xa90 [ 2410.089682] ? getname_flags.part.0+0x1dd/0x4f0 [ 2410.090234] ? _copy_from_user+0xfb/0x1b0 [ 2410.090730] __x64_sys_mount+0x282/0x300 [ 2410.091223] ? copy_mnt_ns+0xa00/0xa00 [ 2410.091685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2410.092300] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2410.092904] do_syscall_64+0x33/0x40 [ 2410.093340] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2410.093940] RIP: 0033:0x7f9990caeb19 [ 2410.094372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2410.096547] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2410.097431] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2410.098261] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2410.099099] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2410.099930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2410.100759] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:17:32 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf000}, 0x0) 11:17:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xa000000}, 0x0) 11:17:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf0ffff}, 0x0) 11:17:32 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xc4, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2410.175520] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:32 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x16, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xb010000}, 0x0) [ 2410.238938] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x1000000}, 0x0) 11:17:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x80000}, 0x0) 11:17:45 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1}, 0x0) r8 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) syz_io_uring_submit(r8, r7, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) syz_io_uring_submit(r2, r7, &(0x7f0000000080)=@IORING_OP_SEND={0x1a, 0x2, 0x0, r3, 0x0, &(0x7f0000000040)="a9570a88335a73c73a598c15720902f036021b98b9ae", 0x16, 0x0, 0x1}, 0x8) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:17:45 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 38) 11:17:45 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x300, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x18, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf000000}, 0x0) [ 2423.444395] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2423.463140] FAULT_INJECTION: forcing a failure. [ 2423.463140] name failslab, interval 1, probability 0, space 0, times 0 [ 2423.465538] CPU: 0 PID: 11515 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2423.467004] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2423.468756] Call Trace: [ 2423.469314] dump_stack+0x107/0x167 [ 2423.470080] should_fail.cold+0x5/0xa [ 2423.470872] ? p9_fcall_init+0x97/0x290 [ 2423.471722] should_failslab+0x5/0x20 [ 2423.472526] __kmalloc+0x72/0x390 [ 2423.473260] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2423.474343] p9_fcall_init+0x97/0x290 [ 2423.475142] p9_client_prepare_req.part.0+0xf4/0xac0 [ 2423.476226] p9_client_rpc+0x220/0x1370 [ 2423.477069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2423.478177] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2423.479296] ? pipe_poll+0x21b/0x800 [ 2423.480079] ? p9_fd_close+0x4a0/0x4a0 [ 2423.480895] ? wait_for_partner+0x3c0/0x3c0 [ 2423.481799] ? p9_fd_poll+0x1e0/0x2c0 [ 2423.482601] ? p9_fd_create+0x357/0x4a0 [ 2423.483445] ? p9_conn_create+0x510/0x510 [ 2423.484311] ? p9_client_create+0x798/0x1230 [ 2423.485225] ? kfree+0xd7/0x340 [ 2423.485916] ? do_raw_spin_unlock+0x4f/0x220 [ 2423.486852] p9_client_create+0xa76/0x1230 [ 2423.487774] ? p9_client_flush+0x430/0x430 [ 2423.488648] ? trace_hardirqs_on+0x5b/0x180 [ 2423.489553] ? lockdep_init_map_type+0x2c7/0x780 [ 2423.490551] ? __raw_spin_lock_init+0x36/0x110 [ 2423.491525] v9fs_session_init+0x1dd/0x1680 [ 2423.492429] ? lock_release+0x680/0x680 [ 2423.493265] ? kmem_cache_alloc_trace+0x151/0x320 [ 2423.494278] ? v9fs_show_options+0x690/0x690 [ 2423.495230] ? trace_hardirqs_on+0x5b/0x180 [ 2423.496140] ? kasan_unpoison_shadow+0x33/0x50 [ 2423.497097] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2423.498161] v9fs_mount+0x79/0x8f0 [ 2423.498898] ? v9fs_write_inode+0x60/0x60 [ 2423.499790] legacy_get_tree+0x105/0x220 [ 2423.500625] vfs_get_tree+0x8e/0x300 [ 2423.501402] path_mount+0x1490/0x21e0 [ 2423.502210] ? strncpy_from_user+0x9e/0x470 [ 2423.503119] ? finish_automount+0xa90/0xa90 [ 2423.504017] ? getname_flags.part.0+0x1dd/0x4f0 [ 2423.504997] ? _copy_from_user+0xfb/0x1b0 [ 2423.505885] __x64_sys_mount+0x282/0x300 [ 2423.506747] ? copy_mnt_ns+0xa00/0xa00 [ 2423.507580] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2423.508692] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2423.509777] do_syscall_64+0x33/0x40 [ 2423.510569] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2423.511665] RIP: 0033:0x7f9990caeb19 [ 2423.512461] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2423.516355] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2423.517920] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2423.519416] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2423.520911] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2423.522438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2423.523950] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:17:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf0ffff}, 0x0) 11:17:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x48000000}, 0x0) 11:17:45 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2e, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x480, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x2000000}, 0x0) [ 2423.603550] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4c000000}, 0x0) 11:17:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x1000000}, 0x0) [ 2423.712306] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:45 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) sync_file_range(0xffffffffffffffff, 0x8, 0x4, 0x3) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x2002, 0xa9) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:17:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x3000000}, 0x0) 11:17:45 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:57 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x500, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x68000000}, 0x0) 11:17:57 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6400, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:17:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x2000000}, 0x0) 11:17:57 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 39) 11:17:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf000000}, 0x0) 11:17:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f0000000180), &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1}, 0x0) r5 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) syz_io_uring_submit(r5, 0x0, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r6 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r7 = syz_io_uring_setup(0x2bb9, &(0x7f0000000100), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000002a40)) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r7, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r6, 0xa, 0x0, r8) syz_io_uring_submit(r2, 0x0, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x3, 0x0, @fd_index=0x2, 0x0, 0x0, 0x0, {0x8}, 0x0, {0x0, r8}}, 0x81) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:17:57 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x64, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2435.841093] FAULT_INJECTION: forcing a failure. [ 2435.841093] name failslab, interval 1, probability 0, space 0, times 0 [ 2435.843755] CPU: 1 PID: 11562 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2435.845295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2435.847146] Call Trace: [ 2435.847743] dump_stack+0x107/0x167 [ 2435.848558] should_fail.cold+0x5/0xa [ 2435.849403] ? create_object.isra.0+0x3a/0xa30 [ 2435.850412] should_failslab+0x5/0x20 [ 2435.851254] kmem_cache_alloc+0x5b/0x310 [ 2435.852174] create_object.isra.0+0x3a/0xa30 [ 2435.853147] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.854278] __kmalloc+0x16e/0x390 [ 2435.855071] p9_fcall_init+0x97/0x290 [ 2435.855935] p9_client_prepare_req.part.0+0xf4/0xac0 [ 2435.857077] p9_client_rpc+0x220/0x1370 [ 2435.857963] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2435.859130] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2435.859143] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2435.862199] ? pipe_poll+0x21b/0x800 [ 2435.863025] ? p9_fd_close+0x4a0/0x4a0 [ 2435.863893] ? wait_for_partner+0x3c0/0x3c0 [ 2435.864849] ? p9_fd_poll+0x1e0/0x2c0 [ 2435.865695] ? p9_fd_create+0x357/0x4a0 [ 2435.866571] ? p9_conn_create+0x510/0x510 [ 2435.867498] ? p9_client_create+0x798/0x1230 [ 2435.868470] ? kfree+0xd7/0x340 [ 2435.869200] ? do_raw_spin_unlock+0x4f/0x220 [ 2435.870178] p9_client_create+0xa76/0x1230 [ 2435.871130] ? p9_client_flush+0x430/0x430 [ 2435.872078] ? trace_hardirqs_on+0x5b/0x180 11:17:57 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x600, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2435.873034] ? lockdep_init_map_type+0x2c7/0x780 [ 2435.874282] ? __raw_spin_lock_init+0x36/0x110 [ 2435.875311] v9fs_session_init+0x1dd/0x1680 [ 2435.876282] ? lock_release+0x680/0x680 11:17:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6c000000}, 0x0) [ 2435.877173] ? kmem_cache_alloc_trace+0x151/0x320 [ 2435.878358] ? v9fs_show_options+0x690/0x690 [ 2435.879342] ? trace_hardirqs_on+0x5b/0x180 [ 2435.880316] ? kasan_unpoison_shadow+0x33/0x50 [ 2435.881328] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2435.882455] v9fs_mount+0x79/0x8f0 [ 2435.883244] ? v9fs_write_inode+0x60/0x60 [ 2435.884170] legacy_get_tree+0x105/0x220 [ 2435.885076] vfs_get_tree+0x8e/0x300 [ 2435.885899] path_mount+0x1490/0x21e0 [ 2435.886749] ? strncpy_from_user+0x9e/0x470 [ 2435.887737] ? finish_automount+0xa90/0xa90 [ 2435.888695] ? getname_flags.part.0+0x1dd/0x4f0 [ 2435.889584] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2435.889729] ? _copy_from_user+0xfb/0x1b0 [ 2435.891639] __x64_sys_mount+0x282/0x300 [ 2435.892541] ? copy_mnt_ns+0xa00/0xa00 [ 2435.893411] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2435.894583] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2435.895740] do_syscall_64+0x33/0x40 [ 2435.896569] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2435.897705] RIP: 0033:0x7f9990caeb19 [ 2435.898531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 11:17:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x74000000}, 0x0) [ 2435.902617] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2435.904391] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2435.905977] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2435.907564] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2435.909149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2435.910726] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2435.929027] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:17:57 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f0000000040)={0x0, 0xc7d, 0x10, 0x4000000}, &(0x7f00000a0000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:17:57 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7a000000}, 0x0) 11:17:57 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf000000}, 0x0) 11:17:57 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x33020000}, 0x0) 11:17:57 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8004, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2436.030838] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2449.309431] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2449.321670] FAULT_INJECTION: forcing a failure. [ 2449.321670] name failslab, interval 1, probability 0, space 0, times 0 [ 2449.324482] CPU: 0 PID: 11615 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2449.326016] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2449.327882] Call Trace: [ 2449.328471] dump_stack+0x107/0x167 [ 2449.329290] should_fail.cold+0x5/0xa [ 2449.330146] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2449.331425] should_failslab+0x5/0x20 [ 2449.332287] kmem_cache_alloc+0x5b/0x310 [ 2449.333214] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2449.334466] idr_get_free+0x4b5/0x8f0 [ 2449.335335] idr_alloc_u32+0x170/0x2d0 [ 2449.336217] ? __fprop_inc_percpu_max+0x130/0x130 [ 2449.337294] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2449.338485] ? lock_release+0x680/0x680 [ 2449.339387] idr_alloc+0xc2/0x130 [ 2449.340169] ? idr_alloc_u32+0x2d0/0x2d0 [ 2449.341080] ? rwlock_bug.part.0+0x90/0x90 [ 2449.342048] p9_client_prepare_req.part.0+0x612/0xac0 [ 2449.343206] p9_client_rpc+0x220/0x1370 [ 2449.344112] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2449.345290] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2449.346494] ? pipe_poll+0x21b/0x800 [ 2449.347334] ? p9_fd_close+0x4a0/0x4a0 [ 2449.348241] ? wait_for_partner+0x3c0/0x3c0 [ 2449.349222] ? p9_fd_poll+0x1e0/0x2c0 [ 2449.350095] ? p9_fd_create+0x357/0x4a0 [ 2449.350994] ? p9_conn_create+0x510/0x510 [ 2449.352266] ? p9_client_create+0x798/0x1230 [ 2449.353263] ? kfree+0xd7/0x340 [ 2449.354007] ? do_raw_spin_unlock+0x4f/0x220 [ 2449.355013] p9_client_create+0xa76/0x1230 [ 2449.355996] ? p9_client_flush+0x430/0x430 [ 2449.356966] ? trace_hardirqs_on+0x5b/0x180 [ 2449.357945] ? lockdep_init_map_type+0x2c7/0x780 [ 2449.359027] ? __raw_spin_lock_init+0x36/0x110 [ 2449.360076] v9fs_session_init+0x1dd/0x1680 [ 2449.361050] ? lock_release+0x680/0x680 [ 2449.361957] ? kmem_cache_alloc_trace+0x151/0x320 [ 2449.363052] ? v9fs_show_options+0x690/0x690 [ 2449.364063] ? trace_hardirqs_on+0x5b/0x180 [ 2449.365040] ? kasan_unpoison_shadow+0x33/0x50 [ 2449.366074] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2449.367228] v9fs_mount+0x79/0x8f0 [ 2449.368042] ? v9fs_write_inode+0x60/0x60 [ 2449.368974] legacy_get_tree+0x105/0x220 [ 2449.369894] vfs_get_tree+0x8e/0x300 [ 2449.370737] path_mount+0x1490/0x21e0 [ 2449.371616] ? strncpy_from_user+0x9e/0x470 [ 2449.372593] ? finish_automount+0xa90/0xa90 [ 2449.373560] ? getname_flags.part.0+0x1dd/0x4f0 [ 2449.374607] ? _copy_from_user+0xfb/0x1b0 [ 2449.375556] __x64_sys_mount+0x282/0x300 [ 2449.376470] ? copy_mnt_ns+0xa00/0xa00 [ 2449.377353] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2449.378535] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2449.379700] do_syscall_64+0x33/0x40 [ 2449.380543] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2449.381703] RIP: 0033:0x7f9990caeb19 [ 2449.382538] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2449.386684] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2449.388412] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2449.390023] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2449.391633] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2449.393237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2449.394855] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:18:11 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 40) 11:18:11 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xc1, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:11 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmsg$nl_generic(r0, &(0x7f00000000c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000340)={0x24e4, 0x1b, 0x4, 0x70bd26, 0x25dfdbff, {0x8}, [@generic="f7580fed3d9f6723b21b299f704111638ccd486d7e8c9870b28925528178a1692f8d636ca307aefa459ecbd4d7019dbf074abfc6578c6767fb6547874f4800463bdcb70c5ec9d7d401c47045d5f245c3dd33fce138f7e258663385a7aa84bc207ef19f901f907af9fbc69a07f7fc728cc1af76febba1257835ec40a40d62fa6ea0efb1d6d2344b65f02d8a78a7eee9f262e7d1762f441c56dc2d7723c3d48d44347c3f7677274c21c7239ddc7ae2f4a74bbda98a9ed145570f3e064dbd4d9f6fb3be3feff388910c8f565236ce28e296545a08acbb1cb484e0f5dbe68bde3f4c9aa8f64bd0927e741c7f6e0f60c9fac59502fc158f61dc5a028266b57344b0e21d9c4da5e2a5811922e060fa53c8eba4a3e98f8e6199d991b981816c0c29fc908a9418bcf978b87ac7d9cf4b9314b0538b0ca850735b661d193c357f4b1924c4fbc8a296638f56e2d2c0477c745d18188a8a076c2c7216c597bf1d02829a5ea4c9f0eb7e775ec6deeaa8d9ba3294acbe7573d31a59aaa3300c3f50febde806eea4e4767fdf97252d7883d07e14b142ae829f05d8892de5fadfa560282a148b679c0f8c71495a39a4fcda82ae9513fc4f606c1a17cfdb1376dc5d2ca49cf9c9592df11cfa0c9f2983b8c8e749e13f73e2f759e0619b0a6b7619a0fee1e13e9df06801e86e3ac67eb74573280338b45d9408274bce5717ba7c65c1ac86bd03e6b1b1902d6b2bb443d98af8c9a1a5e0698a222f7832a6e030ee13413d858eaae1f945d6a96adac99a0b7544f210e773d8dce9c12bc530bd5a5f4bc979d11b7186aa9a5f663540b9c0d286cee998f69e9103f2cb3914b5e9d017da04c3f2335fb510709a78450b9495c8e1c15e8e4494fdea72125e690a0fcf79670ffb5b32d4fddc4bd9e0762107a4e9cfd71328ff5aa70e3963abcd0b47ff2092c00b20c714f77d8a39ab64a26101e6be4feb351a70d8689a98f0c5682cb39fd881812c3252337b4100fc39a84ad50e3d776524a10f868a08a4f0d89b31185e70f96cf5abdcae14d2a930b395e6705ba3a318a6cfca31ffd7397717b3561d5be4bc96ebd7c5f89210489dc3f6a438819f039d2769b1aa326e5b1acb3d700b5318904586ee44501c49621f6cbb37ecbf4566780bae704036544e8365868f4e7b01502a7eef26c07385df0dfc58af3276dfb9d9da9a15371cac9774f6971c13c254ed845ddca780aea03f711cba3603f2f83afe16ba1f0359fa0028dadfe5254f49622d6ab84124887f8acf58e2c38a9653365b8f70e32889e9f42953d28825be2604575e41241fa2d7dbfa0e5d6129d1e0da3c7f7ddf2d820891a6d8d6b82699a6dc526dd07815a259861767242f0a9d48b23cb4c1de11a9ee151a56e44b7ae14e8e75220ca7fd2a6f7e23cf6fc15f91e2407780a6ee8a30b3d881b9e07be04f0104cb43bb5b31ce0e63abc071ecfb1935666b2cfed31559fe2a606d9f091b14dfcca73921320bd8238b56266b67f3c31b00da27c66227477629c4ba7626ae05604447594a4b60a8373cbcbd2c054693ef295362324cbbc89ad0ad6513122b98378c4096dd81c7e9acd902a0aadbf69ebb1e8e293d4531a3de187218fdea25173435c08dc19c18492fa36a03a479f09b933c7214de911e0e49aa5000153c23d560cc087600f78dc3e84f296a0d935aac8c0f9d4dfcd328116e11f0aff82d7903d6a4cc6fdf33f09e1d81d7b26c6c81075a056a9701ce6387b5b8f02277f3a971ad430d6f89beba5c82cf8b3c5d88354ab961b6757cb3b5368e1b4c2f176ee1f251ee613e959e6b146a5f3d241ae2619e9fec39e6b394c3cc67ff2913ec258cd39bb7939d7f324e5759fb6408b77418588c44f04848a7bd147c1463f15884c663bc87f586037476faf0a6dc59a0e68252a978ea17247c4b38e2af54701449602a5085152b282bdfcc113894a40a4b93cb9bd4b4a94888b43544c7a53f10b52f0f2f01a47d6e8e627b05fe842d50e9aa6b7dac416efe01d26c97b208f192f2f4f2ebbeba613b9e04a3ed57a6a9af47b3038f39a6a38c3813395a5d45c1862156af9a116c79f47d81c850e02daae6fc1f713ed5bb878ee38dea9e455bb69792bbcb69886f23d82656e2128410d3e50189fca808d37d52b148a350ac225ec583475b4e10c0f89a9c568c128829a9914140c2cc8d6ddf1ec22173a6113714dc407b087bf15a095fc9361d537e664d43f7c2d485d86b547c90db3d6c74514853325566e60166fcf046d12d93a0e4d2b3b815a8a434089c748ea429d3725fbdd48136835675bba572564a599c8d6fc65c10639691bbb214fe3d84ddf771a533ad25607297420ed5dc5360d7c09aed11a603794b1009286be095d5d8a5cab8fb53feef0aafc5068cba5eaa0aa9547035f6d886e31b3f20edaef7679e739bbdb9bbdadfeb8fcfd084245321bf135cfdef9d7dbf11cd293aaabf26205fe1c3f82a950b1354a7ff627c23a72cbd8e0849ff2f882d4f08dc9c4eb4f6349f8d6384260f08d7e9c9b07fd374df7430f37a1630f12030d46aeb5ebdcbc3adc49d033722d60b45166698fd4d130e603ef57dc3a3805e48d60de6895bd7c351ebd643a1de40ec686f189347f41336ed5e0cf8b0afd1897c0fc79c77e3b0a67c5f48dfcffb4194aa679605739e3ae0a20f8910967a9f3620d570905b6f393623b158c5a15cebe8e4fe4d255932464d95ddd95b795ca7c57decb7888b577d9967dcec248c46956c6736d306902cdf5690c67e822359e2d551998299dc2b0805978db9fdc4857e5703d769306a49188dc378d6083fc7054fa57bc04478180cd8896586b99c0da5cc8dee1272a6a83822a2265e66f0481440779100e96e607df614c37097f9dbf2247a190dc33ed8ecb89922f7340d346dc30b66236f530b0c8819ce8e383c9d5147cfcae5d665533a4d8bfea4cbae1e1ef67d84eb211f8c30a0f8ff8451345b363b29b25e7d0961812da66470e61686dfcae91077eb119aa65bda3e0a2f56763318e4ca208895118006338fe77288613c815676f504e491605b544920c02473bb1b3f9bc7ca99bb3870547630bf13e454adbd69d7b97ad5c3218a01522aa4cd8ffd2b64ee1e857b9d4fc7fa7cd0f73ffeab150b6adba205ba84806338de3ff8db1859a80e3e3e4f81535e331b29c32195e1ee95921c4469879d6bbae97c3beded65c23dbdce19556c6db0490074ca43111e189df73bdd863e0efa47f016614447044a2656077628bf2801bd18e1ccf0b4780896582eb0eccf53570dbeb4eec80e4dae9b36f3f4785f2d472d2b8b28d91b10589df31f81257a5aac6dc29df5432a324a25834d9d43335c5e8707cd5063e4638a318efbcbbd58b6cd33c8f50c268fb6b4b2c1f7bf86791a8ccdb8205f479663ec4eb67f4560d42ecbd1921f945f6d8198bc0ff251f89fc19949c7e364a4d103f14c815025717e8a5c2abad19d54d1bc1cd6fd1eae8e0cb08097f902da75560b0df300650135221aae0fda4ccb38d4a912ac11dd7adce55c930973cf58de2ffbedc9386aad7885a405b7f9bc86ae0a79e03bbbec4e8bb71c7b441562d9e3b26b5279c6492597eed44a9d6d8cbb60b07855eba38867bcddced479c91470441a999dcdbf33327e2d56b5babbdc664a48b85072c6c377c97a92cb2d15fd7cf318b4c86edfaf0c0151e892cee6c799cea6a8fe6b0f9ac8b9481c810ad4b2e60a83a1c34b0ef1ae1b394720cf1e01a943885e7c98f4cdd3b776f1d9c567d5297ae99b1dd7221502cb0e93e91a06f5bdb08e662dd1251cd27fad602c709c403eb356ea0584dd2f7f829898c01d9afb3f9ae0fbb550ca8bb1a79f24eecc10d1587d1ebbcd94c20eb854eae6ef8ac64f790d8d3ad62d7b9677823c55a9968263ae08ba2a2007b1f66fda3839a6b3ca974314f96e96b594d225e6e8d91b36770ca1da5cc7e3b7f436c112ad411ecd6eba2f68e0decf40974cc5c3e6b6cfc76d64ccba0bc683c0c7468d21405e310d57080d4b5c7341ab0bfe82b4d28c89d0e47efdfb2b364ee28f0b2dff66e54db4aa51ea6a59daf2863df904796e02329242b00baaedbe46f6a6ec2106c74263712135f72d0ecec71a5385196d433b0538b0eaf25ebc91f4d4c6a5b9a20bcdff977a559d38c8983754cb168e62f855c014a62fced8c0e60320f1a6424dda5aceee0d928468e6a11089d27b73b2def720c8ebeb5f23fd6b2c444b9649095e6c58b6c11df7e833d26d8e8b8194326e76b4a8ab25970f707a898cacc1f64cb007263cb617c21b8a53e72ffa03ee0e9cd2836d972e3c1417ebbb1805b943a4704404d50814617397789ee0d6a2c4cdc32dd818d0482f8573eed2d0a69981e7dd95c6a913399da0631e72949e4122737ed467a5ddb0e73c474a3d7915b8760859d744828d6b2d07750c720acfde97e41be129631783349dd5ab53b9cf6390f34eb89f9f1ffe11bb2242aaea7e0da9fed59cbb2d86927a11c7ab9b874d850347c3f9f5c01416353b170c04bb983e6e3435d6fb1595f649b5ed90071703d817df4a8b24a7dc3ffd7581bf5112bbb9608a695b65a2a1f39c0709a9ec1f7a8096adfafec63ec9942ee882790321111f4ebffb3732bf8beb97e18451aa90a38e4da2c65791bb9d68d525769d4caea97f41a4addd77c27df4ca19068fd7c55f798587a75cef1d68d7c81c10cd3b85a4b661e2c95e1115a661917f2e640d60ee8ef6afb4b2b79f674956bdc0491b4e661e1bbe3c872b480cc24158cb8326248b0d1c5aac2488323d20c4e1abddffd14b3b9e5fe1740ebb8f2f4689cf58c3664090f0442639af981d46eb157ca4eceb05942777a91d7f0c04ecb81c81a60271300c2fea5d07a9133693ded6850857a786d03ad6d44dcada3e1212617165ef93c7c53dd519828ba5668060a290df174410075286e27c1e6758e7eaeb33c7b5f8ffdcbf27cdcdcd87d89821aad6d1c43fa494edd9e800367629bcf2eb79764ecac6cbc2598dfaceac152923607abba575a632f046f8876c38eb6b41960b7abe3d55ebcc1bfe7bcc8554015cb0ba1619a940d22c647ec724db08c8fac6883d11871bedc0bf4f2115d3329e49c5529cf399e283c16526685a62c4fe59c63749d6c70f5d6acbc662c4e25fcfdecbabb2b32027791cb82d2f9220607a35dbcd66f6048b8fdf0fa3e54916d0f0a2dd026d399909055eb371fe517fe14ccc5e034e759284877c040c6fc79345a28c1b3bf43ba0b2537fadbec4ac87c31dd02521c2826c5ffdd893ae19cf57466c1a886de46fbe715eaa58b743e5a2289a1d364ee498e7a8a1fba03f811c3e6569a30d2dddb23305a8db94c489fb531a52aae856715812c5a8dcb0d3dec04b8d5ff70af77d32e70835fff730881064a35edf10f081d2a94ebe123bd21c2e4877e8e0c3555d8c79f7b5763677641e6d78f009665aa7359429d67f27624406ee6f37b07c408b5e23a669adbcf781e1a1beca7fce17fc2c97272f2687bdb724f7cb9a24cf6484f78047500118a83e2541d72ae9e55b8278129aad00c3141c4dfaf7299645a909ec9bbbec72a86db4faf0776270d1410fcd272800b41266299db9c8370a8ca81e9cdbb0a045b88c38b7d45687fa589e6118c6aeceae2bd147f6eaa787ff7b032093cea7fe5cba08bcd45f868cf5e9e0314bb04f61a3d09266db03e914b099db3acf9d7ccf18a4bdbf8e212a1d8624b3304fe2403492389c6e9c31e6f8292ff0ad19dee2007eb1fd9db8ff5d9fc0696fe610faad450a187abb2e76e403016ff008c6e3b1a044f4b7f08486", @typed={0x4, 0x75}, @nested={0x76, 0x22, 0x0, 0x1, [@generic="99bb30aa622229f38f5525ee68c33ab7c62df6cae22af98abc72d2c918761e0e29f00f630d3130", @typed={0x14, 0x32, 0x0, 0x0, @ipv6=@mcast1}, @typed={0x8, 0x88, 0x0, 0x0, @fd=r4}, @generic="887cacc1ca83872d", @generic="c26d35a8b0abe965da7bc18c62b821fe41d57fe6ab391b6c0b1b511a17a43453a50a51824040ca"]}, @typed={0x8, 0x23, 0x0, 0x0, @pid=0xffffffffffffffff}, @typed={0x8, 0x3b, 0x0, 0x0, @ipv4=@local}, @typed={0xc, 0x16, 0x0, 0x0, @u64=0x8001}, @nested={0x133d, 0x15, 0x0, 0x1, [@generic="4fb71e4af1731a79dbbb942ccacdf5fe6b78272e4ddfa58158579ec15b605d5711023a4f5388ef6e84ac408476d42ee9f0d36f01f23d3f5b34314ba1ccff970549b082f1519031ac8205c78346e8e4488fa16c1aa726765e5bed60f3c3c72a", @generic="f21b7b5c66c191db53483b3d7267f844d0878ed69cb902e249e364b2e23c6a4d9a354a3108558f65ef74c39227678d736f30aae0de37723638a442ab2446f70e8f3ebf99ccd0dfd17123929fb858fcddf162c6cdff2dfc3a3314494092f1418d1aae2883641ced408e9bf8a95e6081fb210cd5ce95e10ccf2f7bb49b424a07bffaab072541f3546abf7b3e6d9eadf459421bd2842c7ef46ab1615ccc59a95cbe0fd72231b57fd0e4ebb4", @generic="9ce74e32226a8541c27737759ce99f2c7b8a6161085f9890f4e3fc2831273763466bc19c158a23266b3e9d50fe4304f5590776", @typed={0x8, 0x56, 0x0, 