2da069a3f4a7899b65285ad652228d256df00b91289eaeb237c22a32e0ac37096de6f949cfb10cfd71cc3e9a1b7d15bcc14f361b968b9172aecfce87ab142f85f24a10f63e6530e1a32dcd774f5f7aff62070dec72c284a8dbb3dba62f57ccdbe29eb8d2ec0dc62ab5001a009f265aaab6a6c870ecbc0fe65d806ee1804c089911a50927b4ebf1691970c9d1c1add963410c06805f656fe28d92169a917eea1c9c28b36b75d0842a83f86610cba1a5d7aa33afe7d15dd414e5b270d23580ab55470be39805a9297eeb22e68d4483c4ecdbd4e8f7d10226f7d545898cc2b5381c02c7ad67a7a279048519b9270fe5a685af843d8937a731fa4bbf66434f3d52620c4f9cb71cfa4eeff0f9f473e51df09569a07333034624d747854107b0b04966afff2130750e31246277f1bde8f07767befc777152622bebe3840a80a2d8434ec02de3295f17752805951c670411147bbbb224f50d85d6bf8e56279401b6db9d747abbe2042fc81177fe69f0442e8ffd695c8621411c37f6345ad743b1da0948a1b41b20417b06d57f5dc36a3561203767d03cffdbc412a3d068b0536b1cd6ff8ee218197c4d6c1756ba3ff4a924eac40100d8a17e66f65716b458f0fbc923be2f9edd17374119a45fb876dc479d18f566282177ddc275467d549965c60ea3ca4f46f2a5aa255eedd221391fdabe25c760206aa29edc2b15a8cfaf741038d4d503c46693eb917f061e678eb577f6123d90613cc8349451cbce696ce06b7cdd968cfbd7b286a86e998f08f3d9233f45809586486a4ada435cb41f902b66a326a87219a3f25f6467a0eddf62d591f720860ec202b0ade1ac0d17ca62af169dd3422c1566199c97113bd7d92c79b69edc399d701be480b2e20fd392315aac8b37ede4529655d24e19a9b262e4f2c0c786da87e7cfa1abd2edb5a54de56e8e64f7228178c66b551ca5c5c19ddfffa2e60c38f68cce8adbf0f637db22505f4c7600dd62c9e3b4bf3481ab6720c4e8175663da64e80fc9c347277724be99f72840263a9a7f5fd653df3b9eb737266b039f71f4c645d7521b0a07dc8ff8cbca8eb4cac1e0139bd0731306af1e0ed07b15b6008f18b3bc37e1bfb654b89f39b446134b6939740942716e134cfeb4f6b1743069b96b75f3a8c4ad9043df1895c69e6b5b585832edf01cc3dec8667d3690110d38c63cafa2db99915ea3505412a212f4593cc59b892fbafcd19d070c4e57bd07233ce2af58696fc16e58c128d0ed3a00058c38beb080e2b1d74487c5401a5b13f2e6ea5bd3f8b80e3a0d3dccf397cb140656f87b112eb9210af35ab1b4e98f92d0a2d4a67dc3f13bcc242be931e1a68e7370a3b27ed2baa4026e364522a48dcc736a29f8eb24d0e72ab6063e7476b2209f058e70184134da1ca6c4e818df6858879e0ac76f3baa76830bf7678a9177da9ef0d6ee6f439f77216e96bfed74ff7988dbc2b8c50a37696a1d63670fdc344974201de5cae378fb64060d3f7b81416f08b1815aebd714f6a48091981abcb027faa8f05e2b9dce239b727508286084c422bb88b2d57ccc37e9778815f156c8f5e23c8a93438e6d08977d1adf099a983521e99e0263bdb41cb8a00673fcb9d48a9db038ca61df01de5aed61c502041c8f909b0271290b5b261e9b5417f0b6bd71cc65008e5e235d2faf17dc90a2958efb9a15190b3bcf10652e22cdbd50cb8752e50cc84ac00a6b0277a40d4862e87082c800f0cfa6ff859ca3e600679fdf2fb5ba57ccc04ecd72ea90ed28fb31453e48fb26fd5e21c424229fc1e4ba56a7345f7b1916d122c448403c44a9d7673d778403958da5693b4495befc90f70f29eb0056fb95a66d743ec914c14e285f27329823d9182daf9e2aa07288b4a73693d177999320d1314fa640855bb7c7f31e5c321cc0fec7a036a7d6002b6b30d2b7255f8612df1493589fd2d6f7866881170cd974fae036db254e236d500c54935fade39e6b5d9754d51bc759a7550d2560ea3e43f9263c63368ca2123a05f78b906f77d7e8cdf06135cf39fe75189ab811c3e637f904a359f7c4abc2ff6bff32b589d8286fa0922af6bbf202352f0c150dd2ba8fc7ac10a43fdbc96b48ccee25acf8761ef0cfa15089b16cd12bbb5081faf322ac94b390c906cbace7ceaa1c82fc5944aff3a20e8ceae53f15ea7399a3d63a05025fbf84a514000474583ddbb91dbbeaf4b7580c7823df5703e541b39b9ce65e7a80e470db4e6b598f1b0fc29f1147c1adb249206ee46847473770dd769eec6915a45a900cdbb6295c7cb342597af8fb32f3af5e1b4fadc93496db48a5d220ae2b48cba41edab209e03a6e8634c55070f982d0ab2a5420b2296a9f77e5e4bea6a52fb6397e69cbb047fb4f7fb9d588d4e7445741da315a281497322e6810549223509b937d3d6da8b1768b09e17107a622c29c5831c7006c18edce7589dafaabb1c672045fef0374a218a92bc5e998606ac8820defb60e26b6cd0dcef2423c89011171e