0x0, @ipv4=@remote}, @generic="73df729e6a6e14ad00b6c520fee742e8500adc01b72023a36506dbaef23d0fd45619e32341401761d6cf0a39c0c3a3cacc595b92e462f26fdf264d274fa9e9d5062cd154310b316c40cd160e7fc2d1cab09c63bf0006cc9f3570ef6a70a2ee28220719fb326c95e856f0804d82ae1c652e0d3b84881a6b41683ac7890dbad6251c311623543c49e4ffbf1ad4f0ff2152711aa3c766d61e5db991faff3cc8d00c2e8268e0b0d5edddba453a3ccbcf57cff29b179bb92f659a6075ccb277e3fedeaf641929a471f54957bf4618004b97784a1b141d90a49f49853815eebc447ca5f459b9222aec46a1f810f7160df4b3fcde75846558774b6312c1658396d9", @typed={0x14, 0x72, 0x0, 0x0, @ipv6=@private1}, @generic="4acf412d809315fd53ba107e58bca639797b4227623b0c494e110ea66d6c13b0c5c3a25a45df68a9b47639ce4c99d2409723bb80f34cbf55f39957f77e6186de8e3734c313fff3c8517336ca4389355e61ba002934b69541f8991b3d827661f3fe713b9e2cbdc0eaa66136b59b1221411c4d8a4b9f7a6c492523bf517c482caacbaed37483acfb588d94c2a1c484a59d4954965dd4a52382c0df9b6d4102ac81b5be4eded7d9f523cc34c15562e59ae72ca0ce75bf0d4468248bf85d8c9d8dc15f36d7f2b7f07760cc929a57f1e2b271b06f7901ecb030074b3ba09f60de641e41b061", @generic="b5bae80d3efa470892d76bb515731e31dd4035781f175a41c882143b2927b05a63a1b0ce683f2856287b5b8245dd1620bf9188b41c19def04c9a1c75a3744f999e53b510ad243090927eee6214a09d4ad5c1b02a6e5c008eb951d05e8da38f5c7c3e536679ca96e9d09a8c8eedf9e412e635b0a27e13cbfbaa5902c7c0dbd826f4a4154eb3fe61c4b77855d44046d7ec8163b472ba91487f7513b1fb74d873ef23551f2b5091a6ad545e160b7cea82036ecd223d312560c58b723d7ec585c8444812abe2e6b569746f42690bafcf2b5a871289fa41fcd9eaff052894db95feccc81b8e40bc0e81e1d9d7a65ff6f1c7a8ef98b33dac3e1e57b9d1cf6a017301297901137abd087f11b351fbfcf59bb01a340c8adba856950138f771cc2be1259514db1ee4dc3941ffb3becb6cfa703fb1a6fa1afae97c5cb8fbc7c4e1ba5bcbd3643b377c0ed53b09dd923c15869a8a5c8d5250948531898908dee20124792434238fd1f0627f6f03d210904477f3d39425fc7470234ab14fcd1a6acdbc6e8cfa0f3af0c120d6cf723424d445ee2216e47043b624f5206a74747c3cf72e86263f9535d9ee40072b1abf0c376c7b6725334417ef7622cef32c8ce2954acf8fe975cbc041590875af9624ec2c3da7f93c5e8540abc620692cca686db3a5a9db8ceb442e73bfb0dc0efb2b1c53b3e07a0f6b15ed3e4e923956ad8ba48679d3799dc3007c2d75df71c3c4f4022565c7d51924ac39e0afe7ff0a2c9268104adacd75a63e01414c300a3c30e864973f41ebef6afe3967174269d6cfc112f4a25eb260b612728db452db5f0f2aac373de3a70bfcdaaf77d71c6eb4a0281e429d89d6ff3f17765f8e8fcd3a1c607393f77543ab01745907f108bdc13785e74bb96b274e3735d5caddb04ba1d9ca299db0abd28e4c8c98ef0ddaffc61b0d519a78b93dbbb5382553644825b1fcf363df5098ccd1fb004660484b4095e46b906bc40f0bc4a171987d6841b9b8c3c718708244b3a1d0ab7b62c06cd3705af026b3ed187f2031039b8f5ec4812de343bd41f4ec81c70d4ef9a02e51f85c830edc17c78b536933c034188edf39e6aa0ba2b00264557d0c9122b95f9b3f374e373281eaeb8f1a6137571cc7645174796ffc74bf190627fdb8c7fc82480af53c3511f973d540b7b7868d7a2425c34aafa66871eb94265b4f4fc5b03af3713219e0f91638b1e4d085feed2a35df9c8067f2231b38393af1344ca15207e525ce7213d140bfd99bd9bfdd923de32a4abd74f550534629aad9f43250d0b4590c049da18f0a570b77a6f388c314fde31609a4ad496621134399490788b9d995d2afb9dbd56404cabc00f48ad237c3c7ba4367f5fbd4e2b7e3a0ea9ee608a1b3f20885de32e62cf1d1aeb10a9c3d83963c46a57fc56ba2102f649074b9c0847f2ef5a2607fb5707b12c05d4328e8e1357c121b904649932fb086ae4ab0ab3b5dd265738ca0ed7f914dcb48ccd27bc1d44bd65b3a636f29e427ed9fa2e31e3c31911bdce722a21d9aa6f26c2b2b87ac5f5705205889c4d9ede5abcda4c4db0c5d7c71d5532ce2456532e95bcc7d3b8fabb635271c055ede0dca097dbfde9c1235eac812d0026ef605afe02f358ded82122155b7d7ab1181aac806d8f944a9804c00197f87eaf3b2f98a61eb67bf05228fb91b2e49d8cdeefe177480a3ff9a316c97b631c2f0e7f0f71383b1c0671749a6cfee0f2d6fcdd94875be744e91c3408088f1c84e40b53f0a061ad6bf69c3b9ed54ccd3ae7be292ff801d3a49faa917825d5753f7193d25dfcce59db6c81d08aa312be80540cf4e3d4c0ec1a4a3703321ca617eacfc0a599ff452f847c818edf415962d8cfd233133331e76c42f92e89545a5c681ee5188a90459f03b3141e3bd5f755e9a29178f9f62b44166cc5ad9a5bcdb14fd7051502d57186c02bd53bb4544277d77042f469be23f7a7d86dcd6cfe3046d599ef04a6e272c40d5dba60163a964380f44c188fc2dac99f73210368d075d8bc8d01ee6c1627f8c657368cf4497afbfe7f9d588d854dab0b117faf894c2d3fc2860117ed3cf9c726ecd357acdecfea955de28212ae947cf52126efd6e754202e06d2ea67521359b078b75ed8a3efde719a187dfeae4fa4d26901d1dc5f1f16d62b9d2ed09a673a5fd5ef78c2e8c01059d5e3b50687915ed2570a1b3db59ea06be69449a0b3d409894db6637ed6532567980dfc23c3fdef1de5069cce0fd9b7560732a1502e1e4281301b22924dbea248bed9061b70e95cdaafbb6c111b301d5de4f9a92a260bff7694ead8f55b7d76c5b46048101b306631caef9b18dabb7b41e6483c094662a0b4df947b021a63e3ed1c9c7d4725cc7ce24f317d7927e864b5bb1625c2fef99d8c57ede708e9328b6148da90ccb6d3024514180c54cb56c03ecc93e3abac1b0a62deca7a6aec9eaef02863e1f49dc4d5b510adf6a6496ffcfabc3d42ed00b187d5c4095811ec32d19adf1efd96f7bfa2edfb00cc2eea3be84d20c5380694bcf610d2bb3add7e1203b452fa7d1057d2616a5978f6423e5bdc4f6854e3364ec2ad5543db94883ca6818768b438d0fc9b28f2a581be7c0df2d81962fc0e9c857169e5aa2095620acd149f043052a961f1b2e22bc1835877c2fe13ec913702d9cab4b96c80461f23d9c0615ae9ed7deb022639bda81ce5ab735836865a0a37554ac4d2b359ceec624d944b24196b7f4b2ddee3be0e2ddf5c76cc02d225171d8cb4d030065d6d53607dd2074724001bee330ffa41f57832c6aa8262666ded663e3d932e2a4fcc6097332e4081b0fda1df93c2e2c09c37789b237448ef2d1ac46751d2236f70c4314c8ce0e146d4cd15b7da40faf6c7722897c4ef5e9ccd8b13bef075fa2488050599e63a57da8942cd543fb807907234770aadd489b56ae7aa1a1ef94e4da115c50228e12a31fa6791cabbb7de7c33a27bec5cc4986a432b9ae4465b91b9f46a625bdc747231e0eaacdc2a53c2e78bfce4712193303c3310ed009c5188c1a4947c18982cc3f791a7be9428ad1bb377be0bbdd445a705a48a9141f48b63f01116f338c0daf044727dde353468a9d94017ceb62993ab7dd579898d9daf1efed0a07b9e0ecf8aebd83097f6d98f7ffb727e88838ddbc700f04e2627edb994e51aead3b03d6036d2ae7e08a6a47f6e1db558a72c12850498cdca34147058a2874bae51dc7f1080d56c643080e4441164ece9fc29a1429c076c97bc0f555698d8ddc05b6b232638393d8a31e6c1458a1220dcc06c6a24f6fbce24fee85e9296d21add2115b9adfcfd975f757eefd409fc44476f250f139d6774d7784342817be7c4458ebebdf7a3b757ea234a872456a27623449e3429954779e77f59d24b267e22596b0684e5f63ab95368cf7206ab01c7e6c2c7f4d78518ead7e671418de0e7580feaa24f6bae6b4e75772c6ae730f5be8d24f610da4dec431f034f9f1a02ca6ea2229bcac8a7dbd07edb8b407fdad08229184e8c12ac2c12db0a62bb92ebf03181926243ff36a0ee6e39384e17673d020086471873f680dcd5c3436b7722b7dc91cae4c05da92df43d0551f36406a0a52b0ac89871f2a5fc79f0e551144a7ed2305a79fba889c0178875ef1f5fa89e511086f5ed858c9616a3c87f89ff6fd9de9174038aaaa6a7f96ff492ab3163330983685489f28d2a086bc6c75103438ab07583ec15f06a62249a8f42944d784359fced539e1c9461327ba913c08158dea77bbd2ad89bf42e8a374bbf11e9eb98b2a95418eb0e9b6112636d87b8c0444c279cf8fba92f097f807c929239100a1489c3fc4766d7c5f186e969cd880c91355010e8f17a930c2ed6effb3da362018ec75323443f0af4daecbd8f77ecd9417f64fe41a06b501a4dc3c17f330fc75663ae4d3f76b7fb04eb2b7fb02dc3b2177853f549571218b8790eab1af7bc155072cf9b57e4886bdb7ea78dca93010252e74120b90988235dcad68470ca64c10fcced6ac3d845b2a98a1e4db05398a434b37924d0c46624583b042f5a6ceee80d153275bd86889f4364623d8474eb4db8aed15b5fd7750ad7e98e38ecbb0b62682064ac9f352eb207c6f9d0a9e4a92d265613b5680079d645c1eb74526a695a9379bb77d8174fcf97c253891faa41a8bbf665d3bf0db6e7fc32c097d24d5bc2bc989386c1f80f46868e46f8bfe523b507de6a1872aa3f0a9f2ddbaa33f0f1deaf175894bf2d1b1fda76164649cd78c9e023e82259a83a3545be2e457d017e87db196637c63687f078f515ba42b0c0e0aeae7398ef8ed266565350a2ac1b14f4a7c60588fb5a2150050b8801faba11beefbf14e23722bd2037abfd73190b12ebd2e500696f452c344f60a5e0e72c6d50c1414e8fcd07d78c6387e84775fe7b0fe136c40f6be9385cb53500d772b5d4119fd9b6fd6a8de421cd3791779f77d8f1fe6dc9dc23e85967b0c4637f1e4ddf55e14a60cf169addb8721f5f7fcfb93441bb7776aaab5596066c6c75a3e3ec59c934721b2f8b62c1f6778132481bcadba4dbc579ce3849004401f49e975f23409f4d6d0e2762d7f869b8ab28d64b4432ac0851db476c10b6c37bd19974cdf4824aad568315cf87c91f3e64bd51f56bb7545292dd4c4b34b6c59658118bcd35c1c2d3f2a65f237f55916ff961b85c8bd0caf528626fe05666a867dd3cca702427b629f7e6fe8a65fd3d8edbeb834f9e1c134da7124836662da20b14697ceaf5d4546b47e35219da95367213321523e6e3b3c47f8e8e068502dc679f07987539a08278453c0d568e01f0d5c3d02bdf2ecb24846f750ee1e2e9cfa064b55c0aa07a3bd94f8e72e5bc1ba7229758d449830eef12cea524a76c5d7732806d1fc3586d790534ac476f1179fe31708bc000d2c456ee66e7d8b60402055ae9beb6cd07089453bd20c9a5ad53e82d803d8b426a95b8cfb2199d5c9189f030a28bc2caf47158f21c073357e5e70c955755fbef375f25c458de6b2d1f5750e181edccfc4704635ab8769c59f21ca30866eff3d929087e5b7779685732b5ec1fb6e221ad8030d8a95f30e51a1f60f5c6338760bb61f2c6cd729c961ba575c7b395123550b8580c4725d96bf060ab63502969e67e697dbf6dc18fa99891cb0e3b97dd84d5f4c7825238187e0ce8eb592fc841a3b38a2e48588dce276787ee06fc5dd5dad5e0ddaae3a941ac219f13216b9dd7de671d8c5d10e9a8fdc801e06b17d8884ff0a6e3d030615e723c7ee8b10f1ac7d30e4e585eafc9440830a77e2f234247fe75e4e46430955452569a35cf4cec514e2e95f907021d9944b1ff0504bc910f5bc921c07703307130383a49fc1f90224b8bff463cd078c6b288fdfc53790b0b39d838f09397df7859ddff05ced223da0987d7fbe038c486bed55a461ea7a70e4f2719c855eb699eec304fac6e97489d3d75d02c393a74a6ad05d0e2dcd76fb855654dbc901d50886c2de4b4a42c60f71791081cbaaf246214a0a73641cb71b5272c402c51a20410a318fe232b079d502a00b6bfccbac4a7f8c4738153365c82b1d7db3058403f7c589d54c56cd2e7d11568f2041b51f5e188125f411e45d51ac2c43b71e795043bb2c86d48628e49edac26e45aa84fbeff64f73f4b404016b34d1cbed0d0a3ebc69a8632a843f3037e171d410968c3a5a446354069e63402486beea8d1d24690907f00cd9637ac056548ded800d345a865189c85b17c8c7caff5a3f9684b717cb035c3f2ec2dc3f4db0c1cac9feefa8fa83e6de00460a890ea9700907c5fa"]}, @typed={0x5, 0x86, 0x0, 0x0, @str='\x00'}, @typed={0xe9, 0x5c, 0x0, 0x0, @binary="531a7fe92ecdd78342d5ba78cc46380f8fbbbb58b7535a6360a3df36ea57b777315b0bc16cd4a4ea8bb658e4024be87c92b7c77d5deda42e1e9cf0daa319f692bfba9b20825695786bdbd4e23caa20ddadcd597fe131c8901e52d31ddc0fe5b312b61e1e8cdc2a137afbb892c41faefa914bdc454837b740a5bcec3a0fe76bcd0683d0c4de2987b1891ba66d74b07296e72133e226439a4a1c8de4407fafbed121551d5d54861c5741bd0af897af5f2bbff8e5880e138ae00244565ffb2a83144a41aa1978546b097545fbe340c481814b574e0ed42221f701bf350f0f110c0745ed20ed8a"}, @typed={0x4, 0x4f}]}, 0x24e4}}, 0x805) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0xb96, &(0x7f0000000180)={0x0, 0xb446, 0x1, 0x2, 0x19}, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000280), &(0x7f0000002840)) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r6, 0x0, 0x500000001) pidfd_getfd(r2, r6, 0x0) 11:18:11 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x81000000}, 0x0) 11:18:11 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x9effffff}, 0x0) 11:18:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x81000000}, 0x0) 11:18:11 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x700, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:11 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff03, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:11 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x300, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x9effffff}, 0x0) 11:18:11 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xcf000000}, 0x0) 11:18:11 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x9effffff}, 0x0) 11:18:11 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf0ffffff}, 0x0) [ 2449.568050] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2463.228776] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:18:25 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) r2 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) io_uring_enter(r3, 0x7843, 0xafb, 0x1, &(0x7f00000000c0)={[0xfffffffffffffffd]}, 0x8) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r7 = open_tree(r0, &(0x7f0000000040)='./file1\x00', 0x903) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r7, 0x8982, &(0x7f0000000080)={0x6, 'xfrm0\x00', {0xad}, 0x81}) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r2) 11:18:25 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x900, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xfffff000}, 0x0) 11:18:25 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x351, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf0ffffff}, 0x0) 11:18:25 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 41) 11:18:25 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf0ffffff}, 0x0) [ 2463.262683] FAULT_INJECTION: forcing a failure. [ 2463.262683] name failslab, interval 1, probability 0, space 0, times 0 [ 2463.265168] CPU: 0 PID: 11654 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2463.266687] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2463.268575] Call Trace: [ 2463.269170] dump_stack+0x107/0x167 [ 2463.270000] should_fail.cold+0x5/0xa [ 2463.270867] ? ___slab_alloc+0x155/0x700 [ 2463.271791] ? create_object.isra.0+0x3a/0xa30 [ 2463.272824] should_failslab+0x5/0x20 [ 2463.273675] kmem_cache_alloc+0x5b/0x310 [ 2463.274600] create_object.isra.0+0x3a/0xa30 [ 2463.275602] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2463.276762] kmem_cache_alloc+0x159/0x310 [ 2463.277698] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2463.278966] idr_get_free+0x4b5/0x8f0 [ 2463.279840] idr_alloc_u32+0x170/0x2d0 [ 2463.280726] ? __fprop_inc_percpu_max+0x130/0x130 [ 2463.281811] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2463.283009] ? lock_release+0x680/0x680 [ 2463.283910] idr_alloc+0xc2/0x130 [ 2463.284685] ? idr_alloc_u32+0x2d0/0x2d0 [ 2463.285569] ? rwlock_bug.part.0+0x90/0x90 [ 2463.286493] p9_client_prepare_req.part.0+0x612/0xac0 [ 2463.287641] p9_client_rpc+0x220/0x1370 [ 2463.288517] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2463.289658] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2463.290809] ? pipe_poll+0x21b/0x800 [ 2463.291609] ? p9_fd_close+0x4a0/0x4a0 [ 2463.292477] ? wait_for_partner+0x3c0/0x3c0 [ 2463.293425] ? p9_fd_poll+0x1e0/0x2c0 [ 2463.294267] ? p9_fd_create+0x357/0x4a0 [ 2463.295144] ? p9_conn_create+0x510/0x510 [ 2463.296068] ? p9_client_create+0x798/0x1230 [ 2463.297039] ? kfree+0xd7/0x340 [ 2463.297766] ? do_raw_spin_unlock+0x4f/0x220 [ 2463.298743] p9_client_create+0xa76/0x1230 [ 2463.299694] ? p9_client_flush+0x430/0x430 [ 2463.300634] ? trace_hardirqs_on+0x5b/0x180 [ 2463.301591] ? lockdep_init_map_type+0x2c7/0x780 [ 2463.302644] ? __raw_spin_lock_init+0x36/0x110 [ 2463.303655] v9fs_session_init+0x1dd/0x1680 [ 2463.304620] ? lock_release+0x680/0x680 [ 2463.305502] ? kmem_cache_alloc_trace+0x151/0x320 [ 2463.306560] ? v9fs_show_options+0x690/0x690 [ 2463.307535] ? trace_hardirqs_on+0x5b/0x180 [ 2463.308489] ? kasan_unpoison_shadow+0x33/0x50 [ 2463.309482] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2463.310597] v9fs_mount+0x79/0x8f0 [ 2463.311373] ? v9fs_write_inode+0x60/0x60 [ 2463.312278] legacy_get_tree+0x105/0x220 [ 2463.313158] vfs_get_tree+0x8e/0x300 [ 2463.313970] path_mount+0x1490/0x21e0 [ 2463.314818] ? strncpy_from_user+0x9e/0x470 [ 2463.315776] ? finish_automount+0xa90/0xa90 [ 2463.316727] ? getname_flags.part.0+0x1dd/0x4f0 [ 2463.317752] ? _copy_from_user+0xfb/0x1b0 [ 2463.318675] __x64_sys_mount+0x282/0x300 [ 2463.319576] ? copy_mnt_ns+0xa00/0xa00 [ 2463.320453] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2463.321620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2463.322758] do_syscall_64+0x33/0x40 [ 2463.323574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2463.324716] RIP: 0033:0x7f9990caeb19 [ 2463.325529] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2463.329611] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2463.331307] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2463.332890] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2463.334458] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2463.336044] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2463.337583] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2463.363166] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:18:25 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xfffff000}, 0x0) 11:18:25 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x480, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xfffff000}, 0x0) 11:18:25 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xffffff7f}, 0x0) 11:18:25 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:25 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xffffff7f}, 0x0) [ 2463.477765] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:18:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xffffff9e}, 0x0) 11:18:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x500, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:37 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xffffff7f}, 0x0) 11:18:37 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xffffff9e}, 0x0) 11:18:37 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 42) 11:18:37 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1fffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:37 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xb00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:37 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) r3 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) syz_io_uring_setup(0x4d50, &(0x7f0000000580), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1}, 0x0) syz_io_uring_submit(r5, r2, &(0x7f00000000c0)=@IORING_OP_READV=@pass_iovec={0x1, 0x2, 0x4004, @fd_index=0x3, 0x6, &(0x7f0000000500)=[{&(0x7f0000000340)=""/207, 0xcf}, {&(0x7f0000000040)=""/16, 0x10}, {&(0x7f0000000440)=""/157, 0x9d}, {&(0x7f0000000080)=""/39, 0x27}, {&(0x7f0000000180)=""/120, 0x78}], 0x5, 0x8, 0xe87e2bfff51b8891}, 0x5) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x500000001) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000680)=@IORING_OP_CLOSE={0x13, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r10}}, 0x0) setsockopt$packet_fanout(r7, 0x107, 0x12, &(0x7f0000000280), 0x4) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r11, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r4, 0x0, 0x500000001) dup2(r0, r1) 11:18:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xfffffff0}, 0x0) [ 2475.433250] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2475.444574] FAULT_INJECTION: forcing a failure. [ 2475.444574] name failslab, interval 1, probability 0, space 0, times 0 [ 2475.446940] CPU: 1 PID: 11688 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2475.448410] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2475.450172] Call Trace: [ 2475.450738] dump_stack+0x107/0x167 [ 2475.451511] should_fail.cold+0x5/0xa [ 2475.452424] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2475.453849] should_failslab+0x5/0x20 [ 2475.454823] kmem_cache_alloc+0x5b/0x310 [ 2475.455742] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2475.456927] idr_get_free+0x4b5/0x8f0 11:18:37 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x600, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2475.457744] idr_alloc_u32+0x170/0x2d0 [ 2475.458730] ? __fprop_inc_percpu_max+0x130/0x130 [ 2475.459742] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2475.460875] ? lock_release+0x680/0x680 [ 2475.461709] idr_alloc+0xc2/0x130 [ 2475.462435] ? idr_alloc_u32+0x2d0/0x2d0 [ 2475.463285] ? rwlock_bug.part.0+0x90/0x90 [ 2475.464200] p9_client_prepare_req.part.0+0x612/0xac0 [ 2475.465286] p9_client_rpc+0x220/0x1370 [ 2475.466123] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2475.467227] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2475.468367] ? pipe_poll+0x21b/0x800 [ 2475.469147] ? p9_fd_close+0x4a0/0x4a0 [ 2475.469964] ? wait_for_partner+0x3c0/0x3c0 [ 2475.470881] ? p9_fd_poll+0x1e0/0x2c0 [ 2475.471688] ? p9_fd_create+0x357/0x4a0 [ 2475.472529] ? p9_conn_create+0x510/0x510 [ 2475.473397] ? p9_client_create+0x798/0x1230 [ 2475.474324] ? kfree+0xd7/0x340 [ 2475.475035] ? do_raw_spin_unlock+0x4f/0x220 [ 2475.475973] p9_client_create+0xa76/0x1230 [ 2475.476862] ? p9_client_flush+0x430/0x430 [ 2475.477749] ? trace_hardirqs_on+0x5b/0x180 11:18:37 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x8000000000000}, 0x0) [ 2475.478727] ? lockdep_init_map_type+0x2c7/0x780 [ 2475.479735] ? __raw_spin_lock_init+0x36/0x110 [ 2475.480712] v9fs_session_init+0x1dd/0x1680 [ 2475.481615] ? lock_release+0x680/0x680 [ 2475.482455] ? kmem_cache_alloc_trace+0x151/0x320 [ 2475.483567] ? v9fs_show_options+0x690/0x690 [ 2475.484588] ? trace_hardirqs_on+0x5b/0x180 [ 2475.485474] ? kasan_unpoison_shadow+0x33/0x50 [ 2475.486408] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2475.487442] v9fs_mount+0x79/0x8f0 [ 2475.488187] ? v9fs_write_inode+0x60/0x60 [ 2475.489037] legacy_get_tree+0x105/0x220 [ 2475.489862] vfs_get_tree+0x8e/0x300 [ 2475.490619] path_mount+0x1490/0x21e0 [ 2475.491404] ? strncpy_from_user+0x9e/0x470 [ 2475.492294] ? finish_automount+0xa90/0xa90 [ 2475.493171] ? getname_flags.part.0+0x1dd/0x4f0 [ 2475.494125] ? _copy_from_user+0xfb/0x1b0 [ 2475.494975] __x64_sys_mount+0x282/0x300 [ 2475.495808] ? copy_mnt_ns+0xa00/0xa00 [ 2475.496625] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2475.497704] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2475.498752] do_syscall_64+0x33/0x40 [ 2475.499521] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2475.500586] RIP: 0033:0x7f9990caeb19 [ 2475.501345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2475.505083] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2475.506640] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2475.508114] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2475.509565] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2475.511013] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2475.512482] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:18:50 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 43) 11:18:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf0ffffffffffff}, 0x0) 11:18:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x700, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xffffff9e}, 0x0) 11:18:50 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xfffffff0}, 0x0) 11:18:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1020, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r2 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000000)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x50400, 0x20) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r0, 0xc0189372, &(0x7f0000000340)=ANY=[@ANYBLOB="01000000010000001800000090aa7adcfdad271492b38da96d1ec7d0d9f609ed091d364190f2987f84b320d420a4858677d51e41e94805be0a8daca40f0a3b11db3366ab0a66b9d636604cc4d4616255210257a441b7c9d8ae78108839b95f0ac342cc06a3338f60d5474c8f08275602b8b827abf66243c75556c542118d4d105de7cf314e483dc2de4f92ec06d4189fe4ec09d77d5dcfc34eb8bc4210caa6274287e0d7846ff17d20fc2b2a4470c92eea412e555fba31c640622bb172e7d6e640e71a24cf70210f292618cf2dbda12516b43f9bb3fa61c4233c37a4c85403b6b7444e6a6945671b49bd27c49d4ae741e47ecfc1137ec74f5d4393fb", @ANYRES32=r3, @ANYBLOB="19000000000000002ad96fadb5d57ad6"]) dup2(r0, r1) [ 2488.408845] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2488.409450] FAULT_INJECTION: forcing a failure. [ 2488.409450] name failslab, interval 1, probability 0, space 0, times 0 [ 2488.413221] CPU: 1 PID: 11721 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2488.414671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2488.416430] Call Trace: [ 2488.416989] dump_stack+0x107/0x167 [ 2488.417755] should_fail.cold+0x5/0xa [ 2488.418556] ? create_object.isra.0+0x3a/0xa30 [ 2488.419513] should_failslab+0x5/0x20 [ 2488.420326] kmem_cache_alloc+0x5b/0x310 [ 2488.421186] create_object.isra.0+0x3a/0xa30 [ 2488.422103] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2488.423176] kmem_cache_alloc+0x159/0x310 [ 2488.424073] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2488.425255] idr_get_free+0x4b5/0x8f0 [ 2488.426074] idr_alloc_u32+0x170/0x2d0 [ 2488.426879] ? __fprop_inc_percpu_max+0x130/0x130 [ 2488.427893] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2488.429037] ? lock_release+0x680/0x680 [ 2488.429879] idr_alloc+0xc2/0x130 [ 2488.430604] ? idr_alloc_u32+0x2d0/0x2d0 [ 2488.431448] ? rwlock_bug.part.0+0x90/0x90 [ 2488.432358] p9_client_prepare_req.part.0+0x612/0xac0 [ 2488.433447] p9_client_rpc+0x220/0x1370 [ 2488.434282] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2488.435384] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2488.436517] ? pipe_poll+0x21b/0x800 [ 2488.437302] ? p9_fd_close+0x4a0/0x4a0 [ 2488.438117] ? wait_for_partner+0x3c0/0x3c0 [ 2488.439022] ? p9_fd_poll+0x1e0/0x2c0 [ 2488.439829] ? p9_fd_create+0x357/0x4a0 [ 2488.440675] ? p9_conn_create+0x510/0x510 [ 2488.441544] ? p9_client_create+0x798/0x1230 [ 2488.442468] ? kfree+0xd7/0x340 [ 2488.443156] ? do_raw_spin_unlock+0x4f/0x220 [ 2488.444071] p9_client_create+0xa76/0x1230 [ 2488.444961] ? p9_client_flush+0x430/0x430 [ 2488.445864] ? trace_hardirqs_on+0x5b/0x180 [ 2488.446780] ? lockdep_init_map_type+0x2c7/0x780 [ 2488.447771] ? __raw_spin_lock_init+0x36/0x110 [ 2488.448747] v9fs_session_init+0x1dd/0x1680 [ 2488.449652] ? lock_release+0x680/0x680 [ 2488.450496] ? kmem_cache_alloc_trace+0x151/0x320 [ 2488.451504] ? v9fs_show_options+0x690/0x690 [ 2488.452454] ? trace_hardirqs_on+0x5b/0x180 [ 2488.453364] ? kasan_unpoison_shadow+0x33/0x50 [ 2488.454331] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2488.455396] v9fs_mount+0x79/0x8f0 [ 2488.456154] ? v9fs_write_inode+0x60/0x60 [ 2488.457026] legacy_get_tree+0x105/0x220 [ 2488.457883] vfs_get_tree+0x8e/0x300 [ 2488.458670] path_mount+0x1490/0x21e0 [ 2488.459481] ? strncpy_from_user+0x9e/0x470 [ 2488.460408] ? finish_automount+0xa90/0xa90 [ 2488.461314] ? getname_flags.part.0+0x1dd/0x4f0 [ 2488.462290] ? _copy_from_user+0xfb/0x1b0 [ 2488.463165] __x64_sys_mount+0x282/0x300 [ 2488.464020] ? copy_mnt_ns+0xa00/0xa00 [ 2488.464841] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2488.465939] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2488.467030] do_syscall_64+0x33/0x40 [ 2488.467796] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2488.468887] RIP: 0033:0x7f9990caeb19 [ 2488.469654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2488.473526] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2488.475131] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2488.476634] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2488.478130] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2488.479632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2488.481135] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:18:50 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x900, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x100000000000000}, 0x0) 11:18:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xfffffff0}, 0x0) 11:18:50 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1600, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:18:50 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x8000000000000}, 0x0) 11:18:50 executing program 0: r0 = openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x105142, 0x88) r1 = openat(0xffffffffffffffff, &(0x7f00000000c0)='./file1\x00', 0x20002, 0x100) r2 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x1010, r1, 0x0) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r2) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000080)={0x2, 0x3}, 0x4) 11:18:50 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x8000000000000}, 0x0) [ 2488.637979] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x200000000000000}, 0x0) 11:19:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf0ffffffffffff}, 0x0) 11:19:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1800, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf0ffffffffffff}, 0x0) 11:19:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4a9, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0xfffffffe}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000080), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000040)={0x11, 0x12, r5, 0x1, 0x1, 0x6, @random='\x00\x00\x00\n\x00'}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:19:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 44) [ 2502.235567] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2502.238615] FAULT_INJECTION: forcing a failure. [ 2502.238615] name failslab, interval 1, probability 0, space 0, times 0 [ 2502.240986] CPU: 0 PID: 11751 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2502.242437] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2502.244190] Call Trace: [ 2502.244747] dump_stack+0x107/0x167 [ 2502.245521] should_fail.cold+0x5/0xa [ 2502.246326] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2502.247524] should_failslab+0x5/0x20 [ 2502.248338] kmem_cache_alloc+0x5b/0x310 [ 2502.249199] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2502.250369] idr_get_free+0x4b5/0x8f0 [ 2502.251183] idr_alloc_u32+0x170/0x2d0 [ 2502.251999] ? __fprop_inc_percpu_max+0x130/0x130 [ 2502.253015] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2502.254134] ? lock_release+0x680/0x680 [ 2502.254966] idr_alloc+0xc2/0x130 [ 2502.255691] ? idr_alloc_u32+0x2d0/0x2d0 [ 2502.256539] ? rwlock_bug.part.0+0x90/0x90 [ 2502.257450] p9_client_prepare_req.part.0+0x612/0xac0 [ 2502.258530] p9_client_rpc+0x220/0x1370 [ 2502.259372] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2502.260478] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2502.261594] ? pipe_poll+0x21b/0x800 [ 2502.262367] ? p9_fd_close+0x4a0/0x4a0 [ 2502.263173] ? wait_for_partner+0x3c0/0x3c0 [ 2502.264071] ? p9_fd_poll+0x1e0/0x2c0 [ 2502.264878] ? p9_fd_create+0x357/0x4a0 [ 2502.265712] ? p9_conn_create+0x510/0x510 [ 2502.266569] ? p9_client_create+0x798/0x1230 [ 2502.267490] ? kfree+0xd7/0x340 [ 2502.268190] ? do_raw_spin_unlock+0x4f/0x220 [ 2502.269119] p9_client_create+0xa76/0x1230 [ 2502.270013] ? p9_client_flush+0x430/0x430 [ 2502.270906] ? trace_hardirqs_on+0x5b/0x180 [ 2502.271809] ? lockdep_init_map_type+0x2c7/0x780 [ 2502.272821] ? __raw_spin_lock_init+0x36/0x110 [ 2502.273807] v9fs_session_init+0x1dd/0x1680 [ 2502.274731] ? lock_release+0x680/0x680 [ 2502.275594] ? kmem_cache_alloc_trace+0x151/0x320 [ 2502.276635] ? v9fs_show_options+0x690/0x690 [ 2502.277593] ? trace_hardirqs_on+0x5b/0x180 [ 2502.278522] ? kasan_unpoison_shadow+0x33/0x50 [ 2502.279500] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2502.280596] v9fs_mount+0x79/0x8f0 [ 2502.281354] ? v9fs_write_inode+0x60/0x60 [ 2502.282238] legacy_get_tree+0x105/0x220 [ 2502.283107] vfs_get_tree+0x8e/0x300 [ 2502.283900] path_mount+0x1490/0x21e0 [ 2502.284727] ? strncpy_from_user+0x9e/0x470 [ 2502.285652] ? finish_automount+0xa90/0xa90 [ 2502.286572] ? getname_flags.part.0+0x1dd/0x4f0 [ 2502.287570] ? _copy_from_user+0xfb/0x1b0 [ 2502.288478] __x64_sys_mount+0x282/0x300 [ 2502.289348] ? copy_mnt_ns+0xa00/0xa00 [ 2502.290190] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2502.291320] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2502.292434] do_syscall_64+0x33/0x40 [ 2502.293235] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2502.294336] RIP: 0033:0x7f9990caeb19 [ 2502.295132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2502.299108] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2502.300755] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2502.302290] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2502.303820] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2502.305383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2502.306919] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:19:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xb00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x100000000000000}, 0x0) 11:19:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x100000000000000}, 0x0) 11:19:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x300000000000000}, 0x0) [ 2502.354755] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x200000000000000}, 0x0) 11:19:04 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x200000000000000}, 0x0) 11:19:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf00000000000000}, 0x0) 11:19:04 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r6, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r6, &(0x7f0000000240)={0x11, 0x0, r8, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r6, r5, 0x0, 0x500000001) accept(r5, &(0x7f0000000040)=@l2={0x1f, 0x0, @none}, &(0x7f00000000c0)=0x80) mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2000000, 0x2010, r1, 0x8000000) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:19:04 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 45) [ 2502.530587] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:04 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xd00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2502.586439] FAULT_INJECTION: forcing a failure. [ 2502.586439] name failslab, interval 1, probability 0, space 0, times 0 [ 2502.588830] CPU: 0 PID: 11785 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2502.590315] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2502.592104] Call Trace: [ 2502.592685] dump_stack+0x107/0x167 [ 2502.593472] should_fail.cold+0x5/0xa [ 2502.594291] ? create_object.isra.0+0x3a/0xa30 [ 2502.595265] should_failslab+0x5/0x20 [ 2502.596077] kmem_cache_alloc+0x5b/0x310 [ 2502.596960] create_object.isra.0+0x3a/0xa30 [ 2502.597897] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2502.598984] kmem_cache_alloc+0x159/0x310 [ 2502.599880] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2502.601090] idr_get_free+0x4b5/0x8f0 [ 2502.601916] idr_alloc_u32+0x170/0x2d0 [ 2502.602749] ? __fprop_inc_percpu_max+0x130/0x130 [ 2502.603777] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2502.604929] ? lock_release+0x680/0x680 [ 2502.605779] idr_alloc+0xc2/0x130 [ 2502.606520] ? idr_alloc_u32+0x2d0/0x2d0 [ 2502.607381] ? rwlock_bug.part.0+0x90/0x90 [ 2502.608303] p9_client_prepare_req.part.0+0x612/0xac0 [ 2502.609410] p9_client_rpc+0x220/0x1370 [ 2502.610259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2502.611387] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2502.612540] ? pipe_poll+0x21b/0x800 [ 2502.613336] ? p9_fd_close+0x4a0/0x4a0 [ 2502.614166] ? wait_for_partner+0x3c0/0x3c0 [ 2502.615093] ? p9_fd_poll+0x1e0/0x2c0 [ 2502.615909] ? p9_fd_create+0x357/0x4a0 [ 2502.616764] ? p9_conn_create+0x510/0x510 [ 2502.617643] ? p9_client_create+0x798/0x1230 [ 2502.618581] ? kfree+0xd7/0x340 [ 2502.619285] ? do_raw_spin_unlock+0x4f/0x220 [ 2502.620239] p9_client_create+0xa76/0x1230 [ 2502.621149] ? p9_client_flush+0x430/0x430 [ 2502.622054] ? trace_hardirqs_on+0x5b/0x180 [ 2502.622977] ? lockdep_init_map_type+0x2c7/0x780 [ 2502.623995] ? __raw_spin_lock_init+0x36/0x110 [ 2502.624992] v9fs_session_init+0x1dd/0x1680 [ 2502.625915] ? lock_release+0x680/0x680 [ 2502.626774] ? kmem_cache_alloc_trace+0x151/0x320 [ 2502.627809] ? v9fs_show_options+0x690/0x690 [ 2502.628772] ? trace_hardirqs_on+0x5b/0x180 [ 2502.629699] ? kasan_unpoison_shadow+0x33/0x50 [ 2502.630676] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2502.631762] v9fs_mount+0x79/0x8f0 [ 2502.632536] ? v9fs_write_inode+0x60/0x60 [ 2502.633423] legacy_get_tree+0x105/0x220 [ 2502.634298] vfs_get_tree+0x8e/0x300 [ 2502.635095] path_mount+0x1490/0x21e0 [ 2502.635916] ? strncpy_from_user+0x9e/0x470 [ 2502.636846] ? finish_automount+0xa90/0xa90 [ 2502.637775] ? getname_flags.part.0+0x1dd/0x4f0 [ 2502.638770] ? _copy_from_user+0xfb/0x1b0 [ 2502.639668] __x64_sys_mount+0x282/0x300 [ 2502.640545] ? copy_mnt_ns+0xa00/0xa00 [ 2502.641382] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2502.642507] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2502.643617] do_syscall_64+0x33/0x40 [ 2502.644425] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2502.645522] RIP: 0033:0x7f9990caeb19 [ 2502.646317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2502.650253] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2502.651898] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2502.653448] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2502.654992] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2502.656536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2502.658065] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2502.689950] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x3302000000000000}, 0x0) 11:19:04 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2010, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:04 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x300000000000000}, 0x0) 11:19:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x400000000000000}, 0x0) 11:19:18 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf00000000000000}, 0x0) [ 2516.968482] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:18 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r0, 0x0) r7 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1}, 0x0) r10 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r7, 0x0) syz_io_uring_submit(r10, r9, &(0x7f0000000100)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, 0x0}, 0x8001) r11 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r9, &(0x7f0000000580)=@IORING_OP_WRITEV={0x2, 0x5, 0x6000, @fd_index=0x8, 0x1, &(0x7f0000000500)=[{&(0x7f0000000040)="baa087641d82e84c37777fcb4493f734d3a5f7eb2640fb869b119ae87e171335b1bd41f0321853609cd359abe0ed4f9219b715e49e4a4178fd83247298b1ec2456ae08ae9c6ceda8ee1068dab2b84cbd9dda6b0dcbeecd7400b0bcca53d52aa9054514d05af122bee32c254d41528c54df4cab49365f10f91bc24404059cc146708a74d133232531cab93fca1ca2cec83c21bc6ee6ea3e8826344ee55d53ef3d4e0ec53ff75e31", 0xa7}, {&(0x7f0000000340)="95253a377bcf6b973ef64501ca7f7326370c607023761f9c83de352b3a6db0a04e62dd51bb2edc1119bb71bddbee750f5fac3b785b8ed8c2eff04782bcae7cd8007f2eaca4d03f57ce84c59dcd7a26f40a712ef283043a512346cd97c76a5df4ff480e3c7796a18d90d88f8dad9c7e754a0aab0ee712e0f136863c1781e5b14df4c9096d56f5c9aaafcf994b0243f42740c7a694be646832c07e6fd960c2ce85b912c4d4f12cefd99e869fa3ba6fa3cd912c9c052ef8325d4aad9aa833", 0xbd}, {&(0x7f0000000180)="b44f5cccf0fc5adffc452fdb44d8a7e2d26db8e6f5110fb52a2179089dcb09f07f5b6cd0e4f981d582b57337aaf494629ea428dc9c488e0181096633ab0d311c46127001afd86d486ef16ccfc8b9557f2ae2", 0x52}, {&(0x7f0000000280)="c67e5a0a772c2788b2f4fe8ebd53406aa7c96d72f07b65d05246e27f76", 0x1d}, {&(0x7f0000000400)="2cce7149f42cbca2b7fb06c2cb74ca49961d7169fd9ee2aab32ce22b38935f31463a64e991edf0202ae6f697e8e0220d0906b0283edd022e380e02011a9f442a6c83eacc4888259e7f5e466e634881aa75dcb0cc3e03d028171998d2ec", 0x5d}, {&(0x7f0000000480)="9f2b16c11d1e48062612", 0xa}, {&(0x7f00000004c0)="b60421fb2a3f5cf9d3a4859036138a97bdd67cabcd773dbb0987f0f2e72299d5c0933a029e2a4971ed952fceff093b33677002a2b99cd02e5d833ce1ab", 0x3d}], 0x7, 0x8, 0x1, {0x3, r11}}, 0x17e) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:19:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 46) 11:19:18 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1020, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x8100000000000000}, 0x0) 11:19:18 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2e00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:18 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2516.991818] FAULT_INJECTION: forcing a failure. [ 2516.991818] name failslab, interval 1, probability 0, space 0, times 0 [ 2516.993257] CPU: 1 PID: 11812 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2516.994110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.995143] Call Trace: [ 2516.995479] dump_stack+0x107/0x167 [ 2516.995934] should_fail.cold+0x5/0xa [ 2516.996424] ? ___slab_alloc+0x155/0x700 [ 2516.996928] ? create_object.isra.0+0x3a/0xa30 [ 2516.997494] should_failslab+0x5/0x20 [ 2516.997966] kmem_cache_alloc+0x5b/0x310 [ 2516.998472] create_object.isra.0+0x3a/0xa30 [ 2516.999024] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2516.999662] kmem_cache_alloc+0x159/0x310 [ 2517.000185] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2517.000891] idr_get_free+0x4b5/0x8f0 [ 2517.001371] idr_alloc_u32+0x170/0x2d0 [ 2517.001859] ? __fprop_inc_percpu_max+0x130/0x130 [ 2517.002457] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2517.003122] ? lock_release+0x680/0x680 [ 2517.003621] idr_alloc+0xc2/0x130 [ 2517.004048] ? idr_alloc_u32+0x2d0/0x2d0 [ 2517.004558] ? rwlock_bug.part.0+0x90/0x90 [ 2517.005094] p9_client_prepare_req.part.0+0x612/0xac0 [ 2517.005733] p9_client_rpc+0x220/0x1370 [ 2517.006225] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2517.006876] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2517.007545] ? pipe_poll+0x21b/0x800 [ 2517.008001] ? p9_fd_close+0x4a0/0x4a0 [ 2517.008491] ? wait_for_partner+0x3c0/0x3c0 [ 2517.009023] ? p9_fd_poll+0x1e0/0x2c0 [ 2517.009496] ? p9_fd_create+0x357/0x4a0 [ 2517.009987] ? p9_conn_create+0x510/0x510 [ 2517.010511] ? p9_client_create+0x798/0x1230 [ 2517.011053] ? kfree+0xd7/0x340 [ 2517.011454] ? do_raw_spin_unlock+0x4f/0x220 [ 2517.011995] p9_client_create+0xa76/0x1230 [ 2517.012534] ? p9_client_flush+0x430/0x430 [ 2517.013056] ? trace_hardirqs_on+0x5b/0x180 [ 2517.013586] ? lockdep_init_map_type+0x2c7/0x780 [ 2517.014168] ? __raw_spin_lock_init+0x36/0x110 [ 2517.014732] v9fs_session_init+0x1dd/0x1680 [ 2517.015262] ? lock_release+0x680/0x680 [ 2517.015754] ? kmem_cache_alloc_trace+0x151/0x320 [ 2517.016356] ? v9fs_show_options+0x690/0x690 [ 2517.016902] ? trace_hardirqs_on+0x5b/0x180 [ 2517.017434] ? kasan_unpoison_shadow+0x33/0x50 [ 2517.017994] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2517.018626] v9fs_mount+0x79/0x8f0 [ 2517.019063] ? v9fs_write_inode+0x60/0x60 [ 2517.019570] legacy_get_tree+0x105/0x220 [ 2517.020070] vfs_get_tree+0x8e/0x300 [ 2517.020564] path_mount+0x1490/0x21e0 [ 2517.021036] ? strncpy_from_user+0x9e/0x470 [ 2517.021568] ? finish_automount+0xa90/0xa90 [ 2517.022098] ? getname_flags.part.0+0x1dd/0x4f0 [ 2517.022677] ? _copy_from_user+0xfb/0x1b0 [ 2517.023192] __x64_sys_mount+0x282/0x300 [ 2517.023687] ? copy_mnt_ns+0xa00/0xa00 [ 2517.024170] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2517.024842] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2517.025476] do_syscall_64+0x33/0x40 [ 2517.025933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2517.026565] RIP: 0033:0x7f9990caeb19 [ 2517.027029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2517.029295] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2517.030229] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2517.031102] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2517.031982] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2517.032860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2517.033727] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:19:18 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x9effffff00000000}, 0x0) 11:19:18 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x500000000000000}, 0x0) [ 2517.129481] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 47) 11:19:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'lo\x00'}) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r6, 0x8982, &(0x7f0000000040)) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:19:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1600, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xf0ffffff00000000}, 0x0) 11:19:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3f00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x9effffff00000000}, 0x0) 11:19:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x600000000000000}, 0x0) [ 2529.483359] FAULT_INJECTION: forcing a failure. [ 2529.483359] name failslab, interval 1, probability 0, space 0, times 0 [ 2529.484777] CPU: 1 PID: 11838 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2529.485569] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2529.486510] Call Trace: [ 2529.486819] dump_stack+0x107/0x167 [ 2529.487245] should_fail.cold+0x5/0xa [ 2529.487684] ? create_object.isra.0+0x3a/0xa30 [ 2529.488211] should_failslab+0x5/0x20 [ 2529.488655] kmem_cache_alloc+0x5b/0x310 [ 2529.489127] create_object.isra.0+0x3a/0xa30 [ 2529.489629] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2529.490211] __kmalloc+0x16e/0x390 [ 2529.490630] p9pdu_readf+0xadb/0x1d40 [ 2529.491073] ? pipe_poll+0x21b/0x800 [ 2529.491499] ? p9pdu_writef+0x100/0x100 [ 2529.491956] ? p9_fd_poll+0x1e0/0x2c0 [ 2529.492401] ? p9_fd_create+0x357/0x4a0 [ 2529.492866] ? p9_conn_create+0x510/0x510 [ 2529.493339] ? p9_client_create+0x798/0x1230 [ 2529.493842] ? kfree+0xd7/0x340 [ 2529.494223] ? do_raw_spin_unlock+0x4f/0x220 [ 2529.494729] p9_client_create+0xaee/0x1230 [ 2529.495218] ? p9_client_flush+0x430/0x430 [ 2529.495704] ? trace_hardirqs_on+0x5b/0x180 [ 2529.496204] ? lockdep_init_map_type+0x2c7/0x780 [ 2529.496757] ? __raw_spin_lock_init+0x36/0x110 [ 2529.497285] v9fs_session_init+0x1dd/0x1680 [ 2529.497780] ? lock_release+0x680/0x680 [ 2529.498236] ? kmem_cache_alloc_trace+0x151/0x320 [ 2529.498776] ? v9fs_show_options+0x690/0x690 [ 2529.499278] ? trace_hardirqs_on+0x5b/0x180 [ 2529.499764] ? kasan_unpoison_shadow+0x33/0x50 [ 2529.500279] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2529.500858] v9fs_mount+0x79/0x8f0 [ 2529.501263] ? v9fs_write_inode+0x60/0x60 [ 2529.501730] legacy_get_tree+0x105/0x220 [ 2529.502193] vfs_get_tree+0x8e/0x300 [ 2529.502611] path_mount+0x1490/0x21e0 [ 2529.503049] ? strncpy_from_user+0x9e/0x470 [ 2529.503535] ? finish_automount+0xa90/0xa90 [ 2529.504023] ? getname_flags.part.0+0x1dd/0x4f0 [ 2529.504557] ? _copy_from_user+0xfb/0x1b0 [ 2529.505025] __x64_sys_mount+0x282/0x300 [ 2529.505478] ? copy_mnt_ns+0xa00/0xa00 [ 2529.505917] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2529.506509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2529.507092] do_syscall_64+0x33/0x40 [ 2529.507509] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2529.508084] RIP: 0033:0x7f9990caeb19 [ 2529.508507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2529.510579] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2529.511436] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2529.512236] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2529.513051] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2529.513848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2529.514650] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2529.527537] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xffffff7f00000000}, 0x0) 11:19:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x700000000000000}, 0x0) 11:19:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1800, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xcf00000000000000}, 0x0) [ 2529.589463] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0xfffffffffffff000}, 0x0) 11:19:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 48) 11:19:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x900000000000000}, 0x0) [ 2529.780566] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xf0ffffff00000000}, 0x0) 11:19:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2010, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x2}, 0x0) 11:19:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xa00000000000000}, 0x0) 11:19:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x0, 0x38}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r4, 0x107, 0x1, &(0x7f0000000180)=0x8, 0x4) bind$packet(r10, &(0x7f0000000240)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r10, r9, 0x0, 0x500000001) syz_io_uring_submit(0x0, r2, &(0x7f0000000080)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd=r7, 0x0, 0x0, 0x100, 0x2, 0x1, {0x0, r8, r9}}, 0x6) dup2(r0, r1) 11:19:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2e00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2529.847986] FAULT_INJECTION: forcing a failure. [ 2529.847986] name failslab, interval 1, probability 0, space 0, times 0 [ 2529.850610] CPU: 0 PID: 11877 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2529.852143] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2529.853974] Call Trace: [ 2529.854565] dump_stack+0x107/0x167 [ 2529.855376] should_fail.cold+0x5/0xa [ 2529.856233] should_failslab+0x5/0x20 [ 2529.857101] __kmalloc_track_caller+0x79/0x370 [ 2529.858131] ? kasprintf+0xbb/0xf0 [ 2529.858959] ? __delete_object+0xb3/0x100 [ 2529.859898] kvasprintf+0xb5/0x150 [ 2529.860718] ? bust_spinlocks+0xe0/0xe0 [ 2529.861628] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2529.862827] kasprintf+0xbb/0xf0 [ 2529.863585] ? kvasprintf_const+0x1a0/0x1a0 [ 2529.864111] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2529.864569] ? kmem_cache_free+0x249/0x2d0 [ 2529.864597] ? p9_client_create+0xbfa/0x1230 [ 2529.867494] p9_client_create+0xc1b/0x1230 [ 2529.868472] ? p9_client_flush+0x430/0x430 [ 2529.869448] ? trace_hardirqs_on+0x5b/0x180 [ 2529.870435] ? lockdep_init_map_type+0x2c7/0x780 [ 2529.871521] ? __raw_spin_lock_init+0x36/0x110 [ 2529.872579] v9fs_session_init+0x1dd/0x1680 [ 2529.873521] ? lock_release+0x680/0x680 [ 2529.874407] ? kmem_cache_alloc_trace+0x151/0x320 [ 2529.875471] ? v9fs_show_options+0x690/0x690 [ 2529.876470] ? trace_hardirqs_on+0x5b/0x180 [ 2529.877431] ? kasan_unpoison_shadow+0x33/0x50 [ 2529.878441] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2529.879557] v9fs_mount+0x79/0x8f0 [ 2529.880350] ? v9fs_write_inode+0x60/0x60 [ 2529.881272] legacy_get_tree+0x105/0x220 [ 2529.882195] vfs_get_tree+0x8e/0x300 [ 2529.883036] path_mount+0x1490/0x21e0 [ 2529.883903] ? strncpy_from_user+0x9e/0x470 [ 2529.884887] ? finish_automount+0xa90/0xa90 [ 2529.885870] ? getname_flags.part.0+0x1dd/0x4f0 [ 2529.886921] ? _copy_from_user+0xfb/0x1b0 [ 2529.887868] __x64_sys_mount+0x282/0x300 [ 2529.888796] ? copy_mnt_ns+0xa00/0xa00 [ 2529.889665] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2529.890823] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2529.892011] do_syscall_64+0x33/0x40 [ 2529.892854] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2529.893984] RIP: 0033:0x7f9990caeb19 [ 2529.894813] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2529.898904] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 11:19:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xb01000000000000}, 