8acbbbfd0083533ac073f6cbf87ad2301c416266ac4c46f5cb201e7e359c8feeddd9d401351d397d4653b292f11ca9a7f9f002677b871a0a0c4299083fbf586ff0c0db0733d044ce192cb42a0a63741334e4e28fc46a8063107dd6a32f89b006ae49306f8093bf1c774aafe67722c758d54452be27df6441a7fd0ff0c80c0a918995fd55cc5d58dea6290e277a9b0ff39184d93d6db3e62bdbd675d844a01b0803944f4934aee11c61bb75c5849d5f0f78924aa510c0fb3429e1617a595d61bf78872075a438fc814d58d6feaa502653eec0d00449037ef1c20fe5a7c9102f9677d8fea6dbc253251d527ce89071f6dc6e97bb65d2bf715ce8ca027dc6990f4f5347c582060bcc4996f51ba0471cf01e31e6be5ae4510cfebbddb2594a89c408cf988c1f96a30b3a2023bda10530a5b29d4899f524880efbce237e5a8e6bddb3eaf6ad991c0756fd65dccafbf84bb96d778cd7a91aee854dedc85edff3559c81a3a09fb10caf0c4893d51120a26aaa99d45d9d22cd28cd5a5adbeb000b731b11aa15459904abbd1fd383bcbf3c3d8cd213c78a6d9420799297758ef5d089e31ca7783a712f1eaf101def538fb3693322f74a19c3bdabbbb9865082061fca4660dd33f5df6cdcf421cbd87014aa945342747364b4bf11ec87df7063b8b3360a67409ae06f08f0ece23d1717f440f71be13bbae3203c84b9d283683de63a8cd58dc20b52bfe486b76dfa415850f10b0e2cf269e946cb7a2eb2ca9c3f3ed651d628f108c14a714d02ab16cc571485744e48243f9e4ead728a64d7cfce78bd6c50ebb18d80e317af1aca5a67aa8407178cbcae4bd91906ece4452288a55a0c0f6a44393289d82c6e2946c0e3935659c686b8c206074bfe52a4d769b25447bc32588872a95ed24007a513ad0c6ddc1cb41b1402ad7dc0201fb6ca626d8bfb7e94ac7d93eecfbe3ed9ef92be4ca09958449c17018a07ffdcb082bf8df3928319636fe26b27ba9a577dc833043636f929e7221ca52ff21dbfd11e9c1edbc83920b425dcd871c8301118ef93b1ed98dd54c22a9cec1ad84e22ee1cc7b9b3f05c955bff1f768a0417cf1ea11b8df92dc1839a9c4d1f0cb06380e0bae04e5cbcb1ae53cb86b413df8d7ec8fb7c0aa19ae98ffca4c5e8c20c0b4ef03fc4bbfc732125b50ac52023e57a100198a7b754b85fe9b348bf826cf252a3880c02955ce5701e1667df0373cedf25d2367b3b3e29ec77fd2d9b2bf88c6e2a396de523733ddedf1ece55514f259eee0a8cc5fb2653597762e5f5d00c9f835a4e0373372b67fc48fa67050baf4799c8771c1ba72c6883473802240a6a97e9adc426dc5a1d2b93eef5c540b8a03c14aee8f815959f1335edc4fc443f084987c224d7220ff036416c44f9cd31ebc9f6c87df1f11fda9b0576ad8638a463df5d518aaa87093fe2686637dfd214268c076cd1fe39b70c43a3c5c97df66a8f4ec2c28bd7276b10004d8bcafa7a8014ec1c40740286b8bf70664502953ff918c79e9f6b50daec6e594e209964e560c93214fb3bd27ddcd2f0b41841964580034422fecad31c10f43bf3ecbe410acad52cd7d95af60744edadd77c2c435948edba9959538501177a7cff3d4d251fa4ec42febc2ce484b17b88c3522d66f295ef9ed311796e6495ca9f11c6c84d968251efb63275195ddbe1b06e14d4b61651e5c94d86adbc3ea44c877493b17c3b569342c457d70ae7c0ee74845975ad8846c0ec3a6652c062c8eae6d068464c6fed9ddb8a8f6838852e7dcc52f58859fb7baface9157e48535eabd61a99232a192773211e36401d69d3a9d93aad034fe05c1c2569b7ee918c2d4a905c0735abe91e242aa53f8bbedb5da10a2a34aee6a0a97231aced5e10216281f8901b6bde6db1c248d9b78ffe01c7844cad104a3650ff3817550317038b30cc2e861018600dd0851b1341a0e561163eb6bf8d890b60177a39acb8933a4463009e5c2a48b2f76d287b386255cf90a2b2630c0c00058008001900", @ANYRES32=r0, @ANYBLOB='\x00'], 0x1448}, {&(0x7f0000004340)={0x188, 0x22, 0x400, 0x70bd29, 0x25dfdbfb, "", [@typed={0x8, 0x42, 0x0, 0x0, @fd}, @nested={0x16f, 0x83, 0x0, 0x1, [@typed={0x4, 0x8e, 0x0, 0x0, @binary}, @generic="e6ae33614161588b221f20232f7d377d5ec9b6a0d3172c4db3f80ad2e5a32ab5330c8d70afecb6e3d72e866e44eefb3228ebac5f263c485fe2063c70454ebd56b7d63e98ba20cddf7bc5d8d4a5caca984c97a2755bd22208c9d0e3c4737b07b404bbc62fbce7dd07ec0850132be9ff12e8d51c4de0b466cb146bf6344467116cabeb4791d190c51f2f6b3f9954b109a903879e459cecbe87641f4a3c6ac76d0a536e827396e389487271f2694f6f2cb3556a0dd74023a779e113702563fb5c08e4a8464981c5baa95403409f20495709a89b71c8156caf17fe3738a1fdf6500084f3ed9b78b71a27769a2f", @typed={0x8, 0x70, 0x0, 0x0, @ipv4=@broadcast}, @typed={0x74, 0x20, 0x0, 0x0, @binary="bb6891c51b92f977ec3200ae8ee47cb954bc16a735fc49047f5b3531223bf026d768d8eb417d58a4aa6ffa61d8d7cc6dbd18153650613165c52a298d0b4128b0a321be0be2d88d540fc14cdecd2f78fb48b073dad495655876229c64325edd531c0ceaaaeff98db9cd0e4219ce12e2df"}]}]}, 0x188}], 0x5, &(0x7f0000004580)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xffffffffffffffff}}}, @rights={{0x24, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r2}}}, @rights={{0x20, 0x1, 0x1, [r3, 0xffffffffffffffff, r4, r5]}}], 0x88, 0x4000}, 0x20008000) 03:34:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e033b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:34:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:34:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2287, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1605.943608] tmpfs: Bad value for 'mpol' 03:34:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2, 0x0) 03:34:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2272, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1605.955011] FAULT_INJECTION: forcing a failure. [ 1605.955011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1605.957466] CPU: 0 PID: 9155 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1605.958855] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1605.960522] Call Trace: [ 1605.961066] dump_stack+0x107/0x167 [ 1605.961810] should_fail.cold+0x5/0xa [ 1605.962592] _copy_to_user+0x2e/0x180 [ 1605.963367] pagemap_read+0x333/0x590 [ 1605.964155] ? clear_refs_write+0x780/0x780 [ 1605.965038] ? iov_iter_advance+0x181/0xec0 [ 1605.965927] do_iter_read+0x4fa/0x760 [ 1605.966698] ? import_iovec+0x83/0xb0 [ 1605.967491] vfs_readv+0xe5/0x160 [ 1605.968194] ? vfs_iter_read+0xa0/0xa0 [ 1605.968987] ? __fdget_pos+0xf1/0x190 [ 1605.969757] ? lock_downgrade+0x6d0/0x6d0 [ 1605.970602] ? ksys_write+0x12d/0x260 [ 1605.971378] ? __fget_files+0x2f8/0x520 [ 1605.972200] do_readv+0x139/0x300 [ 1605.972899] ? vfs_readv+0x160/0x160 [ 1605.973663] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1605.974721] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1605.975805] do_syscall_64+0x33/0x40 [ 1605.976566] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1605.977615] RIP: 0033:0x7f65e567fb19 [ 1605.978371] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 03:34:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2288, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1605.982108] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1605.983744] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1605.985194] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1605.986628] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1605.988086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1605.989520] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:34:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x1267, 0x0) [ 1606.010684] FAULT_INJECTION: forcing a failure. [ 1606.010684] name failslab, interval 1, probability 0, space 0, times 0 [ 1606.012106] CPU: 1 PID: 9167 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1606.012926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1606.013934] Call Trace: [ 1606.014247] dump_stack+0x107/0x167 [ 1606.014681] should_fail.cold+0x5/0xa [ 1606.015147] ? percpu_ref_init+0xd8/0x3d0 [ 1606.015649] should_failslab+0x5/0x20 [ 1606.016112] kmem_cache_alloc_trace+0x55/0x320 [ 1606.016664] ? io_tctx_exit_cb+0xf0/0xf0 [ 1606.017157] percpu_ref_init+0xd8/0x3d0 [ 1606.017639] io_uring_setup+0x47a/0x2980 [ 1606.018142] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1606.018725] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1606.019303] ? wait_for_completion_io+0x270/0x270 [ 1606.019895] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1606.020522] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1606.021122] do_syscall_64+0x33/0x40 [ 1606.021568] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1606.022187] RIP: 0033:0x7f00b63acb19 [ 1606.022617] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1606.024834] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1606.025757] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1606.026612] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1606.027433] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1606.028297] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1606.029119] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:34:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e063b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2275, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x1274, 0x0) 03:34:38 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2289, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x1, 0x0, 0x0) mq_notify(r0, 0x0) 03:34:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 72) 03:34:38 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e073b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2276, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 11) lseek(0xffffffffffffffff, 0x0, 0x0) 03:34:38 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1622.684424] FAULT_INJECTION: forcing a failure. [ 1622.684424] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1622.686626] CPU: 0 PID: 9199 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1622.687863] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1622.689367] Call Trace: [ 1622.689850] dump_stack+0x107/0x167 [ 1622.690506] should_fail.cold+0x5/0xa [ 1622.691196] __alloc_pages_nodemask+0x182/0x600 [ 1622.692022] ? add_mm_counter_fast+0x220/0x220 [ 1622.692712] tmpfs: Bad value for 'mpol' [ 1622.692858] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1622.694831] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1622.695693] ? lock_downgrade+0x6d0/0x6d0 [ 1622.696366] ? mark_held_locks+0x9e/0xe0 [ 1622.697041] alloc_pages_vma+0xbb/0x410 [ 1622.697720] handle_mm_fault+0x152f/0x3500 [ 1622.698422] ? __pmd_alloc+0x5e0/0x5e0 [ 1622.699074] ? vmacache_find+0x55/0x2a0 [ 1622.699738] do_user_addr_fault+0x56e/0xc60 [ 1622.700455] exc_page_fault+0xa2/0x1a0 [ 1622.701097] asm_exc_page_fault+0x1e/0x30 [ 1622.701807] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1622.702702] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1622.705791] RSP: 0018:ffff8880479ffb50 EFLAGS: 00050246 [ 1622.706660] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1622.707803] RDX: 0000000000000000 RSI: ffff888046c3a898 RDI: 0000000020022000 [ 1622.708944] RBP: 0000000020021768 R08: 0000000000000000 R09: ffff888046c3afff [ 1622.710105] R10: ffffed1008d875ff R11: 0000000000000001 R12: 0000000020022768 [ 1622.711264] R13: ffff888046c3a000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1622.712541] _copy_to_user+0x13d/0x180 [ 1622.713240] pagemap_read+0x333/0x590 [ 1622.713915] ? clear_refs_write+0x780/0x780 [ 1622.714666] ? iov_iter_advance+0x181/0xec0 [ 1622.715429] do_iter_read+0x4fa/0x760 [ 1622.716109] ? import_iovec+0x83/0xb0 [ 1622.716775] vfs_readv+0xe5/0x160 [ 