0x0) [ 2529.900583] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2529.902266] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2529.903825] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2529.905398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2529.907013] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:19:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xffffff7f00000000}, 0x0) [ 2529.939497] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:45 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x4109}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:19:45 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6400, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:45 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 49) 11:19:45 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3f00, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:45 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf00000000000000}, 0x0) 11:19:45 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x3}, 0x0) 11:19:45 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0xfffffffffffff000}, 0x0) 11:19:45 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2544.083261] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2544.088261] FAULT_INJECTION: forcing a failure. [ 2544.088261] name failslab, interval 1, probability 0, space 0, times 0 [ 2544.090697] CPU: 0 PID: 11902 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2544.092197] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2544.094002] Call Trace: [ 2544.094579] dump_stack+0x107/0x167 [ 2544.095374] should_fail.cold+0x5/0xa [ 2544.096203] should_failslab+0x5/0x20 [ 2544.097040] __kmalloc_track_caller+0x79/0x370 [ 2544.098024] ? kasprintf+0xbb/0xf0 [ 2544.098791] ? __delete_object+0xb3/0x100 [ 2544.099690] kvasprintf+0xb5/0x150 [ 2544.100461] ? bust_spinlocks+0xe0/0xe0 [ 2544.101342] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2544.102496] kasprintf+0xbb/0xf0 [ 2544.103232] ? kvasprintf_const+0x1a0/0x1a0 [ 2544.104169] ? kmem_cache_free+0x249/0x2d0 [ 2544.105106] ? p9_client_create+0xbfa/0x1230 [ 2544.106056] p9_client_create+0xc1b/0x1230 [ 2544.106977] ? p9_client_flush+0x430/0x430 [ 2544.107898] ? trace_hardirqs_on+0x5b/0x180 [ 2544.108843] ? lockdep_init_map_type+0x2c7/0x780 [ 2544.109872] ? __raw_spin_lock_init+0x36/0x110 [ 2544.110868] v9fs_session_init+0x1dd/0x1680 [ 2544.111803] ? lock_release+0x680/0x680 [ 2544.112684] ? kmem_cache_alloc_trace+0x151/0x320 11:19:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0x0) [ 2544.113735] ? v9fs_show_options+0x690/0x690 [ 2544.114843] ? trace_hardirqs_on+0x5b/0x180 [ 2544.115777] ? kasan_unpoison_shadow+0x33/0x50 [ 2544.116773] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2544.117870] v9fs_mount+0x79/0x8f0 [ 2544.118637] ? v9fs_write_inode+0x60/0x60 [ 2544.119529] legacy_get_tree+0x105/0x220 [ 2544.120407] vfs_get_tree+0x8e/0x300 [ 2544.121220] path_mount+0x1490/0x21e0 [ 2544.122049] ? strncpy_from_user+0x9e/0x470 [ 2544.122985] ? finish_automount+0xa90/0xa90 [ 2544.123921] ? getname_flags.part.0+0x1dd/0x4f0 [ 2544.124939] ? _copy_from_user+0xfb/0x1b0 [ 2544.125840] __x64_sys_mount+0x282/0x300 [ 2544.126715] ? copy_mnt_ns+0xa00/0xa00 [ 2544.127560] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2544.128699] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2544.129814] do_syscall_64+0x33/0x40 [ 2544.130619] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2544.131723] RIP: 0033:0x7f9990caeb19 [ 2544.132533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2544.136525] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2544.138192] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2544.139741] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2544.141300] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2544.142851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2544.144401] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:19:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x8}, 0x0) 11:19:46 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x2}, 0x0) 11:19:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4800000000000000}, 0x0) 11:19:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf}, 0x0) 11:19:46 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8004, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2544.265541] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:19:46 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:46 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5103, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:19:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x8}, 0x0) 11:20:00 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 50) 11:20:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x4c00000000000000}, 0x0) [ 2558.612456] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:20:00 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x16000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000440), 0x5, 0x363504) r2 = syz_io_uring_setup(0x2166, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r1}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x9, 0x0, &(0x7f0000000240)=[{&(0x7f0000000700)=""/222, 0xde}], 0x1}, 0x0) syz_io_uring_submit(r4, r3, &(0x7f0000000080)=@IORING_OP_LINK_TIMEOUT={0xf, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x989680}, 0x1, 0x1, 0x1}, 0x98b) r6 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r8, &(0x7f0000000240)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r8, r7, 0x0, 0x500000001) r11 = dup2(r0, r2) syz_io_uring_setup(0x3da3, &(0x7f0000000180)={0x0, 0x1ce5, 0x8, 0x1, 0x29e, 0x0, r6}, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f00000000c0)=0x0, &(0x7f0000000280)) r13 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000005, 0x11, r11, 0x10000000) syz_io_uring_submit(r12, r13, &(0x7f0000000400)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd_index=0x8, 0x3, &(0x7f0000000340)="1d921a87d30b1ab7331935d11dea01d1f16118b0452287cf28873546fcf0a5cd16bebb895fb6cd954181264435a6556ebb039fc3cba149215d0e4e9b8eedd0446728582a85eb14b3f0409e335596a629450567e34d0c15a3ea3534ce265aa71184f5a669cca33512712bf87b3f6920b64fe510ff7ca88a47acce390ed91403a68e047abec4ea1a3dece86b35179501a084a1a6515d8d906fb43fcdc3ab857cb470a36eab", 0xa4, 0x15, 0x1}, 0xffff) 11:20:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf}, 0x0) 11:20:00 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6400, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xc400, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf0}, 0x0) [ 2558.651868] FAULT_INJECTION: forcing a failure. [ 2558.651868] name failslab, interval 1, probability 0, space 0, times 0 [ 2558.654627] CPU: 0 PID: 11947 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2558.656089] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2558.657838] Call Trace: [ 2558.658400] dump_stack+0x107/0x167 [ 2558.659166] should_fail.cold+0x5/0xa [ 2558.659981] should_failslab+0x5/0x20 [ 2558.660792] __kmalloc_track_caller+0x79/0x370 [ 2558.661745] ? kstrdup_const+0x53/0x80 [ 2558.662561] ? kasprintf+0xbb/0xf0 [ 2558.663311] kstrdup+0x36/0x70 [ 2558.663982] kstrdup_const+0x53/0x80 [ 2558.664770] kmem_cache_create_usercopy+0x12f/0x2f0 [ 2558.665810] p9_client_create+0xc6a/0x1230 [ 2558.666713] ? p9_client_flush+0x430/0x430 [ 2558.667587] ? trace_hardirqs_on+0x5b/0x180 [ 2558.668501] ? lockdep_init_map_type+0x2c7/0x780 [ 2558.669498] ? __raw_spin_lock_init+0x36/0x110 [ 2558.670438] v9fs_session_init+0x1dd/0x1680 [ 2558.671327] ? lock_release+0x680/0x680 [ 2558.672162] ? kmem_cache_alloc_trace+0x151/0x320 [ 2558.673190] ? v9fs_show_options+0x690/0x690 [ 2558.674114] ? trace_hardirqs_on+0x5b/0x180 [ 2558.675005] ? kasan_unpoison_shadow+0x33/0x50 [ 2558.675946] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2558.677005] v9fs_mount+0x79/0x8f0 [ 2558.677762] ? v9fs_write_inode+0x60/0x60 [ 2558.678615] legacy_get_tree+0x105/0x220 [ 2558.679471] vfs_get_tree+0x8e/0x300 [ 2558.680228] path_mount+0x1490/0x21e0 [ 2558.681055] ? strncpy_from_user+0x9e/0x470 [ 2558.681949] ? finish_automount+0xa90/0xa90 [ 2558.682836] ? getname_flags.part.0+0x1dd/0x4f0 [ 2558.683788] ? _copy_from_user+0xfb/0x1b0 [ 2558.684648] __x64_sys_mount+0x282/0x300 [ 2558.685505] ? copy_mnt_ns+0xa00/0xa00 [ 2558.686327] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2558.687397] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2558.688452] do_syscall_64+0x33/0x40 [ 2558.689225] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2558.690275] RIP: 0033:0x7f9990caeb19 [ 2558.691040] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2558.694799] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2558.696353] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2558.697818] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2558.699274] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2558.700735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2558.702215] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2558.703806] kmem_cache_create(9p-fcall-cache-137) failed with error -12 [ 2558.705237] CPU: 0 PID: 11947 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2558.706649] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2558.708331] Call Trace: [ 2558.708870] dump_stack+0x107/0x167 [ 2558.709622] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2558.710689] p9_client_create+0xc6a/0x1230 [ 2558.711557] ? p9_client_flush+0x430/0x430 [ 2558.712422] ? trace_hardirqs_on+0x5b/0x180 [ 2558.713317] ? lockdep_init_map_type+0x2c7/0x780 [ 2558.714289] ? __raw_spin_lock_init+0x36/0x110 [ 2558.715223] v9fs_session_init+0x1dd/0x1680 [ 2558.716109] ? lock_release+0x680/0x680 [ 2558.716931] ? kmem_cache_alloc_trace+0x151/0x320 [ 2558.717938] ? v9fs_show_options+0x690/0x690 [ 2558.718848] ? trace_hardirqs_on+0x5b/0x180 [ 2558.719751] ? kasan_unpoison_shadow+0x33/0x50 [ 2558.720678] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2558.721724] v9fs_mount+0x79/0x8f0 [ 2558.722568] ? v9fs_write_inode+0x60/0x60 [ 2558.723628] legacy_get_tree+0x105/0x220 [ 2558.724513] vfs_get_tree+0x8e/0x300 [ 2558.725321] path_mount+0x1490/0x21e0 [ 2558.726121] ? strncpy_from_user+0x9e/0x470 [ 2558.727041] ? finish_automount+0xa90/0xa90 [ 2558.727950] ? getname_flags.part.0+0x1dd/0x4f0 [ 2558.728942] ? _copy_from_user+0xfb/0x1b0 [ 2558.729830] __x64_sys_mount+0x282/0x300 [ 2558.730696] ? copy_mnt_ns+0xa00/0xa00 [ 2558.731526] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2558.732622] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2558.733722] do_syscall_64+0x33/0x40 [ 2558.734536] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2558.735621] RIP: 0033:0x7f9990caeb19 [ 2558.736401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2558.740241] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2558.741841] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2558.743341] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2558.744829] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2558.746334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2558.747819] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:20:00 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x18000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x233}, 0x0) 11:20:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xcf}, 0x0) 11:20:00 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8004, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6800000000000000}, 0x0) 11:20:00 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x300}, 0x0) 11:20:00 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xedc0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf0}, 0x0) [ 2558.927254] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:20:24 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 51) 11:20:24 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xff03, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:24 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xc100, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf00}, 0x0) 11:20:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x6c00000000000000}, 0x0) 11:20:24 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) syz_io_uring_setup(0x7c17, &(0x7f00000002c0)={0x0, 0xfffffffe, 0x10, 0xfffffffc, 0x318, 0x0, r1}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000180), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x810, r1, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) ioctl$sock_SIOCSPGRP(r5, 0x8902, &(0x7f00000001c0)=0xffffffffffffffff) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r7, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, 0xffffffffffffffff, 0x0, 0x500000001) syz_io_uring_submit(r2, 0x0, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)='./file1\x00', 0x46, 0x404000, 0x12345}, 0xa1b6) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:20:24 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2582.345760] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:20:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf00}, 0x0) [ 2582.353741] FAULT_INJECTION: forcing a failure. [ 2582.353741] name failslab, interval 1, probability 0, space 0, times 0 [ 2582.356344] CPU: 1 PID: 12000 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2582.357536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2582.358945] Call Trace: [ 2582.359398] dump_stack+0x107/0x167 [ 2582.360027] should_fail.cold+0x5/0xa [ 2582.360677] ? create_object.isra.0+0x3a/0xa30 [ 2582.361474] should_failslab+0x5/0x20 [ 2582.362125] kmem_cache_alloc+0x5b/0x310 [ 2582.362815] ? lock_acquire+0x197/0x470 [ 2582.363505] create_object.isra.0+0x3a/0xa30 [ 2582.364248] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.365133] __kmalloc_track_caller+0x177/0x370 [ 2582.365913] ? kstrdup_const+0x53/0x80 [ 2582.366570] ? kasprintf+0xbb/0xf0 [ 2582.367175] kstrdup+0x36/0x70 [ 2582.367717] kstrdup_const+0x53/0x80 [ 2582.368351] kmem_cache_create_usercopy+0x12f/0x2f0 [ 2582.369202] p9_client_create+0xc6a/0x1230 [ 2582.369933] ? p9_client_flush+0x430/0x430 [ 2582.370656] ? trace_hardirqs_on+0x5b/0x180 [ 2582.371383] ? lockdep_init_map_type+0x2c7/0x780 [ 2582.372196] ? __raw_spin_lock_init+0x36/0x110 [ 2582.372980] v9fs_session_init+0x1dd/0x1680 [ 2582.373722] ? lock_release+0x680/0x680 [ 2582.374401] ? kmem_cache_alloc_trace+0x151/0x320 [ 2582.375215] ? v9fs_show_options+0x690/0x690 [ 2582.375970] ? trace_hardirqs_on+0x5b/0x180 [ 2582.376694] ? kasan_unpoison_shadow+0x33/0x50 [ 2582.377468] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.378324] v9fs_mount+0x79/0x8f0 [ 2582.378923] ? v9fs_write_inode+0x60/0x60 [ 2582.379626] legacy_get_tree+0x105/0x220 [ 2582.380313] vfs_get_tree+0x8e/0x300 [ 2582.380938] path_mount+0x1490/0x21e0 [ 2582.381597] ? strncpy_from_user+0x9e/0x470 [ 2582.382322] ? finish_automount+0xa90/0xa90 [ 2582.383053] ? getname_flags.part.0+0x1dd/0x4f0 [ 2582.383829] ? _copy_from_user+0xfb/0x1b0 [ 2582.384543] __x64_sys_mount+0x282/0x300 [ 2582.385241] ? copy_mnt_ns+0xa00/0xa00 [ 2582.385895] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2582.386785] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.387658] do_syscall_64+0x33/0x40 [ 2582.388300] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2582.389175] RIP: 0033:0x7f9990caeb19 [ 2582.389793] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2582.392882] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2582.394174] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2582.395368] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2582.396565] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2582.397763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2582.398954] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:20:24 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7400000000000000}, 0x0) 11:20:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xcf00}, 0x0) 11:20:24 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xedc0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:24 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x3302}, 0x0) 11:20:24 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:24 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x40000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2582.514356] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:20:24 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xff03, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:24 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf000}, 0x0) 11:20:36 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 52) 11:20:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x80000}, 0x0) 11:20:36 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x80000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x7a00000000000000}, 0x0) 11:20:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x8100}, 0x0) 11:20:36 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x40000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:36 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x2e000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:36 executing program 0: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r1, r0, 0x0, 0x500000001) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) bind$packet(r1, &(0x7f0000000040)={0x11, 0xc, r6, 0x1, 0x6, 0x6, @remote}, 0x14) ioctl$sock_SIOCGIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8982, &(0x7f0000000080)={0x2, 'team_slave_1\x00', {0x101}, 0x1}) [ 2594.332185] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2594.343593] FAULT_INJECTION: forcing a failure. [ 2594.343593] name failslab, interval 1, probability 0, space 0, times 0 [ 2594.345259] CPU: 0 PID: 12033 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2594.346281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2594.347475] Call Trace: [ 2594.347861] dump_stack+0x107/0x167 [ 2594.348390] should_fail.cold+0x5/0xa [ 2594.348953] ? create_object.isra.0+0x3a/0xa30 [ 2594.349620] should_failslab+0x5/0x20 [ 2594.350168] kmem_cache_alloc+0x5b/0x310 [ 2594.350762] create_object.isra.0+0x3a/0xa30 [ 2594.351401] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2594.352148] kmem_cache_alloc+0x159/0x310 [ 2594.352752] kmem_cache_create_usercopy+0x190/0x2f0 [ 2594.353494] p9_client_create+0xc6a/0x1230 [ 2594.354125] ? p9_client_flush+0x430/0x430 [ 2594.354748] ? trace_hardirqs_on+0x5b/0x180 [ 2594.355376] ? lockdep_init_map_type+0x2c7/0x780 [ 2594.356064] ? __raw_spin_lock_init+0x36/0x110 [ 2594.356736] v9fs_session_init+0x1dd/0x1680 [ 2594.357363] ? lock_release+0x680/0x680 [ 2594.357944] ? kmem_cache_alloc_trace+0x151/0x320 [ 2594.358641] ? v9fs_show_options+0x690/0x690 [ 2594.359293] ? trace_hardirqs_on+0x5b/0x180 [ 2594.359943] ? kasan_unpoison_shadow+0x33/0x50 [ 2594.360607] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2594.361345] v9fs_mount+0x79/0x8f0 [ 2594.361856] ? v9fs_write_inode+0x60/0x60 [ 2594.362449] legacy_get_tree+0x105/0x220 [ 2594.363053] vfs_get_tree+0x8e/0x300 [ 2594.363588] path_mount+0x1490/0x21e0 [ 2594.364143] ? strncpy_from_user+0x9e/0x470 [ 2594.364755] ? finish_automount+0xa90/0xa90 [ 2594.365383] ? getname_flags.part.0+0x1dd/0x4f0 [ 2594.366047] ? _copy_from_user+0xfb/0x1b0 [ 2594.366649] __x64_sys_mount+0x282/0x300 [ 2594.367228] ? copy_mnt_ns+0xa00/0xa00 [ 2594.367793] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2594.368544] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2594.369296] do_syscall_64+0x33/0x40 [ 2594.369830] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2594.370565] RIP: 0033:0x7f9990caeb19 [ 2594.371104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2594.373779] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2594.374869] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2594.375891] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2594.376926] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2594.377956] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2594.378985] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:20:36 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf0ffff}, 0x0) 11:20:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf000}, 0x0) 11:20:36 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x80000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x8100000000000000}, 0x0) 11:20:36 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1fffff, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2594.494651] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:20:36 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x3f000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:36 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x80000}, 0x0) 11:20:36 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x9effffff00000000}, 0x0) [ 2594.570447] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2607.230613] FAULT_INJECTION: forcing a failure. [ 2607.230613] name failslab, interval 1, probability 0, space 0, times 0 [ 2607.231982] CPU: 1 PID: 12072 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2607.232775] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2607.233735] Call Trace: [ 2607.234040] dump_stack+0x107/0x167 [ 2607.234455] should_fail.cold+0x5/0xa [ 2607.234886] ? __kmem_cache_create+0x10e/0x520 [ 2607.235410] should_failslab+0x5/0x20 [ 2607.235845] kmem_cache_alloc_node+0x55/0x330 [ 2607.236361] __kmem_cache_create+0x10e/0x520 [ 2607.236866] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2607.237446] p9_client_create+0xc6a/0x1230 [ 2607.237934] ? p9_client_flush+0x430/0x430 [ 2607.238420] ? trace_hardirqs_on+0x5b/0x180 [ 2607.238914] ? lockdep_init_map_type+0x2c7/0x780 11:20:49 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 53) 11:20:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x1000000}, 0x0) 11:20:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf0ffff}, 0x0) 11:20:49 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1fffff, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2607.239456] ? __raw_spin_lock_init+0x36/0x110 [ 2607.240253] v9fs_session_init+0x1dd/0x1680 [ 2607.240742] ? lock_release+0x680/0x680 [ 2607.241198] ? kmem_cache_alloc_trace+0x151/0x320 [ 2607.241752] ? v9fs_show_options+0x690/0x690 [ 2607.242264] ? trace_hardirqs_on+0x5b/0x180 [ 2607.242756] ? kasan_unpoison_shadow+0x33/0x50 [ 2607.243277] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2607.243854] v9fs_mount+0x79/0x8f0 [ 2607.244259] ? v9fs_write_inode+0x60/0x60 [ 2607.244727] legacy_get_tree+0x105/0x220 [ 2607.245198] vfs_get_tree+0x8e/0x300 [ 2607.245630] path_mount+0x1490/0x21e0 [ 2607.246069] ? strncpy_from_user+0x9e/0x470 [ 2607.246559] ? finish_automount+0xa90/0xa90 [ 2607.247050] ? getname_flags.part.0+0x1dd/0x4f0 [ 2607.247574] ? _copy_from_user+0xfb/0x1b0 [ 2607.248045] __x64_sys_mount+0x282/0x300 [ 2607.248507] ? copy_mnt_ns+0xa00/0xa00 [ 2607.248949] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2607.249550] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2607.250139] do_syscall_64+0x33/0x40 [ 2607.250563] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2607.251147] RIP: 0033:0x7f9990caeb19 [ 2607.251578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2607.253666] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2607.254531] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2607.255341] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2607.256147] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2607.256951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2607.257769] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2607.258660] kmem_cache_create(9p-fcall-cache-140) failed with error -22 [ 2607.259446] CPU: 1 PID: 12072 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2607.260235] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2607.261178] Call Trace: [ 2607.261485] dump_stack+0x107/0x167 [ 2607.261898] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2607.262493] p9_client_create+0xc6a/0x1230 [ 2607.262971] ? p9_client_flush+0x430/0x430 [ 2607.263448] ? trace_hardirqs_on+0x5b/0x180 [ 2607.263935] ? lockdep_init_map_type+0x2c7/0x780 [ 2607.264478] ? __raw_spin_lock_init+0x36/0x110 [ 2607.264997] v9fs_session_init+0x1dd/0x1680 [ 2607.265503] ? lock_release+0x680/0x680 [ 2607.265962] ? kmem_cache_alloc_trace+0x151/0x320 [ 2607.266506] ? v9fs_show_options+0x690/0x690 [ 2607.267021] ? trace_hardirqs_on+0x5b/0x180 [ 2607.267510] ? kasan_unpoison_shadow+0x33/0x50 [ 2607.268035] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2607.268611] v9fs_mount+0x79/0x8f0 [ 2607.269011] ? v9fs_write_inode+0x60/0x60 [ 2607.269493] legacy_get_tree+0x105/0x220 [ 2607.269952] vfs_get_tree+0x8e/0x300 [ 2607.270371] path_mount+0x1490/0x21e0 [ 2607.270807] ? strncpy_from_user+0x9e/0x470 [ 2607.270910] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2607.271298] ? finish_automount+0xa90/0xa90 [ 2607.271309] ? getname_flags.part.0+0x1dd/0x4f0 [ 2607.271320] ? _copy_from_user+0xfb/0x1b0 [ 2607.271334] __x64_sys_mount+0x282/0x300 [ 2607.271353] ? copy_mnt_ns+0xa00/0xa00 [ 2607.275528] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2607.276123] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2607.276713] do_syscall_64+0x33/0x40 [ 2607.277148] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2607.277743] RIP: 0033:0x7f9990caeb19 [ 2607.278173] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2607.280271] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2607.281131] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2607.281957] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2607.282768] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2607.283575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2607.284385] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:20:49 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xf0ffffff00000000}, 0x0) 11:20:49 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:49 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:49 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) r7 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0, 0x1010, 0xffffffffffffffff, 0x8000000) r8 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r9 = syz_io_uring_setup(0x2bb9, &(0x7f0000000100), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000002a40)) io_uring_register$IORING_REGISTER_PERSONALITY(r8, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005e80)=[{{&(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000280)=[{&(0x7f0000000340)="b4b99ffe79b662a3040f004e01fd217dc9e7d13b6575d049fd6d4cf5add3367bc5d866e909f7f91f4eb8225344c1562476f9a00aca99668541657a4ee645637c077434460feed35dbb2a07910b09031794a55982a130af30ad688d54e7d8c0e65c0cdf04d861fec65552377eb287c91d65c4d845c83ce80e9d94b8a9e303ee9cea9364751421e0fa888d11395ad9292f901e1db9e8dbfd732e5ccf1a0ed9cf6c22d4b6cb64b90b1e1f3afc147ea1189188afd1bb2c3b7a01a710acbf2e8303fe13016bcef6825ad640d69624d480719c5c94953370273687615e1f67491d115f6507020089392155fffba93a9d7918bd645127a13faf02260f004b04ed3e13b8372ae4b143dff1a2d02308e4ae67a3af4426d10d00dae602ef6b138fade3a2a481b7b9420d258046a64c1168248463396ac71763d6ebd6e007b136023d134f4766317878280d4e71196e4b75b33a7f45a54fc8d02d65c885e927ef0c807adf4aa940e3439829765179f4b954478b47fd0f126065342b6e731b07fe8a619c9cc103f70d8b511043d4656c9a0e81d18c7dfcbe4b32aa491b3f2190718a60899e9d2a194d49d9de1f8ea87a69e23deaf0bb6193ab07a63eb4e898fcd50a58811390279617dd440073187bcfca28586880a1a4182929be232ab8cf70aa313d8479cf8f13bb704d8bfaff682bcac4691230bb1ae30968aa2cc5fa93d2c0d8ae35611e1fdaea4470ae22db1cc6f954af038928627b4d6a22d2525eb281b6b03addaf513afb6b975f36266b9137ad52b2f6d14af0de4d8541ce2134238a2aa30b82ef8da2f15320de0cbae1d2fff0bf917d0e08adfa0c32522fa4b5934eee09c75f4a34ff444d42868f09cd95ea76f109a2f7a9327b7b49b8687374bfc5ea66277e070cd575fb695c2e4abc2b3d5b434cb7c012baa302d724b8968439e0ba8153e44e93f131055b217da6d66928227d9463a03242839bee79880fcdf635ce51bafed14cc841978468a505093bd07b8792229e7854ffdbe01a2d0f10ac3478ae2b47056a34088d3d4b9e1db346e1aa040a66b40aedaccda44b4bff285c3845d99d397e528fd1af6e22b64be43590e63f79c6c7eacdf095177febafcaebc98628d7b2029c29ce4944ec7da8923549a68a30ac790be5d02fdcbf95bd88c9b09ff670c4553652f2ded6be63232030cdc4c71c234053deca9293cfe132c9e21d04ddfea436453291ac501144d175d89b339d716b0e8f5ad0514d1c6d92f938a87923d4ac477860ebbd896e39ae19c0d02d0fea8bb771d4ecd9d254330e526d624098569bff2644331c2be57329aff384556ebbd32af3e2ba0132c1e90390fe5935a3f774ae4a7325c63317f0da88c2b08a15dc01fbe05e28a6ccafd7182011395add242ee4a270618a2df05d01757c4742f97fb7c50128803b388766dd3f44b76c0a8da804de233af5a6826bd9a8a2c61b83c38df5dfe63bd855add69fe4e10a9b3fc08c57ee80e5ceda17f3032b99b5f1de905854a6b553f7086817367803df7ae30eaa7c081ea1407d68b99526b394740808a07f701a5c5b8803835db7f2f0a572fd7e415f2ec90f0341f2bc4f90dc71b3e188cd98c080fbcf2263a384f68f4b6d7a21bc498bc668b18443d82330e6fb2c19a6f73757ae71ff57906ed2a3ea733991da185a62270db7de0f15e0525e22d11564a3ac2150666f5a8928bcfee18d1dcd0508293830fc88c2cab7997a744a3f45ef1de1c5ef6e7f9c8b64994ead16b293e40ed0555a9103fafa93435e6c7ca695e5419f467239afe587e23a5537c896dece4bb6322edb5cb52d3d47686734006e2edb4661bf286f2e9238d0de7117d58194dabd207dbf41fbb2e0dab45c922d625f05abed5bc5e8072604b05f12631d2695c289af439043a786cb7c59ade4854ac2b469b5eb468bc867e1f25ff96d124286f20f41c9ca7d3f4e689348d82f1f39c4680f4fc3e08feef1bca71816044966e424f6670ac4e84ccbf6d8cd9c197c1af42ca219baa2274741cba1d4d0dc6bf06edc492a35842f627bb09e9f68b2905cd22ef725f5bbdd9811d9f7fe563b21764caad53ecea078b32bfe0158317eff88dc9563fa8a7e19f554c3f042f4971feb8d687ecd8279ddb94ba4256a7cbc013d4b55e2bd2f2ce636084c01a69e04d341940b85d3629d1e220f36d5beaaa5846a08c12d7133609d45b9be3ba19d0a2c741d794f6c27f3405f091bfb816886f4d77c7438e5c74a6f1813d3f1140f3ab75b4601750d7789b645099b81f7a20be3d5eb97eb09ea7b18a985c51033c5b8722e4ea0d8a4aa91c9f7a21084b87a7c31a03766d84a1a1f7854de33499de318f0ac91b2e8f41e9df882f21d565c0af595a2bb8ada495e132d008243fab84880282696fd4b445a380ae0dc677f3549d9e40c70dff6a586be87b3c033a38f45dbaf0f9e315cc134f9fccf546069d4700a1da943e56b553a9dc2dc56aff590a49ff92044252029623b025ccd78f4d63d20b0c6e2c4bf2c3e81d16d271e4810ddb54edc56a6b80acae60af64ce99e60c8701a38e5412dd53ad2f7a84acc35b74cc773897232f95e6dbc2367fd5338b0ecdc501b92fe3e3fdba790cbc4a269a8971a1ad8e54dca9377ca446aac57315d91b5cf9c9ce647e846266f3d2743f0b9c038eab120a2c919e5463145e7cd2e7768c627a00a950297cd19c05b3073eef5d04ffec57af486560a5b1a2a34b9e7a530107a4fb13c9f44ba06a51f87a27d68bf281b2b64443a1ddaa2bab3ccff9da79dcdcbebdb00b2368ae60172c2cfc679a35c1b6bfe7f20c07003fdd61b537b7cbf65147377ae8120a2c3e7ee8bfb7980d8ba7101ce3a4c761a23ea8ed22f7d92a920b9ed4de63fdbcb898244286f4dc4b2a9101fa22beff4b16de34c1ec6beb0c26e12200a4ecbaec5a87f1bcf44e8f59ce9e766e2ba80fb76b28623a74c2466364c4f4f1ed52c83dc87b1782aed952c470cc8dd8410cbc1b8b860db70e90de5659958652dc80af9bf5e014db7adfdd06164f763a822baaa8564497e74fd029b5e44a2f3734e13fd7a828cea03236ecb81943b451a59022a8b0d79c9762bf4567cc4277b3ab3da4ea079732dfd25cdf6dfe76cc051274a17ce704caebb08991f74a2fd07c2504e2498f34b3f79dc3363600ffb198cb3a45cc853dda382478840f6d4fc52d1d7c93adfe857db0964f15e94af11a52560a39fbd9a46da0be25884756d5c2c8ca884ab8947236dd1cde8c513d14650ea982a9a13d66a5faba7a5969e97b580ff99d175b33820a37fc156048b727eb152670fffa7c277d37c38185900b9932b4c4e10ba99398edcd29cdcc8062f6c94753ffe8fbfdfe37ff01ec3d34cf8d2aaa2433c0943892688fab9faeb9bb375ae0ce6d2d5e0ca544d36560ec6417c9cdca5d5f7f47c7d0c944ba9b44f62d2cd15256dac81b99ee9893e3cd35ba8d1b0cd435898ddd11cd93d6ce0d48c70979d0cc805465218e5e420852f825facaf8409a7990f903e3dad73f2acc15a585e541ea98c6a336bc938330da7549b2988b005af8e4b717689af0d17703d5890f49a7647582ed396f9128c94f10a216f0effc2e2c5a55da663bacd7c894a17ac9199c170c6c55f4d44fbef6c6f758592debd22509ccfb58014492c2e722148f3b902b40020594178b00f3cf6fb3e1569a0e5f65fd487b2c38fb003cff6b8f01371bb616698c42bdd84c7610c502f86e9bf1db97ab41aca1841230cee3de3767c5d1875d69138ed7726d5454eb869bd59aed480fdd794977d5fe523921f4baab029e37f9725d16ea602a0b3e07010ea9bb221ecea52f189086b161477d3691b6871af35dd0f1a519632f84a2779c53925c8fccbd5d3fe05b01a329bce8300e4c3a4132c2b614395f587bc2170f547209efa51c76cbc89e5b6f7b43c567c73d53065cdca5fb1b8d77fef5226390bc7b91db76fd42921a6cf4d0a2710b162e8ea09dccf50ea2cdc74cef21175d516a8bebaaa985b11beea5e52998474cba0d2d5948ef849d5f5f997085eb8cb73b6b3171def0cd48cca5a392ad08c19a0e85ad2c47a460b570273454d0969bce5277b2e5e709d4709eb434e7200f1992ff415425830100852a54f2ea182a1cfb493d4810d32de170ea806ec2698ca5507a4bcf52fd75f26e70cd73c5af533625caa784b6343542fcda8df6aa735df7350bc38161a0846972ce9e1b068ecea06323ba6b5143a1c51791a195ddabdbaf203216461ed9b7708b1a7a9decf056769f1dc4942606080b8012355c012021b07cb2544aaf26c0f7735183e4383a081f2792ad71ba7e1331122f88f8af3592cbf060d983750bac438da6f73beb4312aac4033c195998de576eafabd1ab17c6504219670001d0ec842e87cf255288bcc911b203cfc5e4494a7d720666f20b86ccf3cb00f440bb765532cba9df1323d5c210aaa09c9e0c43d29d0fc6019a807d6e545303f28bff8310d0dcf4a91926df05e08a479a721155260a5215acf43eaafcf42d5dcc73a10e7de3768ea7f9c36d4c15145ba259614cdbefa6fbf9acb0bf80358159b8cbd1ea4bbc792d3bdef6e97ebc3804321d638c2c14b47b4faf28cf8d84416b223132cb0f3e2b2089084b00209aa6ddfbe0fc11c74e0463f263eb528fa883d86f96b43e018ddd291fcc3b3b5fb77db0fe05c1458fac926a247ae99b4f9c6e2453f8d571611203d4925bdeba35438cc46be004d869a0cd87524d8e6ccf83040188539acb910d72d90b2a16d9ed6f968b70efb6fd635ff7261a84ddcc8220d8ef56c612b0ff35990f8e65f73dea5db036a2cfc7b8c8f75d289ebfb5a4d0e83f29513a5af142756ac702e0cba7cacfceeeffad2585443ccf82d9d2a17e2bcfeda790e36195e27559fb9632efcb62286f5ecfab747e473a892a11450284f74a9ab177e9fdc2024c16eb40ca334c7de2ad443fafd5a65aea60be045bee007c6e0d9c39b52e64014669b75557d935bad6c1897bf56f144be9be99e2f284f0609ae67620e966ee70481b782991b711885a40188e93dc072adc0bd3d3832a32706b8b0f12ae9a3ab85e4abd60a3398a0e7346c985a7aa9a8902b3a9a23e377dda7769d2d335977563741b5b74529404fbed4798278e6ba64bb342deea3b4bc7469fb3e12a97a0be60b4e3db5e449cfcf414de5aa9d4e953d31ebe91beb3f8c32e4b2733abbe7c1b466ffe9913e1c25078e4245872ea08b26ff2213c622aa72be9d426cef0c089b9a3cc0be4e5528f6a8fddc3ad6d853cac13648bc0fda1c9acbf2d3953af8b21d9a102d4683d452ad49591fb374f843dc05f02121885c137a1a0d0e6afc03f22e68737ef09d73b3ae3f106b5a81e4b1a447e636c16ab9402c639e8249e0d2d03dd07c2785693a65fd11574f688df823632de27340514da41474719a408d4608e27b3a40937a2ca7ca8fea87fcd2c762ab64f7cc98a5c9962c71e4fde790ab862a9c8b4234ca1ed4e5818814555b3df576ec367e81dbf5fb523bd7fb5a73eebbc6d2428ec529b2566ab8ec440b1e6fbed306b031f084647efdc89524922537f465a65e6f350fd8d6e3e06bb0f9313b086d5bc03f750d6a24e91d37ce5acbc1db5a9cfe2cb2c6688f4848b806fa7bea7cdfd09aae21679b32f119b68cd2a7380362bd1ac640a36e4dfa40a7f53dc236743eac0fe3b7317f2fa0bbcd4cb5c61aa857045b9d924f94178f2616fbfd64ce5b4672346bac8ec78a966a3eeae468b7fd0fcc9d85f02599b5f64fe9946f439719b4b0780ec99ab963b472ba0266e72cd54388ee50274c", 0x1000}, {&(0x7f0000001340)="f29f45de3b8aa06e90214621d9380daf916fc34a9724aea3c0cb9242ee225cf2d9ddfd95a7e69dcbe93775e063f36ddaef2fef7764f1abdd7a6dee001bf76613d7e0d98444b0ae2e7493ffcbfe5c567d71719c363608126958ea5b08fab8fd1ee5fd02bdeca0e09df5d29809", 0x6c}, {&(0x7f00000013c0)="b38a5608de2d8bb35fa59d75f6ba37ab74a8f1b151d2b17b4015d02b1b557a2504b144f618a4f5f663ea1ed76406b06a0132669c366ff6cd4194a903e12be3fb80dff31b30f8a9f728a5acf875f54e", 0x4f}, {&(0x7f00000001c0)="fe12d4e467a5ce57266f64b4fa06d52d6983eb0a6d6af68332f2ba01b6be33934779c1bdbb81be46145995ca4233", 0x2e}], 0x4, &(0x7f0000001440)=[@ip_ttl={{0x14, 0x0, 0x2, 0x100}}, @ip_ttl={{0x14, 0x0, 0x2, 0xf0}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_retopts={{0x70, 0x0, 0x7, {[@lsrr={0x83, 0xb, 0x7b, [@rand_addr=0x64010100, @private=0xa010101]}, @end, @noop, @ra={0x94, 0x4}, @lsrr={0x83, 0x23, 0xe6, [@loopback, @dev={0xac, 0x14, 0x14, 0xc}, @initdev={0xac, 0x1e, 0x1, 0x0}, @dev={0xac, 0x14, 0x14, 0x1e}, @private=0xa010102, @loopback, @private=0xa010101, @loopback]}, @timestamp_prespec={0x44, 0x2c, 0x5b, 0x3, 0xd, [{@loopback}, {@loopback, 0x401}, {@private=0xa010102, 0x4}, {@multicast1, 0x1ff}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8d8c}]}]}}}, @ip_retopts={{0x48, 0x0, 0x7, {[@cipso={0x86, 0x13, 0x3, [{0x7, 0xd, "0e5cc884ae339757f9c16e"}]}, @timestamp_prespec={0x44, 0x4, 0xbc, 0x3, 0x3}, @ssrr={0x89, 0xf, 0xcf, [@multicast2, @remote, @remote]}, @timestamp_prespec={0x44, 0x4, 0xe1, 0x3, 0x3}, @lsrr={0x83, 0xb, 0x6c, [@local, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @rand_addr=0x64010102}}}, @ip_tos_u8={{0x11}}], 0x138}}, {{&(0x7f0000001580)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000002680)=[{&(0x7f00000015c0)="f90d79c14c79b9c91d6e4f94b853ccc1beae2d936d3047071f7f6f8bb441d5f53b67df8a284daae0972fd97119fcd8ad2af0d0c23c2ef257282fcc11c85bb81e18ef015be154af63164b8ab3082981679854c6fbd28f8e532f7e79cbfe5948c16bd464cc6ea8c44ef2822e15a4f3d7d71a0e104eb32ec3836f3fb7477a115f152565edb2cc55", 0x86}, {&(0x7f0000001680)="45c1a2b1e5ea1479f6ca85d8294d264a236de21c525a4bbff5d3e64050eaf37ce133316dcaaed913fd1b15bffcef3b18063f51ac35067a1548efeea0bf864e639fecaf8c7cf72b7d1565ba80b25c4e87c34d87157a761cbbc76f610d892f5757ffd39353f0eb51b0e70d955a02e9a01004d2a23d80faf68a2103d6f9a6ad6f3bdabaaf0d917c977b02c624a464343803cf3170a2a856e470691184f5f5bb31cf98cef093105e47436783bdade74e96e6dff60995cbd801535245eae5bdc22221afd28d14fbf64b86b086220cc78311fc8275d79a5dc00a4222209f4f3e5d47891ead1076869f35c2b7f9c4c3545f8482f0c4538581a4a2914df4c0747a25965498c135538f2d4a4d42ebadd08440631e0addd43052a082563388850ad44e137d983eeefa5a31931d0b1e57cf3a8c9a8ec2f364e42b91ae1e5e28bae9cce023e9ca73cea483200147f142c9480acce41e6d328188f2a4993148c173a057778ed48be548966eedd34718213342fc47f6894164fea9b4ef5ef40d0c8a08f5b46c62a1a8f0c4b9c7641fc36fc68866bae0b0904ad4765278878bc2acd3bc3cd81685101200d284023ff657e6adacc3cac80dc7746d9449d1d5a2657219eba1adc29962de6e16edbd7876d84613c8b2ac4cfd45beb192f182ef59ff72d39bc590a07f4b162d2b661e7eb870b58ed097457dc6f9aa62524c7bdb9da24121116d35f6b45b62dd505e2ecf92610f30ef66d24dc520a989910bad463a4f9dcc0180e856afa9bde6fdb1ba38d71d2f5b1498277e91f7643c48431b9c6781d88dff93887f1dbcd79858bb03abbd2faddce9ac505063a112eddf0398456734a30e1e608e9629e00fe46773061e8ffcce9a9ded7dc1b1416e019bf0b9acc91afe61832cf0c4d8bc73d1c8578e035b0f22cb87f831cc73a2f25526cb33dcac0eb10f860eb51d7f9d3fd7516d7ef59cf07d2c86198b60d9d298277b48a0be0666b8f337dc1a21c7e05bc75e809a82bdaffacc1cd442bec66b051cee10e4489a7aaf40b97621e826b8f4cc420f89fef220241738cffe946fb1bcb9d6814a8fe8caf5ab848bc8141594e93d72b093bf42215fef095f041bd5aa65f7a9295f8122d84bf5eeb289f3fd98aebe85875734f6c171aa948491e5d924805743bebcfc5af7bd7f9972e0b09c3f07dac2e778de5360459be15f180b70e1105d19fd5d94f9b2ef22570e42a4e825d7657c0c4ee58852e174935fc3aca007b43f3607f55d521881d86feb00fb5aef2f685bcc83d7b8e772ce9c10c67e87cb2157fc5905ac6284ca0b98681b1a97e67096d846cd7bcdeed7fa1a52f3d38ab11ec8c9f606af3e5e641d84fda75febbe1b2e96691be7d72899faef7fd3a3632bdf047c4ede8f8fca3a03c1d041a45f6f5ccad5b574030b094138a77456d178718c6a1fbb9614c09ef3e15310e684a582b18e3dd8c141e6ce78a16e4e54d6dc89027e8744863524b53a4a90b7219d7eb3197be566a2d65a68eb14a79bfe8639bb4a40b00877b13469940d6f24251131f052abbe613d756d10858d16deefa6a947a159273dc31680958257091655cd66d2bf60bb48ccf0f508e3df892a5c08c592ae68712a538934251fe3f47cb673555eedb2f1f140cc7b82749671966991f2bf2c78ab7768ea59917572622590e33a5f637913ff05c3db0f61b3b8e8b87fbba9d4509a708c34af70fdf65ba9e81cb39a95863bd01496ab0cf9020a01be58a059c0b71e4f16e402d6891d26df44ab60d6fda75b0a513a9eb295c2fcf29cb44752c5829509912112bd19c7475c92d56fb748ded89db133053dcb79fadf70bf563daa2dd7de97c8a79fc1af7e88701cb6385160fe22c644e51e81571fd275e80883cf078ccaaf3c510aa8a58ac883253e2d878c4f390769d15980cddc6eb995c2eda9282d08f1253f62bc0919dff3043a9384140abafc0637e0848cb70d322b78ccc969891bcaeec840fdd291121d59a1745134efc85e494aa5cfb36785618f97d6b63170aeee9bc438010d08514706d1f99aee602456bc4b9f2c56d17a3000c54bbc7c767093fe75cb32b8c1fa8da1a4930f515de955148691e591561f55892468dacc8e302e66af2de468ed0afc1948d0c21c83a226cfcc74a4262eed5ecb76822ef90161b6b3bf69be2e2a180d339ab8e99dc962855e0feab8341a3a2f1d878e7f12d4de4cef926a5b4f76a13e5c7e726b4096f2c66ef04199b12f512cd447953ccdafddb1560e202243276177d458644da5bc01ceba4692425019e09afb97cb98a648e64ec808c43ad4dec3f25e17737ce701ee49d7f3b8042a586db6d08d3c110c5891f021bb722a1543d8abb0de9148afcf2bf12456b454a56d90995714ebb4013d677993b3dfb23fd78c969280e9817493ad235bab49c518ecf7f7f14d7253c12c233ad651cef6366d264797d285ac78c44361880758aabbe21e03533453fb807bb0728a3aa674d90d0c92abe8121accbecefda9e823c355ff569cefd874486e94ec8d7f6041e6064bbed1992adafc41f9062492c3201c7717e397c9dd6f08840e569634cf0de013dd0257e3b71d14bbe2e874f8fb8b6c655135fadfb63e298a90add7c8447a5ec09173fc8dab443d98d800185009a4e21e35c415be271de7e3af4e22e078605a89acabb609b3dfa97044f91a5305d33e35b34f82499bc2a153c598b6f176b56782b3c9896c08df9d102e1fd5d5403cc94ae8b9c1b434ae98d4797e68422fff5ade6df1b6d8849c77043b45d04bec33ac8fae912158802a12af7d84d362bd6853dff8e0fb3285d2875d7b292971b6d65bad439f51c0639cee35938e312ac9052a3ccd0077a4c78687eb49dafabc2f0959db5f6f9c29819f438a7aac69c1e1ea31cca7465d6de97263a992eaa8d81e8c98b8817bbf97e4e75673b18c049a5df5d9de72a5853b5cecc0666d646a1dc5b49e3733338c7b4b91eaa2eb114f2325e0f35a6f4e4f43b0785bad2cb77ca43ce8a08daef03e730fd93e3efa8fb4d7b9c8d30d3642f8b07611bbb04634ad32ca309574c3dcc83d9733f27e4f90e8acbe6123b5d7f2ab01bc060338458b07a732106796d3e09dd10245ad4ceedf76e3f6627ff1ac5f8d1919825455d64739afd5714f73bf07ed4da31d43c0ea890dd90f26078a52a0ef39ccfc11139dc75cc61ac292ac4daeb0896f97dee0ef6c4ae5e3e1ec9e86ee503051ac4cbe6184b388df1daa98cc67578c8f7c88c552c36dad9ce2493168f6011c130313d7389d07150ba7031dc39e38aae03c338fcccdc1faa715c305dfc812921c905f1bb613150cf207b1bcfc75f9ba8e586d3b16e0eea4c3398eab43c5df758e655da870e9ba3846e836f2b10b3d27b8f9e6ef9ab937dce623efeb4c7f89694d0c1a37451f2178f8d53feaf1cd0cd51f7f95c906dd697c3fab4472771bbf805babeed466c388e4372bc674ebd2d16140e69194e51d534b2191d0f80ad06d48163fde854d062f7f88d980b5b5c11eb537006604a3f828b20f2ffbfc1f7510a02d4d8e87b904dd13ac4e5cbbd9d5ea8afc6e4fd6ac54b8d27c82444675d71bb9680ca70cffc4428a22ad2cd45748a385dfea80c63dcac7e28739fc1789823fdc290780c30a230e59e14872f7c28a4f814626b2905b0b00c57d5f86fbfebfd1bd7d679aafb9f63f78d002c306a53088762e0bc6f3aae73ddf111d437fbd731ac1401643b616119d1eae1d15ee1adfef6014d2f0d854daab9b2278b4dd390e79269a1ba279d9429256697edb70660b166e51a47fccc44ab97e6ed2b3b190760868c1dfe5032e71fa2e31dde277a604960b11454edae6b6e7aec42a8536c23a1582da9b93be4b61c19034c11e7fe949437d22557ed91402dee8475be6b6f8ad7295c6f2b1ac38512af2e2a4a4bfd8e8b3a7d41fcbdd18a1b19c74d00433ad85d6a791ffa69562b3fceae3e319182612a81dfe155995ec76a838eca19ed934e561bc07333f570d77799d54d7adbb1f76d0e3fa6cc76b4d18fc1e80e9d3c498b1c31c7e58395057b7d21b87100bd4a9af4840555b47891b03db235abda14af5f561da227bc928775e701dfdbbb510e61500aa3dc8dc967a83be3901f84e7de41cfc026427a929755cefb7432696787c71b85963ceab6f479b3d396b2c84ba39799d33ffb1bf35dfda56ac86208fb026893196c02e1bfce31c16be68c088253c857924716feebfc4a0ee2e96fa1d36420062ce7bc18b2d78823da7b423ac6afe72b291893c8dc3f8367bd6be8645d783048291155cbbb889a2cd699d27171bda97680e53c3f432a1a085e8c73a44f0057ee6168d22938bb2b6ff1d7cb4dc23e8945bbf5ddd9ba69c1bf630116c57539a529b98bc6d38e34f352988cd4fd3cc312f17fd3189f481702b2ba96ddca4ac9a833cbf8acd2fe6a5108a4f9ecb5680abc568b14dfc68474e5d8efed08791f992987a41c4a34107f23f41f856f9d33f9326f229b1be8ce6b988dda08173f01107339e422816b8053576216c16ca2194374d2f36c0fd7d646686130d3b2f3329ebc2f0cc3ec5a46a1d1dba68caca9f4c24404a71ad04e5310e803bc5db7eaea3052be68df7624743996f3c11a64bd85644bb26fcea1e3b64700ad9a7269094137615e004350908520eb2b5eaa97238d64e8b6c4471fb5fea2a84d1ff47809fbd1f71a37a54a29edae8884f4a134c70072a1b01c1b221e1dfec744733de9a33c56c2c127d14dcb6b0a87a043e8bf8224f010ce8628b6d1970347a280b2d710fabb4e4d7ec1cfc660c2321c79f7972105131702acdbf3062919aa1fb6d33b8e47d9354e267c7a69254bdf6967a9f6f60c5dff354827504fa4f7e6bdc95cf03b5f2b56309ec967929d9ffb5a75e89543888c3cb4f1c9b626710bc0891a97c229ecb43808e84910887996841aa6dcadd79291f4d9c134808ee1cc88d3ab72380db856224ea883a899a5fb5cdb93cbd2afb92c0012e4ab5a08cbd9f88267f373cc454c8fd1489ca958d8200ad4445d3ab4bcd8d1449e0b5f43ee82c645f3b0a38225e5f7f222d728cf74207404239bfd0a5dc43989614ea4361627ad7b7e5453082b2078de97c823d4f59622a1cfb578b0531381fbd9cbaa2a0afe62450c3c4d1cfa654849efdbe4726a31202e4c533448ce9431df32baf102f08ada9098edabe6215d01886b7f052bc154899be772110dccc12ef134045624c2e70b427a7e7f7c3fa187a8c11f0ade74a85a7f4a9e5a3d0e622cd603b768afb9a052a5f143a2d01d20cff8bdae9ca490c2047583075d3a24990ac31db81fa50d6f7f63f7bf45cd60bc29a8e61b6890fe05b098591b0f7bf6eac544d9c46c67053e8936d3bb0ad3b03c65e4357616da5c134c1f43d4959d1fba2f833d58748faf30913bb807406d437907ee087a65a5f5c06e7cc2a06a985469faaf1cf3157be06c342061eb76e73aa0729268d763186fad1b7e85d311d86c76e2e89d39bbda2bf643bd1438ceb9f7c471924f2a5c3f4ae629b0efa35fda81e32c1c810f81d315027e3022b46d202ac5ae69748cd4eea1791fcf31cdb4bc58c30d1da38d8d231a9898fcd9d1254d548f9246d281cfb12f5a975f2b3a00a47c40701dc177f0a1e1cc4adb3221bf44f84cbf9b97c37dd971ebccccad8864b7e334236cd4a0a4c5ce3ad1bb58be85950369d7314f981144f0ecc8d71dfea5422b5ff171c0465b1d88d4c389f559465e975d1b641e41670a06f098ff1f690e836fece167bdfbac87e62cac56a715fe825157c307cc5de0fe16335b381865ded30f4842c912890", 0x1000}], 0x2, &(0x7f00000026c0)=[@ip_retopts={{0xcc, 0x0, 0x7, {[@timestamp={0x44, 0x24, 0xd2, 0x0, 0x8, [0x100, 0x8, 0x1000, 0x4, 0x1, 0x1ff, 0x1ff, 0x2]}, @generic={0x44, 0xa, "ac2113c2d7183258"}, @rr={0x7, 0x7, 0x8d, [@private=0xa010101]}, @end, @generic={0x89, 0x11, "48e2384d5dfecc19194e5d76272b93"}, @timestamp_addr={0x44, 0x54, 0x9f, 0x1, 0x9, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0x8}, {@multicast1, 0xfff}, {@local, 0x1}, {@dev={0xac, 0x14, 0x14, 0x1f}, 0x95}, {@dev={0xac, 0x14, 0x14, 0x1b}, 0x7}, {@local, 0x80}, {@remote, 0x7}, {@multicast1, 0x7ff}, {@broadcast, 0x80000001}, {@local, 0x1}]}, @rr={0x7, 0x1f, 0x3b, [@local, @private=0xa010102, @private=0xa010102, @multicast1, @local, @rand_addr=0x64010100, @rand_addr=0x64010101]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @multicast1, @broadcast}}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_ttl={{0x14, 0x0, 0x2, 0x1}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x5}}], 0x180}}, {{&(0x7f0000002840)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000003dc0)=[{&(0x7f0000002880)="631c4ab5282af4acc30e49aa70189f344740b208e0ecddc1b89ffbb28f2420925bf6237b9788d5306f96b66e6b7d71b31128821cd7a61455d3246cfaa3ede91b18e790cfa5e91710c894cd278ca966eabf6a0d9328f46db32d8ee25c11b6f7b890f6d41421d5b9b8695438793907f2b7777e7641bae235ef5c7591202602c690ce70eb344a09a52b710d208892d9cf556ec4ec34b4a7d5631e72573c", 0x9c}, {&(0x7f0000002940)="16cf69c00be763fd7848e91706fcae29940530c77264412a77a3c5fd78cba4fbb106e682ba5faede399537cf28d6a78e130e3db266cb5519ca05e9f809ab18f3f88a2dc20bd0c467b4d2df21917e9d3eeb9338292ef8374818a88386de0fcf489dc7368ee951e894689e806d45c3bd374f7dc752fd36af87e1dcb793763b99a833ab6f2af4a6d196bff0a00a85e6bb7dec49d0caa0fa5bd18932a442ede246ab74a337ab7a53f7", 0xa7}, {&(0x7f0000002a80)="22e9efb2f756125bba543a4f4ad7efc9f4245e2067914a97e07dd06a4026c60f352d374b4b54e819c8873e32e4d0a567af992974bb922167dc6dbf23f33093ed298fab6e8478eebc624491c06e32bdb27f76d749b9a48b0167dee66d6b2c4514babbfd3ba7034dc40089697fcecaa555da8bd62b653b907a4af78dcd08d813d7f112c7668941c313ab63ee4d3649a360f85d80dc30035c56ceffa69c242cc71940188431b8c941f4e86203ed55bdcb00de215383360c50f639d291d2245bdad3ea81dfcf74794b", 0xc7}, {&(0x7f0000002b80)="b1df322d969a54421b51c27c66345621c82dac92bbdace46a704834b48a97ea199c6f5b9000fccdcc4ac60ae460ce8d70a582acc5540f937327bb78f7e38c61e23b0d471acfbdc69e148f293ba2ea5707d6443f69afe139f9576c09bd88b49e85dbc4802df650ae7bd5b6cdeafdf3d431ec60815403b1d1e05a7e66ea44aeaf94565384903b85a243398579f90d54c32e97ad87ffa5180a70381afa463f50ffb06dada1f59d4f716ccb4336093439815ab3f388634f98e54c5dd1e1cb30ef18cb27002f83589681239c92d191033ffe0adf8f262bbb08080ef5aab8671204203", 0xe0}, {&(0x7f0000002c80)="884b3a707d2528d9cf99abb4f44a67ebcd05b518e41e02accb1280bdab36d3fd9bfea0d1634d84cb267f32f31f3f5fbe6bc2ce697d18c3dfd58ba3e7bdec1d467697a5d3d7f2bff87cd6766b89725e2daa8bdf315e5a61ea4b417e3516cf42a14374d9c6d84601c35456b5c7b0700b443d0f", 0x72}, {&(0x7f0000002a00)="2d9e8041118181a3a62cec25d2529189db2e1ff34748b53d8f2e5207f37f7090ce", 0x21}, {&(0x7f0000002d00)="2780a9dd3e79979147e57e0a004c525a12dbf5644c3ca6421126a249d62aee69fa4b2a87813452c748ef76dec76a12fa3b4473df664701a12e8e012e6218081c795ccad7488f0fddeee393b7c880703f848f7cb1afa5a096", 0x58}, {&(0x7f0000002d80)="1380bd421cd5727790a01c2bb0143a2657c9a9ff3787d9ff29", 0x19}, {&(0x7f0000002dc0)="b89d05f66eb9cc2c279399341e7318319123e041ee10833e3c455d774b783eab1173f0b299cad6c58e3a2b96e26d76a961cbba2bea5949c63c2c5aa28d5a114a0e90d8be5709ab883970bfd86e77c71bf9aa690184e1916e3a427b50c7e9f49e7b175f5aa6a7bb7a0ec6bc957990a239dbd7646f8573f01be67667a249d053bea800a198398e5f7a679dc5e94f0484e85217bf5c343d2e271f640f57b4366946edd2401cb085b8dbd193d9f9191420ae523ded8f8392c9bea898a0bba7ebc52aecc55c8f0b558805eb85852cd19baf49e0063976be8acef7b8fbb69fe99e50a450190c01985eaeef14896e89c117e8efa34f40824cacd75cd3f122a5610b789b250294e129d8794d622c96d405034b3ed48c941cc323ed2cbf6a2cafdf5dac9f658bb13407cc2ea0f14b37e92abb7b36e09bdc02ec62f8f0d5c1390b44da5fd865114c3b1b4404cf385d6f5d56dccc9a96480156e380e37a22e425b422d5639421aec34e1f878e5c80bb0027869ae6909d1ce9c3a82a72e1fa41b9dcd5d94e0efba941e1884853c6a7895d258f6717ca564dd3798bf887db50dd084f5bad312e7331481db796287a699d9a2627f7d8acbbc6981963b2490c32865a896a25595dbd7fa70fbc22120bcf2a194362d4d8eafd3e57e66a39747b4d333bc3bb00edb63c6077ca453763271e38a594de6236e1eb35971602e5b00902ef7fd3d5febd2a00caf18959779a41571e1ca926955d3fe4157873a993eb7389a6a0753b4c04ec6d638ec37fdb2c09a61c3504f76f6d898d491e68fd873c6d2581c8e899cf5b121c3fb5f083a9a514c54839c9ab600510ec9f38a304c4433b56115c98cd755785379b3e7010b0ad0a0ebb1944273a07f4b801f0b15ea2c5caa1dd324ba0c546f8038dcf828d7fef001c25d79c494b83b0dab6d52b3ad10e90f2012ceb7fa1b1265a2f0b2b833681c04c10b577c722c92bd9dd32cdff480463bde4ee610f1c9554c41a213fc11e2c58d2ef1bd41a0c5e353521ee2c83ac3df88236cd6314b59380eb9fd79075c9b3db18131d8ac840e840cefbbcab07745e828c2e905acb47a823b32c52489cbbc1829cdbe998e8f6ac1067ed59741b233543d9f7d9c495ebc04a0540a483c83199d6f90fd37111ea96e5f3a7da4d4d4dd3e4055cbb1ea24713bea3994bb7c7ac7750f7940a8aff81beff615cc1029c5a067806e7ed9ad523fc2b128181617b7e12a668ede6619c18b42b12ccb80193fddc6c753b6af8a2d3d96d7f6a36f77e8d43b616d8c65c061bfc2693df90bbe5856fc5c255301b77a923e8c226f1f06f3fa047ed625e83c74c3b486f5b86eeac66b0a3a572c4d84d2ab7eada9c2c52548da4851ebd0b74fbf5ac3270adddc969330026998ccbf1ad681a59df76037674d672e582df5c5cca2c7feacdbf186289fca504b921627837fa6e5c72161973422feec8202654b751a3f363ea4c46b6fae5c7f309f76453bd41546a900efd16962e2e046df33b3b986dd6bd895d260fbd3cade60a34d38f72ffa1d2456a711f84b175f11dabf19980d829fff43bb04e9c78b579407667e089bdabbfc952e61b79379b5d972291132f3263e1418af52bf567f29c4d096321aea104218fa18f37ddbf078288aa3f6167105d67b69ed2337fbafa6838dec15f2c622e196648cf13648a9a340dfb1fdc7c7cb91088fac9f6b5b37bf75849fb2bf81ed273e3adcb969e5971bf5fbeb7eb12541f70ebca4e8bf4195845625108ac3a41eeafc03f2f6b4859341c4b7029143c3019f410b4a13d48836665e6afcbdcfd7c52da19d8eb9b980bbdf1146f982a9b0125483aa5e318bb4692abac0e8763d4e6f7b87e0b8b07d5263e9ae325cb7e601c76898c7e3b80c3d426b03b3a564ff12cedc25c60ee9cd97018c6f927bf9bcf5a3f6fce01167893e3340120ad05bce129fcdd2c46834c095dfa5154290f4fd635ce12ad23c7023eaf7a755470e626ffef7d6921e60dbd5d8f3eebab207b740b4487f7c86aeedd85b1a40cdf44c9e2a97bce000002559adff70af2fd4268c1e1eb618f76274a6c6e6b03a01cfa95f40078a8cb91095c4574c75ae4e43fab9744ac4ae43f9caf5f937bc6e6facab759bfecc29eda21c2cc1838d06e1e29ad0ec73668818f51fb15f1b71ef7727c8ca0bd5f18db1b01a5117ce8ca54c74532932939c4c135a0c7970249af6264d847e55553ebffe566f737a560cbb069b8838359801968655bd5f53ad54dd727ae1678e77b7555ff8ff5af5736b9a9909897207c7116ba8175c377987e75d1e85ca0f7953eb7b186e77558a782ab542774655660d48de62972fd7d32d1510448b97dcc912aa05e21aa395d306cb4e8698fac7f93d5ad06c648f5cbfa0b7548207fb0ed73ad17cc62398a738efaa3c1b7d0de4abbd27bc33bb050f21295714b686422f17e8caa2be25c42c4a30ac89ac3ad0ec4276359e955873552ac6663a7ed47605a3948ceda85cfd48d1e9bfe4f913a2c1f6a1d54793cad55418713a1084de089da70f54fceca5e655f9f8bec2bf29158081d766fa0d5e4f75ac5f8e0239dc2712bb2fbaca86f013666f173080e211bc45a3a74c3d7ca34f1ec51fda62e017164bec5482fd9a895c71e4f6ff2994850c352a8016f860aa1cd3d33bd9ca0585c74949dce4b30936c115b8355708a4080863bf8bb86f1566a00319f3a2e5863afd8393d588c0bf1b579d2a4716c35291338dde808b32ddc5c2afd32571def23bfdf9eab80980a67b4e4cf3c13d26f70df1a7f48b31ce5ce78b21d56c2fcc36fbd8dbf73b7b0a70abffd59500de7c57577b4f9274c9f584ea95f81731d801c0baad30db4a5cd7bd0634593e1ea520fc868bc6c9fc040964474ac5a3fc2a7de935a1dd59b391d547b9247353891059e4ab5a16ac6d285c5f615cad3cba32c082688865881c54201aa322a6c211fdcc462495ab5d8fce0ec441f60cae1b75a03d8d8758447fc129df98c000a24216cc458af802cf42dc9be2aa3aab8d66e676415d4f081b2c1dc8a87afb34a26fe1163e58aef9dce619080d05a0413a532b8d4638766db8fe3ba6c584ea1a5916beb9711e73232b956c0f267c7abb4a7f24893e43f8c20595e5db3bdd20c8233eb00ae88bae05b0fc13b197f2a2c7d4db1e4bacc11d6b0beff65a2cc43d05aa002172338d514ed94009dda19073c302aa2112f7ff2444523c8aac00288068fee2706e9acb82967e361ab93c4c62f409e5733728e78553019b68ca2d0cee73a54e2835fae72a4d8a816fc5905cb8559caa9dd6e026da71ff671fe672239d96ede933eefb6344dadbcdbaf9889e084d6d285c6c90cc3a393fda6d766bb19ad7e65df06eb3e05f7dfa19b754f4a4ecd881dc529b9a5e18af12244fc941d8f034a43c29a5af66edd0ef82261b26f7f0a78420622af2656b5a1997a09ff8206c0f587ae40d9ef28e2a04f52bb85a0493af3a33799ed0976a5f77ae93068882ee5fa249a8b91e4a7923521c8e468558b0f3f3fcf8b580afc4f7d2a5af1ce869086afd2be3b253b524cce6b45f1bc0ccc757094cf5a7bd3100e5146210b8f8f93d9e1a296d73a43b8d02d4ed7f6871c2d8638e70b1729a98c56d5e87b6b1248a9956b5371c6a452a9f89ee3369b5b1b82ec3efd50a5f31c3c32188f58be06180324d666b16f52e5b766cf6c95c94d1081ba4d8b5eb049998a42015289567ffcce7365c125948f32c93043533e3d1bda6773ec410dbd9a465bda9218bfeff0e29183061a2363746f464b50c3a80af3aae863ceee6fcbc0e27cc75fd33a230ce499eb2c971ecb85f9810b8d9d7a664d1ee2d1a2ace1b219b264ac299d62f0b411a1545e1410fcf19d89a29a2544a85a0b32e6bb688bffa166d42944f6fe536c1808d5353e513371e3f99a1ddfbadbc2298aa42be18b929eada12edcb226b1490aae7206db80676c620543c8a7061472563b4780d3ea2abb7ad0d9298cac8bb45929afba24e7b99fe389e865962495ea3d7426e31c382b93b5285ab69d48d9689fecdc8d401574dec8302ac6192d32d70d55344f7978e1ef452afd8a981756cbd51711a87591475d02c3f12563fe1d1b452b0e12bcf598230787f94af9e0e10deac2a2c8cec56d6c0deb3483a91418f5bc68eb4eb0f79166e2176642c1c20f2c2c835641612c5f82f5302a833a83d3acec6970beb15ee7d7499c14093474e02167cc603682b3cdf01eaa444dc413b23a02df2971243ec9a1d3277ac5de22d8c5ea0e7d2a7e02e5f50f43e2216658b0c3eb2280173c60015ac8989a3498e8b95dc8ea7f2bda226582c68f417e2e6dab519244a2163d756d70e208fdbdb2d86f9ca13c366b1b5f7c0e630c05fbf27114e03f6968ef8ab040c39c330712c088f21b7bc323f9a1585d66e602f7c5fc8e04e635145c715c9b9047efd78270e724bcc26be637d6e650b225a816574b628e9e73f95b50f8b48dbbf0e95898daa1ce1165c4db966183839aeaccff26dd81953bfc90d600a01874b88aa93f03c3db671b31f9e13f52001f49761d49e7d3d88a0f20aee7d1e2a01276f90c37327d0d9003cf7b5fce32e346ed1aa079e067487190bb89dab8a243404e134cf93c5c0db40495cc86e5439488b238e81f773e6de81582ad4edc6b9a4ac3c872d7a2b65c8a64955cd74e183607e5fadbd32638aefe36d83f998c2c0c8c3c17e773b8dfe11e22bdf3e6a3b62639660af985a223015a327acf87f89ff71a00e2e38c50fbf946dd2ce8149fa741bd2223bd3650e6cc9c4b1ca61fef058434f70b0814deaaecadd70f95a81a37f2c307f34d329f2a77fb9713feb2670ac1110c2df5813fe4f7ed43f79ca91675e06d2d9e7ad1be2ffe36b94ed9eabeb39aaf164f1326b6c3255bfddae96d6440b58d5280bbd3051cf10e3f29872d31b8cae10f8ea11bd37fea2e56e538bf8f4773e86f78bcfe5d957b2aac49fa89728b277b69f5a19ac4d948297f7a7d2ba28767b0ad5bfe807ce67125a9c0feb8d4953a25ee94504e6139007d15410604903e98f9ccb8f99c5add3a303750fecd9500771edf2e97f0dd5aad8e209da5a0d00edfd97c5ac12bc17df29459249c1c58c7f5f0da3a31734a8145da201d894cb276a2dc101026c6aeb653aa09c94f692cdb074218eabc576be9cf86f91307254ac927e9b6be9b49930d1798ff6a5337be57ac5f33eafc4bef5202e6983950341e83693d1f7039fb7c32550cce82600598a0252131c9d282e47fb8f1523512fde35f0bf816fc520aecb2522a4133ef45dfc0dc46d542573d44ed41aed1aa10be0417087d07b7a4f966360e89a1504089b844d42ed858d155d8fe648c8f702491ebf60fc16635f5c877466e84260f517dccbbfc1f3b569a0244584d8d57a2a13d0bd4b5849c0cde37223ac40f9ec329d8e630500ef3d8ef2b1a686e3dffb2b0cdff794665387fa8775725cb3e49a9775d42144f2dedc954fe88ce31f62a26ab8260ed4fa729c259a9b1b86a5b5dcd6c66b84cc065a582e7c97d0b40b73f66a09e8162e2ed3cf4bde29019e7055f39ad9352575563019e315429742c3955f351f6eee591136a2d6f9e6ef1ac356167c048d3159d6a1f03fd8af775793239b69600acd95e4744ee002369b01b030df8540102689302031e1130b4d8602a39d7db097dd184e43a2274f767bbe9d9c1d05c78c9c52815aafd38e4dd5e2451803df957fe98b101cd532a9084d7351ddb695ae24485a62611795cab8c9ca16c5e0f7db6be81484f9ff62a9f1f35678cb6ded0d2f5d5b6c5123d27b1b60c681bf4d7", 0x1000}], 0x9}}, {{0x0, 0x0, &(0x7f0000003f80)=[{&(0x7f0000003e80)="afd64dc195921a86fa3c225927f5af5ada196d50a04e4ab9c7d519e5a9c5fc88ec4ad0e4f9f4dab628df80189a123e3c7911bbe3b2357f9c64d1fca550468c1e9e1f42a6b73b77083e34369ef980c11bd3e49a3d3da808a204d97ea23131d2bec3caf2d11b08855ef10faabee3d56b4e9ba0b920b4cccc52eab372bf76f1ae7a45c9ab404a1f83", 0x87}, {&(0x7f0000003f40)="c2dbb31b763201466b0c38371517151e9fcb29524ac19e68a43ecc7160958d", 0x1f}], 0x2, &(0x7f0000003fc0)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x9}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x38}}, {{&(0x7f0000004000)={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10, &(0x7f00000042c0)=[{&(0x7f0000004040)="88fc672df968863a75e003ae482482f967661b9a5bec06477d6d39d3efcdfe6e2ae6693e8605545e66e4576ad99404074a9474bf1484cd5224bfa160083e30f0392bc385301ab9bcc87cfa2362667c2cf977d22081ce4b9e7ed7651935faf34c2d7ead0109448060cd975a9c8a5a4eeb92296603b8e4162c6d04c36d3fab8c812db89a90d3770845d8456c8c812111d330e84f99ea65fa387bcd9a545f4d57395d5569ac626dabcb27", 0xa9}, {&(0x7f0000004100)="3c73a76037ff", 0x6}, {&(0x7f0000004140)="3b1b7f5e2a129486d2e0a759497df10a5b4d1b0fc8b5875564215c8d98d962a77ca93b9d33f5f9b2ecda83ce2b824d77afa8a86cf0a2aa9039c280bbbbad32a96fc019826af2682df126b8efbb77474c3dfbffe8b7d87fe8c0203455dccc0e36b2083f386394d68800c7a196a2b08855a6c32b915e81b244d124e1b5ec613136958dd963a6439ef9c7", 0x89}, {&(0x7f0000004200)="2b86a5483e574b01ae42c06b3d9f9b46fc54e4273f3ca720072c782ef34d11f0d6050a74493e877add0190854b728b0175f6cbe7f7a5c5781d9ab3935dd6848b2c23197e140d335744522ff223e407fefb4b296039b8aa72ba6dd12646bb9363c42cdac0918263d7f3a56ebdbe00c9393f024d92dc9224d95cf4ee90d08d535a7167ddd1e601bd33e820053c58988ef9e60a868b4b3129f869f219", 0x9b}], 0x4, &(0x7f0000004300)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @remote, @loopback}}}, @ip_retopts={{0x3c, 0x0, 0x7, {[@rr={0x7, 0x17, 0x6d, [@broadcast, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback, @multicast2]}, @end, @lsrr={0x83, 0x13, 0xbe, [@broadcast, @multicast1, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty]}]}}}, @ip_tos_int={{0x14}}], 0x90}}, {{&(0x7f00000043c0)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000004700)=[{&(0x7f0000004400)="0977cb2b888f3c7f4d71bd2f55", 0xd}, {&(0x7f0000004440)="ead84654039afccc48afd4613844b3", 0xf}, {&(0x7f0000004480)="26d7ecb9d1874be62798ae294e4cad79b18723b6759cb1edb5780b7061f67b90bbf5b4b0f15d83ba9c716ab37cd03c560baad08773489764201900ec379d4b6631f3f8a45b6e23131d33c1807b431af581266dddcf37a273b50a36e5ada80b2f013b3c0cdb68b00b2d48e6400c91123d5fbc34", 0x73}, {&(0x7f0000004500)="dfbc1f7dc0741fc1e8126ec1f75560b0c9dac5469376ddfe9490096e65f5743b78afda56523f0ffd7abfb5b8d74d60b6cd35e7cba7379024ec47486e4003ae93c6f017b2e34c4c00", 0x48}, {&(0x7f0000004580)="c379e19e23248712aff578b86cdb105304acd3dcdf138829b915891494efab37a95c7e4698680b3f7532a299b7b5b2e3bccd32207641ce2d78dd87f7e4cf045ab0466cc7eef2019e8fd88091f14c7a5cdeb06ca292a8803b0464bc5f0055edb2151bf93e75635383572893c508baa7221a7667f5c382656f89d39ce9125e16bab2ed6f803bb467ff4ba0a53476f49667e035b90f980dbe5a1988a5a7ba80c1168953e50c", 0xa4}, {&(0x7f0000004640)="638b10405af7e693aade3ccc9227db3b0ca23eb1280337d8b67c57e88bdc1e63474ca0d9f333cf1c6ab21426478394d1d8c091bcd717b63f03c4db361bbbf70c129e832cffa080dd96a95d460b1fb6976e26cef5c96db71121a4622e947f201a4b8819c01e32014ab18ce37f1ef6bbb380f8ba7c04039d0508bcf7c53ab789828bcfdeae099bcfd9e830aac4f54222de49caa3e9e316d83926e02eed51b157f43bba3ba2f8f72a676ba7c896b0a7a65979253dea", 0xb4}], 0x6, &(0x7f0000004780)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x8}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @multicast2, @private=0xa010101}}}], 0x38}}, {{0x0, 0x0, &(0x7f00000059c0)=[{&(0x7f00000047c0)="7f85d2aaaab3e643343f94c4d748abd4eaa46abd4cea3bc9ea89c9389054f6afe91b6e549a07415b7f34570842d6f255343248393fc882bdb13a2c6ffb7236d587a2895e8f2e2a15e178ad7656bb81655943828703cb3023403f7d4738d8763f9a010f62566f946a96b20499410d00f10d376570a1ab6ebe2fad17488431d40ad08118d3b639afbc2ae4df5567da87dbab16cd559de277733b40980bfd398206456f0ca8e14330e7d080fa146f987a9993a7736db26c01b36763d9dd0eeeac845b8591c07e0b7bc37709aaf101330e", 0xcf}, {&(0x7f00000048c0)="a867e3dd8118a26ea71f0787a28575ce2ae58966b9d42eb9096f9ef556eb96898d1c7b400c71565782d1ec8611f27ad274afb6f061efd22523357c14e7568163419fddcb2a271162b8724bce2d7ad84455b02914d82eca8918a2b82245422945fa1fc03c99e9dcbb39bbc5a2d64742e74864337e3ee61134915502c17af07caabd00c584f1ac7a5001811340cde07b13f670f68406e58b408b1ded6d4e6bd602e1451c6608a229f0cb8c3fe9c881b223c0b856ad6ef37293382789de28ba9d7b60559f48608af836871d0690debfb36193243d29be96d6838d38e4f16d5223af2220cf29c7c5b9a9418bd146af31d8976b4ea3ce28f9c079025c090d8e2c61f12eef06892a315ae63078e6caa0c5e17fc50b96775da232edf7c1e025baa3cf265a0e64a75d7488afb1c3eba3f8f4f09e4685e2b5f895f3e126617ff522e1cc63031e74ac3283cd1bf0c61e602ac090a743708d2f7c811c4d1df41444c557e243ec1e46d9bc7f8744af558cc7a87bcb9aed5e4b1e0ac8b3981daa38c8717112961ff12cba452494140e0b85a390fa764f5468b4acc726ec0f14d8cabe14b885e5d1435a314df06e54791c71e31c378645567b4c5dc287d781f80e62313efdb3fb5c0081d86a1f2e9f023499c0b3b05d26d9ef83ca5e4102a5adddd888f5380235e897ef6d4cffd653cbc6115a3008533312798f63945d77bd428399d237bc693e070dfa118c57a6d7c2868edd175fae7ac5e528b5455415393b98536da64cdcafd563ed0deb98e2caf8f4fb632c0013dbcf3c52958f2ef582c3205b663d8c9c630bf8f2e46960f9cdbe344f2b797d665e23812aef6faa8d780df1f92d3088e0380f274e0e471ff0c46d247cb7c93b260d28758400aeeb3890b34d4be2b23e0458b7689f5890611f366a0a314abaec448746d6e18da9174ab84a8a1f6dfa115db7ee3233ded3d988a48160a6f739edfdda96fa57325f187a87f6313eb626467d806417b8e6479e42103dbeb0397981e4fb608f7fbfbf7c54bff405f514b1305a1a269f737476d8910327c01ea668714bf9a5df1bf553d8406171b8335fc5070a35782edf9806be4d434a816c6253eadf2af75dba6805feeadefe4c65b798b5da0ed0642d893f3e8b9c574229312d59ad6fd3128daba4c11b7003dde669b550af35fc9e66195a48d7370e94670a98152308b2aec61add29dafc29c842dd58db6f954d290b5421c990bef1f3bc9af21208a643a59fabb0790ce7854d4a375b9962801b8d1ce275369aea539ff144d7a2dd4ade991e98ed84424697e900532b864f47a5ba82141177333b7e69ea4a2d8ab9a0287b61b060f027a69996a46c4e1b30e9f9ddd413b2e75c29dd83f9e731f1e16adfb035c2aefb3760bb758622ab8c1804ec8d4ac4e4539062cb79a9850e2780af83da4b3b9b62e8a6dbf17f335eed571d3c001169e6c12cb97de29c50974c4c60b1c58ca21fdd3f4652adb3ab5f06e53c2a78362588339eed13980c1968f5dbb4fd532e8bca42e3397a30cb1f6a308f9606c380daab7a15e636143716710983c1ae8b02fa77d20619baa7669ec701532a15acc0527283019c83b8a55a3d0656347a76de51a93603cc57456163e6cec1dd0930b28a44934405dc81b177376e7531bd6e22ac106ab95d0baf062ed07306e842d17e88f9e751017be7157ad192e573c9d0aaf1be9ff0402d78961ad30ec3c8c8768aa8cf50b494ca154e6ea77428595e7ddd83ffea7710762865ac25364a98d37f08c623ce31a16becc0410ef0135edace1bf3db2f0cdbecebe7a3976cdf6ee2b7b91f142407690782e8b8205cc8ed1794327181604823ebbc98c29714cdb17869abd34162ed7c0403e72c2d440145cca937f5a1ddf292f308adbd4ac210025371c8a5645c450bf999d63390b629357622b9d3b2ebdc869f6a73fd1e7b3efbf08e2408b8c516509b260ab988a62b4a88cf15c5515d6200e9e86f3e0f17142699a8ff1e8f35d35b0f80768ebd943e95f097dc574c5f0347e2c2ea66c7e6a471d023887df4e7a2c7f272ba9e44f47bb99709eb5cb1d3e37bc9bdc56e554027329cd524cbbb4f5de134ea13892cdbb5076d67223a22dc383ae2154ca90809f544e67b5f52b999d5cbaf686c3d4f02802832f118f64a6615c98b6b3febc85e38b9195ce22c6b0f6a8a44d735152e510d07ea43671a0f3ccaa100abef37d45046c1caeba8e558de8925a6e4a3cab4787fad62ae2c5ace78c3a8f28b2592b84549eed2166e1c49323fbe0c9c8ebce4ca7294dd9fac63084c0221fd79cc3521e8d36635878b9f95dea55a693cba0b4a6adcf0c07c3143e5f70b68fd4ed26ac06ee256c3bef49ef8ef4a7598f501d734ebcb127ac834c960736e4e8bda9fe1be4d2b4558707187d262463a5c1ad95b6f4aa853fdd21eff50fa005c6f5811819f971f9066585c5de0b27066336f170274ac75a2a97b27ce02bf1cb526964dfa58eeb8bf3820f166ce66e114bb938c83187d3bb3b2092770bd72f6e07bb6963db055ebc3f9b07a12de9c6890b0a0e5117dadd10289c34ea1cc5b509703dbf10823f21ad57e75ec376bc4d194b64e1a97acfcaaa53fa86ea7d0d0ee004e0c91c801fe10522d6b74502800192e95b2cc3483cca423bdee0a4a4b550d2ca9f33f2628c438544b96bfc18710b609a4e531ec92ead5eafa68f80d00de02901602ff511f181c54596c5072a6d374106be47bffafc1b3af00fab4957beb823d7e46b24b9a44ed1f83426d9925a67f68e7620e3097e882a16711442373aee8e6a4d018f7d7ae4698e221dbd6c4664b9c8379129928cbe2a75f7b1dadba42b2594fa3ad271989d20e4ba89ab703d51a2b369d240a8e9683a85615783dc6d2aec3d7a6fa536abcee0bd73b871c575f3ae9533554da312c0f83cde50c2be5c117324e750e3b51a5df6ed8ad8f09f02a3d848217641ee4d8f9883ca1b00e14a3feb3aa03f822a1a24191209ffb2840a59b9e68ba49e0cb812742444662bfb73dc9a499d49d9492bb85bd7fa01a7559b6e05103df086e7735cb2398b3b0cffd52b1b7b5941d063dd8aba0d6a24d50eb8a03a875b9ccb3c99fc57f0286c61fea6a7b669b91773445f8b086c56e16fec8bba98eda0d0297150dd8cabe30a676e628c87ce1b39730186a4eb828f3b1d902180852225edb6262b39e07141365c1ced0ce48ea55e3d2080b21a566541a169d05b84b4f507be112e49c4cd68072fb2b7223a606d67ee357badbdb19c79d4a9f0d0c0adeb0016a9e1210ecdef53ad71758bca94164b7f47250bc75db2943ecde55284ba1667883e7c64888eaff7c91c90cdf631acf11bc0d9d9732a82d077e75f5b8ba47368710a0dc55f49a480fb99b37861654fff7fa36b74521f3be58405b1fce7a457ee61b4164be0e81ce41e7d1a94ee42df5e72c60910a4a9884eb1b93cee66806d02bca02e77deb48454a1e21da8a52b50682ceb1daf2f2ea77d7ef1f0498101867c5fb00e91b6d75d0b86254d5e8538219332a5b4e6124617ef12e869c316d6213a02a1aee5548202100b1b804a81e5421b0fb7b7f08f87464850b9442e0392d65549394bcba21a01bea96021f433791029c15260004208f441997a2aada0b08140615cbda5b43ed5eea10f988f3b0daf6a8d918e4aaf20db9ccff3d62f43f2254fedfbf54f71cf1f9d6fd2f91af77ee4f8d910dbad4933184b68066e33815013fda9f529046ee47216bcd5023b98f604189f1cd8fe82d2f22656619d620d94ca9d92826453a120600ea3d0273511def54ba37c121d296bc10d731110e2ed0fb9114cc055a1947eb4892ffbf9282916bfef2cc6c44799e8a436e8ac3bc78f30cfee64d50d91c37394c368f2de9a932e5b6fc58b785a69b0d904612183527eb328b88aa602772f9d7124dee803754e7018019dd02c68e2beb6e72ec3bbbad1dd821d5799a40fe0b7f3a84707510a87ccaa5999a8b44437f90b719b251acae1d449499b222ffcbc35035baffc06b26bbbea0451f80199284369e38ec2802da160fb6590a8db7ecbf06727b9bcf0babde94062606eae1fa5e700b107403e8ddfec86931a076a906ab14a380e2f28a893eeb7f23325a2e6c5fb5e46b0ada5c2e974062ab2704dd7bc62369f97cbed57f623d039d4b78e2ba163c49edc9932abef38367d8a1fe09aabc9538a1a13ef072499f0c4d21699d8cc274f3c708f5774dc9c7f20e93a9c23814e699fc0ac249d3cdf204f91c0595fa10f6918d92aefc63eeb1cbd13ebc759327694f7717bc661954e11ab7e83c6b720a7ec22ee0bd679f5ab72d4a1cc57fb1d771358c93c6c60e62235aef87538c33e882572aa3740e21c1e490a19983a7b2b84f48196d873a00303777bff50084242d414163409cf1d889ce5eca5f0dd562b3a6374ff0f1d1212e38bfb1d48995af60248c7e0fdeb045d944e99abac2a5039b795aa21393461f6f00647f58a17aca96ef2d3b228ccc959253f295ee0cb57159bda0f46593ce0d098ee83bc40caed08880ef6936deb214a2b63be35da070ffab0f12471c5b43a2ad4211f9e55cd39ddc414cb90884760673897aaca0b2af8bd4e4e0c0172baf07ad0b50e4db2291ef67364c0015e0e3222076cb2d1f6140a80110e0cf8f05001953426b0393608f0b4f3841818826ea3715e5f6e6bc4356b25d5310c2ed733ff80b58aaf9b7603e1d3b1be0c050503fb91a610aa83f6070c36c35b9e6578c1e400777e0e8581f2a42bf48955a32a3af2532bbbf221f1d737dfb3f8e30e478f1d9da09e73ccc259c014e2118238bac9feff9500d394b1588a12f9ba8fdf420862d107fdd8325ff05259352930df3bf426364039a16a2576c3d1acba92dfb8db3885432981115089f3aa8f7f58c1d676de41cbfe7f3c87bf96ed7fbfb8a39428991a9a9dd42ce3f9bce70b720874a0538426a1774b2708f627eb17fc12eac920eb5f1f2acac07cf1e0e40b850ea9b745a464710b678e8b99d5712d12fc8bfeb5f4660241417a6021c56e44afdaa62bac3f49cba1b0d019c0b4ca188d9e2bf799834d62233184f5acf1927511a19b764c008bffe673da379985204d517ea8399240dab1f5b26add55a80b9fec24b9553f00cf1d2491ea4cdb251ac0fbfad1699bd04074c73a85e8b8f7dfcbe6d6eed4b174b90075303024cd6737383aeacea52ba0213533f948dd848712386c54b7102414811a0207706ccb1bd75db6c01952dbf729adcc29017267b997e5c2feacaed663c57b3fcf71fea6b52e0df47e67eef889c1cdc70bb7d5e2b599263790b68e98763d59343980473423648cb59331b9125a742cf97cc53ea59f86edfbae3bb7928a009e4879ab9bc4177cce0adb57e6a8163d5304b7b85978a26d8023a66a7720002fd9b0772b81601c766f7921905a65d7137adb40069d43ae78ded42e167367f0bbd50cfd4cafee5a3fd07123144666b6e1310e2435f3469008950d62dca66bc4584774c7a88ed7d5b909acd5250956c434f5cd6dc7f33d90289ee9047d301d0d2eafe3230ebb53dedd10d815ae12c4323a43a010a64416a128e5344fefc2a0bd5631dfb7ef5fd9cb5a6dc6c1dd8904348bff1887896300f71060b369fa44453f22e5afee2ad8aa477d90c8c1362bbc640463eefc91dbbecb974f903d3921dde81ec2915bbd005ff5af53a606e2bef1698e2b31668970a98d589dbd84df25df589aadde63924c02874c4170db6716e017cd3a1f69da358f7e96fc26dca1cec4e9e22bc2314f67e066121d48d73a83103a9abdaded5b154e5727f", 0x1000}, {&(0x7f00000058c0)="1f3de8c789ab602490cc53ec664f1cee7476ec71fd69fdd6a3e90d265c4df2ada69eadb37eca88cbfcfd8c7cd1b81995192aac1d69988ff27da44462a68e45300c148a09fe6a69d8798a7f7a8b63d050c16b35a7f51d16828abace653eeb2639bfa23503210b78a484fd946ee8a63dc8982138b7f4bf44a9534f7e55b369270170c89c341b08102d464982bb80c5b84c3861485b3ea1025d6d3d08a036467b7a5f7a0756479942f216f42f5f3d22a5ee254c1ff1d52cbea393197623e1ba86d2716c372838022a1d3549c80db1f5dc6d7bb2cf90656d6efe609f59a7d0", 0xdd}], 0x3, &(0x7f0000005a00)}}, {{&(0x7f0000005a40)={0x2, 0x4e23, @private=0xa010101}, 0x10, &(0x7f0000005d40)=[{&(0x7f0000005a80)="7321d898c49bdff65d3094d83cee73e249f38b2e3dd8b99a6e44e52b972077b30feac4c1cb2133d7679c17f5558504b693e461da0609027018270182e3ca450d638624647f0c1fc007192da9b9710a48097f6caa5a38a84ad66985c1b7b26bd2acb3710d68ce4538874077f3f8c4f1e1816f5ecc6c501d6ba02b104913044ed7d8eefd1dbfbed4082e5466bc2f4139cc97d1ab0ff080bb7897dd0cec91f1e48f61", 0xa1}, {&(0x7f0000005b40)="a9110d8c4d0933335971d1ed", 0xc}, {&(0x7f0000005b80)="daadb7a15da7a39dab9149a4a6338006beb28121a2193121830ed1aab3a12fce1d004dd75f62b4b5f719", 0x2a}, {&(0x7f0000005bc0)="4e44bace18e79480b1cfa4fdea634f1b89041733b45d0864946918f1971f99b6d174c720d1cc8a3a0998277594904d48a6727ccdd3250a0be674c8768c53570bede1c914091526acf763cd90087d599b73375e89d9d9d7a4466918ea974b23a70f8aced19c74d41f5d66c6233f07df3c8c69e846390c80c7f10ac2d8849746bc9deff1eb31d916c788be310f6d17d7fc9e009fd85c84bcb9af73b2755cf59b95ca8e95ba195ffec30a4ddf8e149cd04bd5646acfd6d854ed33db71d055bf34b671", 0xc1}, {&(0x7f0000005cc0)="9d36b1c88c22e60a57fac95e19e199d8707a61cef783b1295070f45ca8e11069c5d3f161ffdda6beb709ed29a4c8efef65f049b9c451e81642537afe031f858286284f4828ffe8d0ff2aeec10bd1003b94d0", 0x52}], 0x5, &(0x7f0000005dc0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x91}}, @ip_retopts={{0x68, 0x0, 0x7, {[@generic={0x94, 0xf, "c0608bd911afab01d3044277bb"}, @end, @timestamp_addr={0x44, 0x1c, 0x99, 0x1, 0x4, [{@local, 0x8}, {@dev={0xac, 0x14, 0x14, 0x11}, 0x5}, {@multicast1, 0x6}]}, @noop, @timestamp_addr={0x44, 0xc, 0x94, 0x1, 0x6, [{@multicast1, 0x28b}]}, @end, @generic={0x0, 0xe, "d140b6b7a8525e6402ace218"}, @ssrr={0x89, 0xf, 0x8, [@empty, @loopback, @multicast1]}, @end]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0xfffffffc}}], 0x98}}], 0x8, 0x8080) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(r9, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r8, 0xa, 0x0, r10) syz_io_uring_submit(r7, r2, &(0x7f00000000c0)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r3, &(0x7f0000000040)={0x100, 0x18, 0xe}, &(0x7f0000000080)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r10}}, 0x401) bind$packet(r4, &(0x7f0000000240)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r4, r3, 0x0, 0x500000001) dup2(r0, r1) 11:20:49 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x1000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:49 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x2000000}, 0x0) 11:20:49 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:20:49 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x1000000}, 0x0) 11:21:03 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 54) 11:21:03 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r5, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r5, &(0x7f0000000240)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r5, r4, 0x0, 0x500000001) ioctl$INCFS_IOC_CREATE_FILE(r4, 0xc058671e, &(0x7f0000000180)={{'\x00', 0x1}, {0x3}, 0x2, 0x0, 0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000080)='./file1\x00', &(0x7f0000000340)="76029cfe8e5a5afbf9458ed44a80947982219f1dc67b4feb6f7482cf6b697db3b84bc12385720a1f69bce8b9e3e15aab0dd7c5bb8aa2ceb146083895f616dda4055df138d9d3b08f397623f87bbd4379389c8149372529bda9ceba110b15df396be164d95021b66fd1ba31e168ce1a5516823ae30d519b3d011418874d058debf3fbc129a58437d1a1cba844183816aaaf2e346ac6bc68c9e6c2b600b80978bd66e64cb09db80bea25974831e2e184fbfd2f1a2296518143a29e8d0d6e5a98e772dd817cd14e1fcac9d1ebe37782ab2cbac2c16703862c105e616c05accf55cfd2486e409c44fdb0cc4c52c77f3478e4993ccd43938c51a1f4c1f467465d95b14b12920ad2e038cfb9c2ada2231ab9909e0749d06c90868a25d2f69655cd97ef5ffb90409bb2450bbdce84f32f83266664dfae648e83c703531ed11d5deb5f097b8daca2aa2a5c99c1f677437ffded07f9a83253f8dc82e1225016b1d5c7fd26dcdcb7ae53c1618d498c9165d016d05647d63b56063233e59c9cbf2a7ccbbeab60919bb172793f3583919a7fff3a2d1e7981346f8f743c2b404460a0547811a2b3a8c72cf839c64ccc1f8ad46dd85506c030f971b4028d652e01", 0x1ba, 0x0, &(0x7f0000000500)={0x2, 0x10ad, {0x0, 0xc, 0xa0, "6e580aa30262ac150f6c4ce808a76c43ea5f103093e781cb53a1f66122d9d400baee4fef620709fa684e2a6cf0534d6e48f24cedab4f46e64c39ca8976bfeee5a2e7d0065ebadaec38acab61b583a2ba4bdc8bda2de97f53abcd7264fe7d5dc30f0005a11ad1b8e6ddf6073d041aa267b0ae75afcd1a84d3c4c7d03bb0968f18bb1ed0c0a911c95c834cbd2ed9e7743fdc11f430fa810ae772dbc3cdb13c640a", 0x1000, "c1ae53d77c26b02560316a4080477bf97e2aa3acd101cc5bfdce4dca88a109fac0c811519da18555a20cd677cb82264d2654412a863ebb269196dddf337c6ab90d433f0476a2633cdb5d97f24a3f34f1fe5221f7701a863196ea4c12c1e724094a926b715e2060e36e6e7bf87bcfda52665b3f3f64c02e96b95176f39b67041304946865894d7497b92e77cd89023425b40c572beeccb1690733e5adb934baf88f04f89675de2e7d1cac0d71bc1dffc47e2188a25d787a461a06f99df5803bc7addaf9f7b3503f8e45f5102a37208476038bcd2b2f1953e2a2d792d3ecead5f14ab9ad7ee6d0258c4705b3942fcbe5ffb15d124b068b50eb931ac48b3286d1e7e4d469ca3acc9515ffdd8742db6b5466135234ddfd4e1d477a2ec859a07bd8bb94316faf6a9f86bf8b80f5b42f674f6d88449015a4bc72a3b38e6be0f2592fc8f750b0dbeb7cb5fea68e83e5d9dbaebeb2e9c62027c6b81412a25bbdce26f7e345c0b4ae40fcabeb01adbaa25998227b107cc6500efae08a5f3a2d27590d6b8cc5df9b74c2f55bad95f47f946d1c9b74a379d094a5cdae14ec32401a8031ca601deed3a3f70e5786d6e089eb6de92e2bad91925ec576e4cfdebf115b122b760968808334b86ce4c62f23ad66e0dfdf4cf840c17bc306f235ef68cee42af20ed4656593d72698687d4f932adf4134dd21dff609f364330af015bdc4a179d2b3b5051017ec373e37fc4d489e66457d625dc111bee81ee6990779fd5be505ea6b59072e23edc3db4425847f486ac1512a4d6a614bf3822e6757fa3b1784ccea86202e32555a7228082fd18c75df20cf6a23f9f1d1bac25e5878cc58cbe7ef6f82706c06c14247d8eb19467de3db044a1f750de96c85b00c57a8ba4f7843446292e34421ce63f19450829636b1f9aa805a91e0060921b27e1cec4473d4b211d7d6a9b7e27e4736090a897283258b59b523c8b33fe543be7d3fed7022f24bd292f278be1803f07f2559533e5ab88c2aec7edc65a7c0e7f5e6029e18a51648cde4f3e4e061a54bc9379eac64673558e65f18c3e1bd9182a3d7016fb13440e413fc2d6c26d88d7ed193b0269d232e80bf799631d78eb27464b285520246e593e681450f37bb0971395d74defc892793058a616fe5d55a530717bee7fc175235559643750617df32c4a8bbaf5daed04750b2e9377e407d5be5c2149b4a9518a765f2b64ef862bc0c8758735756539aa65343d696c2a1e3bf90641f66470ed68456dd06b3a77d98d72537cbe229af03a7aa94d01b27d4377320633703110217a453d94851e291e1f59d677cc37bc758ad8ec09689937d03a50def1d1d2ccd40f4b25198688967ee263f6a69409b2bc54be3f50e02f4846811eb5fb0b98d6b811299967943bb001b83dd51949893973a83656959965db1f64b18774c8adfa582b689b0bf35b2b4618990fa5dd84f3b1faece4128dafdb93652f5b6628fe6ae7e40ac3583feb25ac36be14979b575b0adc673c6cd3e50f936cc782c936447cb6e5286145ec7d578ad80ec6f950d7a27f6946932b8226b100b4365ce99d06c21504a190367ef47952cb59a1dbf61e4e8fc5d25c84f7760b64bdaf2205fed54b239a091bf9ddec5e58ea79bd589a3e58f7997d5812a7014f2701b058d8fc61e4034cf9230b5fe4d7d2fa99c2893089087e13774bdfc4143b34ca453f6e0481b47af481d1030028f55c04a7ef908639a10a8453ed1c6a652f5ec9e339713238f136e0aae75d95224c3e859a53ce247ef3f652b92f3275a4ac521cd01fa3dd80b67494b5b3b131079dcf82c542301be0d0431db6bac79727598f71f07d0e8cefa4186f240c1bae6f300a9b5784f09a1e99e3aa92d2a11e8a67242b851e3e8915a8cf97aab66aaae9ff644ff0416d9f8cc7c2355b19ed7408466fb5058eedf4741bb0b0a91979edffaf98eddd616f436f39ba20fc3af353f7efa0a9167206fc2a8ca7ce2de6ad887326928853767ff5c777b453e2af22e82b4203995be59bd85bb38c5cf2e18f63188f42534c3c03cec74ee8785817c68333fcad9146bb1c4de9da82f47292a0cf4a400c0d3fdc74d379cb6ed038bf3a7f2a3721451ae9d6050727194ff2344856e23eacc12d6ff7a3cd393bb199f7e9001265b3608bddc3ff34906e3b804db4509eb2cbbbf357ebdb9a06415d70bf1c5a68e7c82061c72412d8b4ef8e32d041502d963be378a701083fac08d69e84ec3af6a5c1294142808970c6ab1d43fa76ecde9c1f52009e67c7b29950f5ee404fd085f96415d7650a0b89d4e33ad0671d489f4e6ef8b4bb6c62f826169d94cb9729c98314c849339a5dbe572dc4f4446aee7994165ebdbe0d5e4735590efa9aca928816936a0b1cacc4628e5cecb5289b904fb61a02604546737acb1cd2e01e73b614194378b035c91a90ec539a089e96cb0c96b8074312b12a8c79a06540f79a26daaefdab3f45cb5a1e9d5567fc229d16dd83119af26384146e0ec096a804db59a609405d29f65c5987d08624d4a547dde7e5504d33051e5d07a2a3e5776011c89bd38d10fb515c6d90050ac32e83cf354fc4fc6000025d6db3e349436b5f4ab67f8c602f2ce9d94a09668cb3cdec1a1e87253b6b8d1f670f8d6729643c86601b9930b8ff61a47bf88e273e16a9af71576e458c29581780faebcce2a9f5a7fe44921ec06f75b3384c1710853aa9a069f659d42e7c4d39dda8e7a201b0a79552f545adcfab7cfc37230706cd03b56545a491ec5693bb68bc298c34b3b80692ac93e6bf6b1f814e49ba8f2b8bc5ec5a0c7365bd0710ea1f8938545b1d4fc50bf28eaaad3fde794a0edbb72447de5bfe800d5d6d274111af4b92d1d2e148071f1ab858d11c6d809e3bdfc7ea5bb3783767f3e8e86c9c993dc523a87058de4cab288bca9586a7084f5308379a971688282f5c0897e0bced6034d638fee533825902e97c610a0759d6075484dd234b77b3a62cf52c5d8d8f149d9673351826aba6fc2c844a95b749410eab9ffba2a9b1e0e70ece54ecbc574d80060ecf84bec5c5f9ea4f2675fdf07c2a59afdb5b257a36f82bdade02390676cb67e81ff713bf95eb60ac1b0d7fceddc34e7f92bf45ab1e82319164ffd049d4b3f9bc580cbb540535cb9df6023e08b574360e6f6f841f13eb3bd245b82fcaedb141d0a5c920918373d6067a754044847d378f721001843fea6c22c10bfd8c86a856011033326916810813e0d7326dce73be113ebf9670a2af5a7e72d38cb2c701b6aae4cd4bd1fbed8c0d2c611cd25248560ffc0a616ce3762512829cc9c9c979df71d7ffe81e124efa0b06431002b8ca43639e66d1661f7fd06c9e0c0c6addfa65534563db50530d5c3645798783eb7e1576f969fccbf384d411e497d8cc579e165e43d11a19c3b972e25b75d81da3bb101b1992a342950b49af3b9675f04dd9ee4cf91ec674b4fd77b84afd2f22dfb0d4de74d3b50fd9a47285d7768a8f35dd40a5a906ebcc1b2a1b625a546174c5dd4220ea6eb65ac55c94112a1f5a5589a05002f119553c1d588d5aa2b52dd30339c85265e062c10b79ddba24f6b27a123d54d99122c7a6e7353019f27c78e9c3a9bf6cde23f8a7aebb12f47a84829b19f7ffe2d4e6b6391d369609e98264cb0c8190e236baa995ee7f4339044d5b2c5b9aaca11d3bdf6d5f7220d252510603d8a53103b9a65bd69e1fac67324754cf4e5b9c1644d66de070d7d8a188fb9c9aa6bdb25faef8ec02c846f63492e212c5490f1695cfd7b697e48f5f69988ba0181f6fd5a0f56a5932491fc21ac30853484289f41ef04d150c457e77bab932f04bf7926ecb7044967a1ad1e29415c88c33b0762419f69b7f6c0c0628bd2b9ebfcb9dd17d4c4842b8dca319f8705f16abbf04dbdc01a5a9347c54bfabca87181fd68fe3502b5e16839c2439335b5cdbbb94ae6b21e84979aff8bc6c25e8b794c5803d60acf788d6ddd62928d69509c2b65dadcd6607798977fddd7a590906a88d480f40066f5268f5da245918dbb2095d527c4e6236ab574c2d19b475cdae5481ef99832a1ec12ec01f57cba4e1de5fed9cbc2ea64146fc0f6257a6338d4e64a52332fc7ccad5eb57109fcb564b8505be53ac5d68a71ceadad7e0445412a5bfb4751daf0f12a021449a1e1991d20652456991fee1ada0dd787b81331ac85de31b1c0295ed8275c1a3348c15eb05b6b5adce365cf5a42f4b94e9876718381d9d5c67a1d5ed2d83e35772e0e0180d54f45b1769a43fb11d626c7c86260c43e637245f7a24e6e5a448ebc9779e6ed750fd085da07e20594a249b4889abf17e487c0e9b55834996bc0e89799d2ef20d6f3223fb6d8e0645fe64a2e900448b20e97b477c3affee50762fe43d5a718b732850fe06f86f530778b7950322a1b3bb90efec609c4490c8170e2847a6e77eaac460cea41cfe5cbb4188d5a74487d5975e5749b1466b9b84653fa3be1d7aaaae11c0ffcf2b22ef41a19c24744735d53fddf9d0bae53d4f9f51c680b957338d685000ec000fba502c5e7f8ea41c3eebf4330c661e0ec2f2ab43fcb4168b2daa5d1fb2a269679eac3268e3b2141c54c764014350448bf8bca4ad0b4e6d307dabab1a20529566c87bbd053a8b4bf24049b098f50c7a774f55252b76a4a58c4830cf5c497f76d96e33d732b9552147ff49180a51490fe00f3990ade0aeb62a7c400746d4bfbf11899d30323b6a857fc5ec1d9c2f0db1dcdaca5e98a731460308b4ea37952a4c48070193f9baac38fcf63c129b38377dea589ab12dfc43c94c55fd00974c748acbbe2cea41b706e4b3dcd0264f89f10c04c9f5d5921f6efec01b1cef6a14b4f77eac73150ddd3d71287673a1569f190f1f219231baa76648cd501197393b5c5cf94763eaf69de3aa7dcd013bbce1e0858329d9215b1e9ee66fc110ba4420a9224cb5043997536f1bbccebae8b1c4d5d555d469821dcff451ef62a05c79bfa70ca1e49fc99f87e33eb18490515ace95604475db1bde49d4995594224002de6e9e6968ed060293e225e8a7109eb27765820cb6f0b9a8e5fdd14722f50fdda82f8f6cd5b358ec32da261d32a45da4933c5194fea7111389ae5b6597c33101f74667660c9be7b0f513c77c0f5cab116bf4a4713efca5ecd58413c75bdd9d1fa385d7ec1ab1e4d5b934dd653dd4458c95e7da0e1554d8e8cb309413a5da4f5863755e9a1b1ff44a35086f435b4c066ab190efe76cfce934e21a97e2a3e99c025496017e62290ae94faa98ea810ba277159be8919a0f8af91ee59a91ec67c5ac8b960d73dfe51aaa20c5d36e45587f118de1ef8de83979794b018c86676cccb9b184010835260b1e42343b87b4928e464a6a8c39e183f18010313a723efcf06246cea52a94a2399b6cede0c84188555c78fc6d616c043102c6ba7d5382f4204154d0dd20b8e9699d6b0a0a360e86f6433dfcab88197a60643a900aa3c8edbe8e0738a32a00abac5baed5a09bbf485c361e61cda6cb31b76e55aaa01fbcdeb8f490d2ce02a5063f6f31f6cc031063e7ee58a375e725bb5fc5746f5f49a5451b1a4c54f953ab4587145350b069ffb3767e561552395469a8ab8b8b0b78084583ab850dd8f6e8f0e6a3d11b078e2ec684d439d2806a092347073d18f6eed78192eefba067a6be844141f00399677202a74f9d97aac779b5773a192f95fe8b34c293c685508bf0fd4746a6bc39f30a08c36bd2c09322aa76d0a2848b019b994bdbb9929763c3adcc8a8f73caaf07737aa9d252cc51def3b5fd482a435da1e90bd"}, 0x60, "59b49226595ab9461d2774c1e7ba5f5273a26a18a3b072991bce97ce65af0b5fa3a9e9027e319e85769519f342a488d23777d19051c89f620383b34be0f5b3a94bccb2693c1445b508b8347204b81205a12df85036ebf155d134def081041900"}, 0x1119}) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:21:03 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x2000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf000000}, 0x0) 11:21:03 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xffffff7f00000000}, 0x0) 11:21:03 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:03 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x2000000}, 0x0) 11:21:03 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x64000000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2621.148224] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:21:03 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x3000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2621.184529] FAULT_INJECTION: forcing a failure. [ 2621.184529] name failslab, interval 1, probability 0, space 0, times 0 [ 2621.187117] CPU: 1 PID: 12118 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2621.188616] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2621.190412] Call Trace: [ 2621.190985] dump_stack+0x107/0x167 [ 2621.191782] should_fail.cold+0x5/0xa [ 2621.192601] ? create_object.isra.0+0x3a/0xa30 [ 2621.193588] should_failslab+0x5/0x20 [ 2621.194416] kmem_cache_alloc+0x5b/0x310 [ 2621.195301] create_object.isra.0+0x3a/0xa30 11:21:03 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0x9effffff}, 0x0) [ 2621.196299] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2621.197396] kmem_cache_alloc_node+0x169/0x330 [ 2621.198378] __kmem_cache_create+0x10e/0x520 [ 2621.199319] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2621.200378] p9_client_create+0xc6a/0x1230 [ 2621.201288] ? p9_client_flush+0x430/0x430 [ 2621.202188] ? trace_hardirqs_on+0x5b/0x180 [ 2621.203100] ? lockdep_init_map_type+0x2c7/0x780 [ 2621.204118] ? __raw_spin_lock_init+0x36/0x110 [ 2621.205094] v9fs_session_init+0x1dd/0x1680 [ 2621.206015] ? lock_release+0x680/0x680 [ 2621.206861] ? kmem_cache_alloc_trace+0x151/0x320 [ 2621.207879] ? v9fs_show_options+0x690/0x690 [ 2621.208817] ? trace_hardirqs_on+0x5b/0x180 [ 2621.209733] ? kasan_unpoison_shadow+0x33/0x50 [ 2621.210699] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2621.211773] v9fs_mount+0x79/0x8f0 [ 2621.212521] ? v9fs_write_inode+0x60/0x60 [ 2621.213404] legacy_get_tree+0x105/0x220 [ 2621.214280] vfs_get_tree+0x8e/0x300 [ 2621.215065] path_mount+0x1490/0x21e0 [ 2621.215881] ? strncpy_from_user+0x9e/0x470 [ 2621.216781] ? finish_automount+0xa90/0xa90 [ 2621.217688] ? getname_flags.part.0+0x1dd/0x4f0 [ 2621.218661] ? _copy_from_user+0xfb/0x1b0 [ 2621.219543] __x64_sys_mount+0x282/0x300 [ 2621.220392] ? copy_mnt_ns+0xa00/0xa00 [ 2621.221230] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2621.222362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2621.223471] do_syscall_64+0x33/0x40 [ 2621.224266] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2621.225363] RIP: 0033:0x7f9990caeb19 [ 2621.226168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2621.230113] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2621.231755] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2621.233300] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2621.234838] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2621.236350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2621.237873] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2633.669795] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. [ 2633.690788] FAULT_INJECTION: forcing a failure. [ 2633.690788] name failslab, interval 1, probability 0, space 0, times 0 [ 2633.692105] CPU: 0 PID: 12137 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2633.692887] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2633.693845] Call Trace: 11:21:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x3000000}, 0x0) 11:21:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xffffffff00000000}, 0x0) 11:21:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x80040000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0xc509, 0x0, 0x0, 0x200d7}, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) r6 = syz_open_dev$loop(&(0x7f0000000080), 0x9, 0x200000) fcntl$dupfd(r6, 0x406, r4) dup2(r0, r1) 11:21:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 55) 11:21:15 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x4000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xcf000000}, 0x0) [ 2633.694151] dump_stack+0x107/0x167 [ 2633.694772] should_fail.cold+0x5/0xa [ 2633.695206] ? create_object.isra.0+0x3a/0xa30 [ 2633.695720] should_failslab+0x5/0x20 [ 2633.696148] kmem_cache_alloc+0x5b/0x310 [ 2633.696608] create_object.isra.0+0x3a/0xa30 [ 2633.697114] kmemleak_alloc_percpu+0xa0/0x100 [ 2633.697620] pcpu_alloc+0x4e2/0x1240 [ 2633.698072] __kmem_cache_create+0x35a/0x520 [ 2633.698574] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2633.699138] p9_client_create+0xc6a/0x1230 [ 2633.699623] ? p9_client_flush+0x430/0x430 [ 2633.700103] ? trace_hardirqs_on+0x5b/0x180 [ 2633.700591] ? lockdep_init_map_type+0x2c7/0x780 [ 2633.701128] ? __raw_spin_lock_init+0x36/0x110 [ 2633.701646] v9fs_session_init+0x1dd/0x1680 [ 2633.702148] ? lock_release+0x680/0x680 [ 2633.702599] ? kmem_cache_alloc_trace+0x151/0x320 [ 2633.703141] ? v9fs_show_options+0x690/0x690 [ 2633.703644] ? trace_hardirqs_on+0x5b/0x180 [ 2633.704130] ? kasan_unpoison_shadow+0x33/0x50 [ 2633.704645] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2633.705217] v9fs_mount+0x79/0x8f0 [ 2633.705615] ? v9fs_write_inode+0x60/0x60 [ 2633.706100] legacy_get_tree+0x105/0x220 [ 2633.706558] vfs_get_tree+0x8e/0x300 [ 2633.706980] path_mount+0x1490/0x21e0 [ 2633.707412] ? strncpy_from_user+0x9e/0x470 [ 2633.707898] ? finish_automount+0xa90/0xa90 [ 2633.708386] ? getname_flags.part.0+0x1dd/0x4f0 [ 2633.708911] ? _copy_from_user+0xfb/0x1b0 [ 2633.709384] __x64_sys_mount+0x282/0x300 [ 2633.709859] ? copy_mnt_ns+0xa00/0xa00 [ 2633.710300] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2633.710890] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2633.711467] do_syscall_64+0x33/0x40 [ 2633.711883] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2633.712456] RIP: 0033:0x7f9990caeb19 [ 2633.712875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2633.714978] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2633.715832] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2633.716636] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2633.717442] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2633.718259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2633.719061] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xf0ffffff}, 0x0) 11:21:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf000000}, 0x0) 11:21:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0xfffffffffffff000}, 0x0) 11:21:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xfffff000}, 0x0) [ 2633.805700] netlink: 208 bytes leftover after parsing attributes in process `syz-executor.7'. 11:21:15 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x5000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xffffff7f}, 0x0) 11:21:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x2}, 0x0) 11:21:15 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xffffff9e}, 0x0) 11:21:15 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:15 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x33020000}, 0x0) 11:21:15 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x3}, 0x0) 11:21:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 56) 11:21:15 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)) r3 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r4 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r5 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r6 = syz_io_uring_setup(0x2bb9, &(0x7f0000000100), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000002a40)=0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(r3, 0x9, 0x0, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) sendfile(r5, r3, 0x0, 0x1) io_uring_register$IORING_UNREGISTER_PERSONALITY(r5, 0xa, 0x0, r9) syz_io_uring_submit(r2, 0x0, &(0x7f0000000080)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, r0, 0x0, &(0x7f0000000040)='./file0\x00', 0x80, 0x202000, 0x12345, {0x0, r9}}, 0x2) r10 = socket$packet(0x11, 0x3, 0x300) r11 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r10, &(0x7f0000000240)={0x11, 0x0, r12, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r10, r4, 0x0, 0x500000001) dup2(r0, r1) syz_io_uring_submit(r2, r7, &(0x7f00000000c0)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0xa, 0x0, 0x0, 0x6, 0x2, 0x0, {0x0, r8}}, 0x4) [ 2634.033321] FAULT_INJECTION: forcing a failure. [ 2634.033321] name failslab, interval 1, probability 0, space 0, times 0 [ 2634.035203] CPU: 0 PID: 12179 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2634.036253] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2634.037511] Call Trace: [ 2634.037933] dump_stack+0x107/0x167 [ 2634.038488] should_fail.cold+0x5/0xa [ 2634.039069] ? create_object.isra.0+0x3a/0xa30 [ 2634.039761] should_failslab+0x5/0x20 [ 2634.040339] kmem_cache_alloc+0x5b/0x310 [ 2634.040957] ? mark_held_locks+0x9e/0xe0 [ 2634.041577] create_object.isra.0+0x3a/0xa30 [ 2634.042260] kmemleak_alloc_percpu+0xa0/0x100 [ 2634.042981] pcpu_alloc+0x4e2/0x1240 [ 2634.043559] __kmem_cache_create+0x35a/0x520 [ 2634.044229] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2634.044988] p9_client_create+0xc6a/0x1230 [ 2634.045638] ? p9_client_flush+0x430/0x430 [ 2634.046292] ? trace_hardirqs_on+0x5b/0x180 [ 2634.046947] ? lockdep_init_map_type+0x2c7/0x780 [ 2634.047667] ? __raw_spin_lock_init+0x36/0x110 [ 2634.048364] v9fs_session_init+0x1dd/0x1680 [ 2634.049018] ? lock_release+0x680/0x680 [ 2634.049640] ? kmem_cache_alloc_trace+0x151/0x320 [ 2634.050376] ? v9fs_show_options+0x690/0x690 [ 2634.051050] ? trace_hardirqs_on+0x5b/0x180 [ 2634.051704] ? kasan_unpoison_shadow+0x33/0x50 [ 2634.052397] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2634.053168] v9fs_mount+0x79/0x8f0 [ 2634.053714] ? v9fs_write_inode+0x60/0x60 [ 2634.054340] legacy_get_tree+0x105/0x220 [ 2634.054958] vfs_get_tree+0x8e/0x300 [ 2634.055551] path_mount+0x1490/0x21e0 [ 2634.056133] ? strncpy_from_user+0x9e/0x470 [ 2634.056787] ? finish_automount+0xa90/0xa90 [ 2634.057438] ? getname_flags.part.0+0x1dd/0x4f0 [ 2634.058157] ? _copy_from_user+0xfb/0x1b0 [ 2634.058790] __x64_sys_mount+0x282/0x300 [ 2634.059406] ? copy_mnt_ns+0xa00/0xa00 [ 2634.060000] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2634.060795] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2634.061605] do_syscall_64+0x33/0x40 [ 2634.062180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2634.062955] RIP: 0033:0x7f9990caeb19 [ 2634.063521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2634.066309] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2634.067461] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2634.068542] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2634.069622] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2634.070726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2634.071812] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:31 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x4}, 0x0) 11:21:31 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0)={0x0, 0x1000000, 0x0, 0x0, 0x4, 0x0, r0}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000000040), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x3, 0x300) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r3, &(0x7f0000000240)={0x11, 0x0, r5, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r3, r2, 0x0, 0x500000001) dup2(r0, r1) 11:21:31 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 57) [ 2649.893060] FAULT_INJECTION: forcing a failure. [ 2649.893060] name failslab, interval 1, probability 0, space 0, times 0 11:21:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x6000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2649.895114] CPU: 1 PID: 12197 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2649.896408] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2649.897741] Call Trace: [ 2649.898179] dump_stack+0x107/0x167 [ 2649.898764] should_fail.cold+0x5/0xa 11:21:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xfffffff0}, 0x0) [ 2649.899380] should_failslab+0x5/0x20 [ 2649.900104] __kmalloc_track_caller+0x79/0x370 [ 2649.900861] ? kstrdup_const+0x53/0x80 [ 2649.901494] kstrdup+0x36/0x70 [ 2649.902030] kstrdup_const+0x53/0x80 [ 2649.902627] kvasprintf_const+0x10c/0x1a0 [ 2649.903292] kobject_set_name_vargs+0x56/0x150 [ 2649.904028] kobject_init_and_add+0xc9/0x160 [ 2649.904747] ? kobject_create_and_add+0xb0/0xb0 [ 2649.905506] ? wait_for_completion_io+0x270/0x270 [ 2649.906283] ? kernfs_name_hash+0xe7/0x110 [ 2649.906970] ? kernfs_find_ns+0x256/0x380 [ 2649.907652] sysfs_slab_add+0x172/0x200 [ 2649.908297] __kmem_cache_create+0x3db/0x520 [ 2649.908962] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2649.909776] p9_client_create+0xc6a/0x1230 [ 2649.910432] ? p9_client_flush+0x430/0x430 [ 2649.911126] ? trace_hardirqs_on+0x5b/0x180 [ 2649.911821] ? lockdep_init_map_type+0x2c7/0x780 [ 2649.912584] ? __raw_spin_lock_init+0x36/0x110 [ 2649.913328] v9fs_session_init+0x1dd/0x1680 [ 2649.914038] ? lock_release+0x680/0x680 [ 2649.914684] ? kmem_cache_alloc_trace+0x151/0x320 [ 2649.915453] ? v9fs_show_options+0x690/0x690 [ 2649.916164] ? trace_hardirqs_on+0x5b/0x180 [ 2649.916847] ? kasan_unpoison_shadow+0x33/0x50 [ 2649.917581] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2649.918407] v9fs_mount+0x79/0x8f0 [ 2649.918972] ? v9fs_write_inode+0x60/0x60 [ 2649.919635] legacy_get_tree+0x105/0x220 [ 2649.920303] vfs_get_tree+0x8e/0x300 [ 2649.920907] path_mount+0x1490/0x21e0 11:21:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x7000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x81000000}, 0x0) [ 2649.921671] ? strncpy_from_user+0x9e/0x470 [ 2649.922361] ? finish_automount+0xa90/0xa90 [ 2649.923065] ? getname_flags.part.0+0x1dd/0x4f0 [ 2649.923817] ? _copy_from_user+0xfb/0x1b0 [ 2649.924478] __x64_sys_mount+0x282/0x300 [ 2649.925124] ? copy_mnt_ns+0xa00/0xa00 [ 2649.925751] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2649.926608] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2649.927440] do_syscall_64+0x33/0x40 [ 2649.928036] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2649.928806] RIP: 0033:0x7f9990caeb19 [ 2649.929412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2649.932382] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2649.933607] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2649.934696] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2649.935842] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2649.936990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2649.938155] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x5}, 0x0) [ 2649.939457] kobject: can not set name properly! [ 2649.940502] kmem_cache_create(9p-fcall-cache-144) failed with error -12 [ 2649.941625] CPU: 1 PID: 12197 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2649.942740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2649.944078] Call Trace: [ 2649.944510] dump_stack+0x107/0x167 [ 2649.945107] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2649.945955] p9_client_create+0xc6a/0x1230 [ 2649.946632] ? p9_client_flush+0x430/0x430 [ 2649.947306] ? trace_hardirqs_on+0x5b/0x180 [ 2649.947994] ? lockdep_init_map_type+0x2c7/0x780 [ 2649.948764] ? __raw_spin_lock_init+0x36/0x110 [ 2649.949508] v9fs_session_init+0x1dd/0x1680 [ 2649.950210] ? lock_release+0x680/0x680 [ 2649.950857] ? kmem_cache_alloc_trace+0x151/0x320 [ 2649.951658] ? v9fs_show_options+0x690/0x690 [ 2649.952378] ? trace_hardirqs_on+0x5b/0x180 [ 2649.953073] ? kasan_unpoison_shadow+0x33/0x50 [ 2649.953819] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2649.954653] v9fs_mount+0x79/0x8f0 [ 2649.955237] ? v9fs_write_inode+0x60/0x60 [ 2649.955913] legacy_get_tree+0x105/0x220 [ 2649.956581] vfs_get_tree+0x8e/0x300 [ 2649.957177] path_mount+0x1490/0x21e0 [ 2649.957800] ? strncpy_from_user+0x9e/0x470 [ 2649.958500] ? finish_automount+0xa90/0xa90 [ 2649.959194] ? getname_flags.part.0+0x1dd/0x4f0 [ 2649.959956] ? _copy_from_user+0xfb/0x1b0 [ 2649.960628] __x64_sys_mount+0x282/0x300 [ 2649.961276] ? copy_mnt_ns+0xa00/0xa00 [ 2649.961914] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2649.962769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2649.963612] do_syscall_64+0x33/0x40 [ 2649.964219] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2649.965062] RIP: 0033:0x7f9990caeb19 [ 2649.965673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2649.968673] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2649.969925] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2649.971073] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2649.972221] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2649.973370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2649.974532] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:31 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}, 0x1, 0x0, 0x0, 0xffffffff}, 0x0) 11:21:31 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x6}, 0x0) 11:21:31 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0x9effffff}, 0x0) 11:21:31 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:31 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x7000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:32 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf0ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:32 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xf0ffffff}, 0x0) 11:21:32 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0x2) 11:21:32 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x7}, 0x0) 11:21:32 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:46 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x8000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:46 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 58) 11:21:46 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf9fdffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0x8) 11:21:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x8}, 0x0) 11:21:46 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x9000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xfffff000}, 0x0) 11:21:46 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) r1 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r2 = perf_event_open$cgroup(&(0x7f0000000080)={0x4, 0x80, 0x9, 0xb9, 0x6, 0x3f, 0x0, 0x0, 0x40, 0xd, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_bp={&(0x7f0000000040), 0xb}, 0x100, 0x80000001, 0x3f, 0x8, 0x4, 0x400, 0x7fff, 0x0, 0x20, 0x0, 0x8}, r0, 0xa, r0, 0x2) readv(r2, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/14, 0xe}], 0x1) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r4 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000000140)) r5 = syz_io_uring_setup(0x2bb9, &(0x7f0000000100), &(0x7f00000a0000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000200), &(0x7f0000002a40)) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r5, 0x9, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r4, 0xa, 0x0, r6) syz_io_uring_submit(0x0, 0x0, &(0x7f00000009c0)=@IORING_OP_WRITEV={0x2, 0x2, 0x4007, @fd, 0x5c41, &(0x7f0000000940)=[{&(0x7f0000000480)="2ee09dc06a7f9bb46904f438b3", 0xd}, {&(0x7f00000004c0)="c750de5465e800e0d4a24c986b4f2450bd50a069b87c451ca58a77c8a1a4aa147f1cdfb9ac9a68b7461c8e8725640d021fc643c2e25ea5df312a76777c8c2aa52ad37b66275a0b143e456e16982d589299d9c8557873fd6c27d81765f4ed32fdd8e7c3fb36a548a839813d6a6c45", 0x6e}, {&(0x7f0000000540)="b9f0f497c8e8e9d0ef5f35f2", 0xc}, {&(0x7f0000000580)="16f97d214f2dc7cc45d0b9dea9d068f99528e54be72cf66fc2a120c8b96b1656be711f993cd4a5c5a1aa2f0cd5ab1b82b10f7b263ffcdb37e5f438831ad0346111a61e7ee88b92bb5e4753be51e8a137b29cc128971d8841d4beb23c732813b5f1919cfd60c1ced86b26048b0bb9a14b1508f5bc7a0c16f75fcf05ae851ef0afabc1f3e456577ef4842836c0d56b7797c2184b73454533b595ebb6d5c1a7ba94029be61e0fa5800ab552b1316288059e0d84b27b6f91dc567343b136c0ff1a607b113a7b31514eceb016843ff428d70c672278aa5e78a9514e9ba782048c320f778d31", 0xe3}, {&(0x7f0000000680)="bc4c60b52a34aa6c7facab8bb286b8aa1f8a7b4581947e1329b964a1ec724eb79f9a42f4cf3e519eaad06a882d7d9c0211f11abaa5be7d7bef1d72349321389127a3322eb078cb2d85110bc7379ca3d3aa448437ddd0741dc0792ef35a851420425a1b24a3643bd2c7bc848b5dc7bc66a1003454a7e689ca90fc15dbced749c8247e3be0fd73bb80448556dc3d69bb1d5039f7642e2793a6f42705dffdfcb0be8ac30dd41bf79449503711f348dd7f6126c5dbce835e8359eb73c31ad632975c599be7c947b5bac0a8d8", 0xca}, {&(0x7f0000000780)="37c7dacb968d9213c346611d1c42e59c21ba1802ba8fd3344e11630c484019d1a4facc06b7d2a44f38f871979f5d4676dd935e587df49a3313d128dcf05f17f7e92ee7e762d6d77eccd95480fec88b455e20216265a60acda7f98c16497fa764cfd0f497d1c5b86b4bca7c43d4a3e5ee55d7a7174f3689d13debd60e89f73b8a0b9536fd4e7c4a94a465fe2b5df8cec36e41ec7be4c5c2a14a15236bcd331fe8f24dfd09", 0xa4}, {&(0x7f0000000840)="5a960108b5ddb502acacf58332e7d1ed3351b7f1c42624fb26b6043f38e61f5ca8b7dfd1d602f67675793d61e2f1e3267104d3ae28a53681053cf98cf66fb7455735c8c8ab62dd2f713168111d850c2f8dd54725919d1084426d4f209d2e599905badecd769a6aeafd04f895b237bd911d1f7de8ad332437a2172e", 0x7b}, {&(0x7f00000008c0)="8a9481b96d0113b80934fd28fb78c18be0096524a3700859b7a9babc22c714ee69ab70f5bb8bbddf8c4636068faef29cb58708e155def28e837b06b4effc77d5a958408da613ec915ab92295201fc347e749f85f74a288abf71b904dcd80f965eade", 0x62}], 0x8, 0x13, 0x1, {0x2, r6}}, 0x1ff) r7 = socket$packet(0x11, 0x3, 0x300) perf_event_open(&(0x7f0000000340)={0x1, 0x80, 0xff, 0x8, 0x1, 0x4, 0x0, 0x4, 0x5000, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_config_ext={0x7, 0x10000}, 0x1040, 0xfff, 0x1, 0x2, 0x1ff, 0x81, 0xfff, 0x0, 0x1}, 0x0, 0x8, 0xffffffffffffffff, 0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r3, 0x0, 0x500000001) dup2(r0, r1) 11:21:46 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2664.782718] FAULT_INJECTION: forcing a failure. [ 2664.782718] name failslab, interval 1, probability 0, space 0, times 0 [ 2664.785524] CPU: 0 PID: 12241 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2664.787152] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2664.789100] Call Trace: [ 2664.789726] dump_stack+0x107/0x167 [ 2664.790594] should_fail.cold+0x5/0xa [ 2664.791491] ? create_object.isra.0+0x3a/0xa30 [ 2664.792568] should_failslab+0x5/0x20 [ 2664.793466] kmem_cache_alloc+0x5b/0x310 [ 2664.794432] ? mark_held_locks+0x9e/0xe0 [ 2664.795394] create_object.isra.0+0x3a/0xa30 [ 2664.796439] kmemleak_alloc_percpu+0xa0/0x100 [ 2664.797498] pcpu_alloc+0x4e2/0x1240 [ 2664.798403] __kmem_cache_create+0x35a/0x520 [ 2664.799447] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2664.800626] p9_client_create+0xc6a/0x1230 [ 2664.801632] ? p9_client_flush+0x430/0x430 [ 2664.802642] ? trace_hardirqs_on+0x5b/0x180 [ 2664.803660] ? lockdep_init_map_type+0x2c7/0x780 [ 2664.804779] ? __raw_spin_lock_init+0x36/0x110 [ 2664.805865] v9fs_session_init+0x1dd/0x1680 [ 2664.806895] ? lock_release+0x680/0x680 [ 2664.807839] ? kmem_cache_alloc_trace+0x151/0x320 [ 2664.808979] ? v9fs_show_options+0x690/0x690 [ 2664.810040] ? trace_hardirqs_on+0x5b/0x180 [ 2664.811060] ? kasan_unpoison_shadow+0x33/0x50 [ 2664.812134] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2664.813330] v9fs_mount+0x79/0x8f0 [ 2664.814179] ? v9fs_write_inode+0x60/0x60 [ 2664.815154] legacy_get_tree+0x105/0x220 [ 2664.816114] vfs_get_tree+0x8e/0x300 11:21:46 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xb000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2664.816991] path_mount+0x1490/0x21e0 [ 2664.817999] ? strncpy_from_user+0x9e/0x470 [ 2664.819028] ? finish_automount+0xa90/0xa90 [ 2664.820045] ? getname_flags.part.0+0x1dd/0x4f0 [ 2664.821142] ? _copy_from_user+0xfb/0x1b0 [ 2664.822146] __x64_sys_mount+0x282/0x300 [ 2664.823104] ? copy_mnt_ns+0xa00/0xa00 [ 2664.824028] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2664.825269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2664.826499] do_syscall_64+0x33/0x40 11:21:46 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0xf) [ 2664.827379] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2664.828617] RIP: 0033:0x7f9990caeb19 [ 2664.829502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2664.833899] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2664.835720] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2664.837419] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2664.839127] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2664.840821] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2664.842528] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:21:46 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xffffff7f}, 0x0) 11:21:46 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xfeffffff, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:21:46 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x9}, 0x0) [ 2679.440750] FAULT_INJECTION: forcing a failure. [ 2679.440750] name failslab, interval 1, probability 0, space 0, times 0 [ 2679.443721] CPU: 0 PID: 12274 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2679.445499] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2679.447633] Call Trace: [ 2679.448324] dump_stack+0x107/0x167 [ 2679.449262] should_fail.cold+0x5/0xa [ 2679.450260] should_failslab+0x5/0x20 11:22:01 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x9000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:22:01 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 59) 11:22:01 executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) setsockopt$packet_int(r1, 0x107, 0x14, &(0x7f0000000040)=0x3f, 0x4) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r1, r0, 0x0, 0x500000001) r4 = openat(r0, &(0x7f0000000100)='./file1\x00', 0x105142, 0x3c) r5 = syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), &(0x7f0000000140)) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000200), 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r7, &(0x7f0000000240)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @random="ca73da4133fc"}, 0x14) sendfile(r7, r6, 0x0, 0x500000001) dup2(r4, r5) 11:22:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0xa}, 0x0) 11:22:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0xcf) 11:22:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xffffff9e}, 0x0) 11:22:01 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xff030000, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:22:01 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xd000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2679.451237] __kmalloc_track_caller+0x79/0x370 [ 2679.452639] ? kstrdup_const+0x53/0x80 [ 2679.453823] kstrdup+0x36/0x70 [ 2679.454685] kstrdup_const+0x53/0x80 [ 2679.455635] __kernfs_new_node+0x9d/0x860 [ 2679.456697] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2679.457919] ? lock_acquire+0x197/0x470 [ 2679.458955] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2679.460292] ? lock_release+0x680/0x680 [ 2679.461304] ? find_held_lock+0x2c/0x110 [ 2679.462366] kernfs_new_node+0x18d/0x250 [ 2679.463417] kernfs_create_dir_ns+0x49/0x160 [ 2679.464553] sysfs_create_dir_ns+0x127/0x290 [ 2679.465688] ? sysfs_create_mount_point+0xb0/0xb0 [ 2679.466941] ? rwlock_bug.part.0+0x90/0x90 [ 2679.468045] ? do_raw_spin_unlock+0x4f/0x220 [ 2679.469173] kobject_add_internal+0x25e/0xa30 [ 2679.470349] kobject_init_and_add+0x101/0x160 [ 2679.471494] ? kobject_create_and_add+0xb0/0xb0 [ 2679.472687] ? wait_for_completion_io+0x270/0x270 [ 2679.473920] ? kernfs_name_hash+0xe7/0x110 [ 2679.475029] ? kernfs_find_ns+0x256/0x380 [ 2679.476105] sysfs_slab_add+0x172/0x200 [ 2679.477122] __kmem_cache_create+0x3db/0x520 [ 2679.478262] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2679.479545] p9_client_create+0xc6a/0x1230 [ 2679.480637] ? p9_client_flush+0x430/0x430 [ 2679.481719] ? trace_hardirqs_on+0x5b/0x180 [ 2679.482838] ? lockdep_init_map_type+0x2c7/0x780 [ 2679.484053] ? __raw_spin_lock_init+0x36/0x110 [ 2679.485250] v9fs_session_init+0x1dd/0x1680 [ 2679.486363] ? lock_release+0x680/0x680 [ 2679.487383] ? kmem_cache_alloc_trace+0x151/0x320 [ 2679.488612] ? v9fs_show_options+0x690/0x690 [ 2679.489754] ? trace_hardirqs_on+0x5b/0x180 [ 2679.490869] ? kasan_unpoison_shadow+0x33/0x50 [ 2679.491849] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2679.492903] v9fs_mount+0x79/0x8f0 [ 2679.493642] ? v9fs_write_inode+0x60/0x60 [ 2679.494511] legacy_get_tree+0x105/0x220 [ 2679.495376] vfs_get_tree+0x8e/0x300 [ 2679.496153] path_mount+0x1490/0x21e0 [ 2679.496949] ? strncpy_from_user+0x9e/0x470 [ 2679.497843] ? finish_automount+0xa90/0xa90 [ 2679.498748] ? getname_flags.part.0+0x1dd/0x4f0 [ 2679.499730] ? _copy_from_user+0xfb/0x1b0 [ 2679.500600] __x64_sys_mount+0x282/0x300 [ 2679.501442] ? copy_mnt_ns+0xa00/0xa00 [ 2679.502265] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2679.503593] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2679.504840] do_syscall_64+0x33/0x40 [ 2679.505798] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2679.506864] RIP: 0033:0x7f9990caeb19 [ 2679.507825] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2679.511615] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2679.513562] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2679.515137] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2679.516624] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2679.518101] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2679.519570] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2679.522583] kobject_add_internal failed for 9p-fcall-cache-146 (error: -12 parent: slab) [ 2679.524925] kmem_cache_create(9p-fcall-cache-146) failed with error -12 [ 2679.526385] CPU: 0 PID: 12274 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2679.527805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2679.529519] Call Trace: [ 2679.530067] dump_stack+0x107/0x167 [ 2679.530842] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2679.531926] p9_client_create+0xc6a/0x1230 [ 2679.532807] ? p9_client_flush+0x430/0x430 [ 2679.533675] ? trace_hardirqs_on+0x5b/0x180 [ 2679.534580] ? lockdep_init_map_type+0x2c7/0x780 [ 2679.535563] ? __raw_spin_lock_init+0x36/0x110 [ 2679.536518] v9fs_session_init+0x1dd/0x1680 [ 2679.537632] ? lock_release+0x680/0x680 11:22:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0xf}, 0x0) 11:22:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0xf0) [ 2679.538563] ? kmem_cache_alloc_trace+0x151/0x320 11:22:01 executing program 3: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xffff1f00, 0x0, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:22:01 executing program 4: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0xa000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) [ 2679.539713] ? v9fs_show_options+0x690/0x690 [ 2679.540761] ? trace_hardirqs_on+0x5b/0x180 [ 2679.541663] ? kasan_unpoison_shadow+0x33/0x50 [ 2679.542622] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2679.543678] v9fs_mount+0x79/0x8f0 [ 2679.544418] ? v9fs_write_inode+0x60/0x60 [ 2679.545273] legacy_get_tree+0x105/0x220 [ 2679.546120] vfs_get_tree+0x8e/0x300 [ 2679.546910] path_mount+0x1490/0x21e0 [ 2679.547701] ? strncpy_from_user+0x9e/0x470 [ 2679.548595] ? finish_automount+0xa90/0xa90 [ 2679.549500] ? getname_flags.part.0+0x1dd/0x4f0 [ 2679.550484] ? _copy_from_user+0xfb/0x1b0 [ 2679.551555] __x64_sys_mount+0x282/0x300 [ 2679.552491] ? copy_mnt_ns+0xa00/0xa00 [ 2679.553503] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2679.554601] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2679.555686] do_syscall_64+0x33/0x40 [ 2679.556465] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2679.557530] RIP: 0033:0x7f9990caeb19 [ 2679.558331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2679.562121] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2679.563705] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2679.565182] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2679.566672] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2679.568145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2679.569617] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 11:22:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0xf00) 11:22:01 executing program 1: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e00010000000000000000001b0000f4"], 0xec}}, 0xcf00) 11:22:01 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001d0001"], 0xec}, 0x1, 0x0, 0xfffffff0}, 0x0) 11:22:01 executing program 2: syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, 0x16000000, 0x0, 0x0, &(0x7f00000008c0)={[{@mpol={'mpol', 0x3d, {'interleave', '=relative', @void}}}]}) 11:22:01 executing program 7: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="ec0000001e0001"], 0xec}, 0x1, 0x0, 0x48}, 0x0) 11:22:01 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000880)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@access_uid}]}}) (fail_nth: 60) [ 2679.942667] FAULT_INJECTION: forcing a failure. [ 2679.942667] name failslab, interval 1, probability 0, space 0, times 0 [ 2679.945252] CPU: 0 PID: 12317 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2679.946798] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2679.948919] Call Trace: [ 2679.949479] dump_stack+0x107/0x167 [ 2679.950436] should_fail.cold+0x5/0xa [ 2679.951426] should_failslab+0x5/0x20 [ 2679.952416] __kmalloc_track_caller+0x79/0x370 [ 2679.953571] ? kstrdup_const+0x53/0x80 [ 2679.954586] kstrdup+0x36/0x70 [ 2679.955259] kstrdup_const+0x53/0x80 [ 2679.956221] __kernfs_new_node+0x9d/0x860 [ 2679.957286] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2679.958412] ? lock_acquire+0x197/0x470 [ 2679.959436] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2679.960683] ? lock_release+0x680/0x680 [ 2679.961708] ? find_held_lock+0x2c/0x110 [ 2679.962588] kernfs_new_node+0x18d/0x250 [ 2679.963483] kernfs_create_dir_ns+0x49/0x160 [ 2679.964410] sysfs_create_dir_ns+0x127/0x290 [ 2679.965334] ? sysfs_create_mount_point+0xb0/0xb0 [ 2679.966347] ? rwlock_bug.part.0+0x90/0x90 [ 2679.967236] ? do_raw_spin_unlock+0x4f/0x220 [ 2679.968167] kobject_add_internal+0x25e/0xa30 [ 2679.969124] kobject_init_and_add+0x101/0x160 [ 2679.970061] ? kobject_create_and_add+0xb0/0xb0 [ 2679.971268] ? wait_for_completion_io+0x270/0x270 [ 2679.972273] ? kernfs_name_hash+0xe7/0x110 [ 2679.973183] ? kernfs_find_ns+0x256/0x380 [ 2679.974071] sysfs_slab_add+0x172/0x200 [ 2679.974924] __kmem_cache_create+0x3db/0x520 [ 2679.975853] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2679.976908] p9_client_create+0xc6a/0x1230 [ 2679.977807] ? p9_client_flush+0x430/0x430 [ 2679.978710] ? trace_hardirqs_on+0x5b/0x180 [ 2679.979612] ? lockdep_init_map_type+0x2c7/0x780 [ 2679.980835] ? __raw_spin_lock_init+0x36/0x110 [ 2679.981951] v9fs_session_init+0x1dd/0x1680 [ 2679.983066] ? lock_release+0x680/0x680 [ 2679.984052] ? kmem_cache_alloc_trace+0x151/0x320 [ 2679.985292] ? v9fs_show_options+0x690/0x690 [ 2679.986378] ? trace_hardirqs_on+0x5b/0x180 [ 2679.987286] ? kasan_unpoison_shadow+0x33/0x50 [ 2679.988259] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2679.989323] v9fs_mount+0x79/0x8f0 [ 2679.990077] ? v9fs_write_inode+0x60/0x60 [ 2679.990948] legacy_get_tree+0x105/0x220 [ 2679.991797] vfs_get_tree+0x8e/0x300 [ 2679.992572] path_mount+0x1490/0x21e0 [ 2679.993375] ? strncpy_from_user+0x9e/0x470 [ 2679.994283] ? finish_automount+0xa90/0xa90 [ 2679.995189] ? getname_flags.part.0+0x1dd/0x4f0 [ 2679.996160] ? _copy_from_user+0xfb/0x1b0 [ 2679.997038] __x64_sys_mount+0x282/0x300 [ 2679.997897] ? copy_mnt_ns+0xa00/0xa00 [ 2679.998728] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2679.999820] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2680.000904] do_syscall_64+0x33/0x40 [ 2680.001683] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2680.002788] RIP: 0033:0x7f9990caeb19 [ 2680.003567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2680.007396] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2680.008993] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2680.010486] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2680.011983] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2680.013467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2680.014959] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2680.016566] kobject_add_internal failed for 9p-fcall-cache-147 (error: -12 parent: slab) [ 2680.018378] kmem_cache_create(9p-fcall-cache-147) failed with error -12 [ 2680.019824] CPU: 0 PID: 12317 Comm: syz-executor.6 Not tainted 5.10.247 #1 [ 2680.021255] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2680.022979] Call Trace: [ 2680.023539] dump_stack+0x107/0x167 [ 2680.024311] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2680.025406] p9_client_create+0xc6a/0x1230 [ 2680.026301] ? p9_client_flush+0x430/0x430 [ 2680.027185] ? trace_hardirqs_on+0x5b/0x180 [ 2680.028078] ? lockdep_init_map_type+0x2c7/0x780 [ 2680.029072] ? __raw_spin_lock_init+0x36/0x110 [ 2680.030024] v9fs_session_init+0x1dd/0x1680 [ 2680.030935] ? lock_release+0x680/0x680 [ 2680.031774] ? kmem_cache_alloc_trace+0x151/0x320 [ 2680.032771] ? v9fs_show_options+0x690/0x690 [ 2680.033929] ? trace_hardirqs_on+0x5b/0x180 [ 2680.035045] ? kasan_unpoison_shadow+0x33/0x50 [ 2680.036216] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2680.037525] v9fs_mount+0x79/0x8f0 [ 2680.038434] ? v9fs_write_inode+0x60/0x60 [ 2680.039383] legacy_get_tree+0x105/0x220 [ 2680.040430] vfs_get_tree+0x8e/0x300 [ 2680.041204] path_mount+0x1490/0x21e0 [ 2680.042180] ? strncpy_from_user+0x9e/0x470 [ 2680.043095] ? finish_automount+0xa90/0xa90 [ 2680.044197] ? getname_flags.part.0+0x1dd/0x4f0 [ 2680.045397] ? _copy_from_user+0xfb/0x1b0 [ 2680.046286] __x64_sys_mount+0x282/0x300 [ 2680.047319] ? copy_mnt_ns+0xa00/0xa00 [ 2680.048148] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2680.049483] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2680.050661] do_syscall_64+0x33/0x40 [ 2680.051449] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2680.052517] RIP: 0033:0x7f9990caeb19 [ 2680.053291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2680.057072] RSP: 002b:00007f998e224188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2680.058648] RAX: ffffffffffffffda RBX: 00007f9990dc1f60 RCX: 00007f9990caeb19 [ 2680.060125] RDX: 00000000200000c0 RSI: 0000000020000040 RDI: 0000000000000000 [ 2680.061602] RBP: 00007f998e2241d0 R08: 0000000020000880 R09: 0000000000000000 [ 2680.063085] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2680.064575] R13: 00007ffee4a1d2af R14: 00007f998e224300 R15: 0000000000022000 [ 2691.058366] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) BUG: memory leak unreferenced object 0xffff888008d1c1c0 (size 32): comm "syz-executor.6", pid 12274, jiffies 4297346272 (age 18.941s) hex dump (first 32 bytes): 39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 31 9p-fcall-cache-1 34 36 00 00 00 00 00 00 30 0e 8e 81 ff ff ff ff 46......0....... backtrace: [<000000009be18e74>] kstrdup+0x36/0x70 [<0000000082f73050>] kstrdup_const+0x53/0x80 [<00000000dc480d0e>] kvasprintf_const+0x10c/0x1a0 [<0000000040ab679d>] kobject_set_name_vargs+0x56/0x150 [<00000000b9ccc97c>] kobject_init_and_add+0xc9/0x160 [<000000001ded9c0e>] sysfs_slab_add+0x172/0x200 [<00000000b122e142>] __kmem_cache_create+0x3db/0x520 [<00000000c9b0b992>] kmem_cache_create_usercopy+0x1db/0x2f0 [<0000000068e02146>] p9_client_create+0xc6a/0x1230 [<000000005d5cfbf5>] v9fs_session_init+0x1dd/0x1680 [<000000005914ef0e>] v9fs_mount+0x79/0x8f0 [<0000000047fadcf8>] legacy_get_tree+0x105/0x220 [<00000000626854e9>] vfs_get_tree+0x8e/0x300 [<0000000015808f26>] path_mount+0x1490/0x21e0 [<0000000099f340b5>] __x64_sys_mount+0x282/0x300 [<000000002bddd0b8>] do_syscall_64+0x33/0x40 BUG: memory leak unreferenced object 0xffff88801ce22a00 (size 32): comm "syz-executor.6", pid 12317, jiffies 4297346774 (age 18.440s) hex dump (first 32 bytes): 39 70 2d 66 63 61 6c 6c 2d 63 61 63 68 65 2d 31 9p-fcall-cache-1 34 37 00 1c 80 88 ff ff 00 00 00 00 00 00 00 00 47.............. backtrace: [<000000009be18e74>] kstrdup+0x36/0x70 [<0000000082f73050>] kstrdup_const+0x53/0x80 [<00000000dc480d0e>] kvasprintf_const+0x10c/0x1a0 [<0000000040ab679d>] kobject_set_name_vargs+0x56/0x150 [<00000000b9ccc97c>] kobject_init_and_add+0xc9/0x160 [<000000001ded9c0e>] sysfs_slab_add+0x172/0x200 [<00000000b122e142>] __kmem_cache_create+0x3db/0x520 [<00000000c9b0b992>] kmem_cache_create_usercopy+0x1db/0x2f0 [<0000000068e02146>] p9_client_create+0xc6a/0x1230 [<000000005d5cfbf5>] v9fs_session_init+0x1dd/0x1680 [<000000005914ef0e>] v9fs_mount+0x79/0x8f0 [<0000000047fadcf8>] legacy_get_tree+0x105/0x220 [<00000000626854e9>] vfs_get_tree+0x8e/0x300 [<0000000015808f26>] path_mount+0x1490/0x21e0 [<0000000099f340b5>] __x64_sys_mount+0x282/0x300 [<000000002bddd0b8>] do_syscall_64+0x33/0x40 BUG: leak checking failed VM DIAGNOSIS: 11:22:20 Registers: info registers vcpu 0 RAX=ffffffff83e9c9b0 RBX=0000000000000000 RCX=ffffffff83e8461c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e9d178 RBP=0000000000000000 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff8567ac88 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9c9be RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007fea30f84020 CR3=000000000d2e4000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000008000000080000000000000000 XMM02=20726f747563657865110a0100010101 XMM03=6d20636578650d007374726174736572 XMM04=696820636578650a00657a696d696e69 XMM05=00736465657320636578650a0073746e XMM06=78650a0065676169727420636578650b XMM07=7420636578650a006873616d73206365 XMM08=650d00737472617473657220726f7475 XMM09=78650a00657a696d696e696d20636578 XMM10=7320636578650a0073746e6968206365 XMM11=676169727420636578650b0073646565 XMM12=650a006873616d7320636578650a0065 XMM13=206365786508006c61746f7420636578 XMM14=0e007a7a7566206365786509006e6567 XMM15=00006574616469646e61632063657865 info registers vcpu 1 RAX=ffffffff83e9c9b0 RBX=0000000000000001 RCX=ffffffff83e8461c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e9d178 RBP=0000000000000001 RSP=ffff888008987e70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff8567ac88 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9c9be RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007ffe934dc390 CR3=000000000d2e4000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=00000000000000004164d08a00000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000