1622.717396] ? vfs_iter_read+0xa0/0xa0 [ 1622.718076] ? __fdget_pos+0xf1/0x190 [ 1622.718734] ? lock_downgrade+0x6d0/0x6d0 [ 1622.719458] ? ksys_write+0x12d/0x260 [ 1622.720131] ? __fget_files+0x2f8/0x520 [ 1622.720839] do_readv+0x139/0x300 [ 1622.721454] ? vfs_readv+0x160/0x160 [ 1622.722109] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1622.723016] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1622.723914] do_syscall_64+0x33/0x40 [ 1622.724556] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1622.725444] RIP: 0033:0x7f65e567fb19 [ 1622.726101] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1622.729285] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1622.730580] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1622.731797] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1622.733029] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1622.734264] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1622.735493] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:34:38 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b47, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2279, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x1275, 0x0) 03:34:38 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:34:38 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$dupfd(r0, 0x0, r0) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r0, 0x8983, &(0x7f0000000180)={0x8, 'vxcan1\x00', {'veth0_to_bond\x00'}, 0x80}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) clock_gettime(0x0, &(0x7f0000000100)={0x0, 0x0}) mq_timedsend(r1, &(0x7f0000000000)="f1ab6d0912cdf15ec6dd5537fff89560161cfa30ae99a5e8ec7037f78053f2894077b28a170434bb8614aac3b18f784ef4a18269d796434ed625455bf6cb05d986268c71e769d498012e68cd0642baee5ff8e2a9e3180875ec711bc64bc879be498513e8c3fd47c18cdac5d00da3fe2975ae7a0582fa830017dd976cc0bba8dcee54bc8fcf04d88e772675f983c5ebb99872392e7c8f3ea9f8b9001023bf0d7ca36df9d1b2d6b57b430edb84765dc78c9ba71ef1df391d9f7a3c580e8d5f2a6ac145388bb962984ac811e088720430ceec29f1851330a2033bfa76ce726a0fdfacbb43e6bf9ff054d92ca64a4a5714c4c9363c6d7797b8fe4738", 0xfa, 0x5, &(0x7f0000000140)={r2, r3+60000000}) 03:34:38 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e093b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1622.895864] tmpfs: Bad value for 'mpol' 03:34:38 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b49, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227a, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x00000010000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:34:38 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x1276, 0x0) [ 1623.025200] tmpfs: Bad value for 'mpol' 03:34:38 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b02", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1623.049134] FAULT_INJECTION: forcing a failure. [ 1623.049134] name failslab, interval 1, probability 0, space 0, times 0 [ 1623.051777] CPU: 0 PID: 9210 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1623.053402] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.055307] Call Trace: [ 1623.055923] dump_stack+0x107/0x167 [ 1623.056771] should_fail.cold+0x5/0xa [ 1623.057668] ? create_object.isra.0+0x3a/0xa20 [ 1623.058750] should_failslab+0x5/0x20 [ 1623.059626] kmem_cache_alloc+0x5b/0x310 [ 1623.060562] create_object.isra.0+0x3a/0xa20 [ 1623.061585] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1623.062749] kmem_cache_alloc_trace+0x151/0x320 [ 1623.063821] ? io_tctx_exit_cb+0xf0/0xf0 [ 1623.064729] percpu_ref_init+0xd8/0x3d0 [ 1623.065641] io_uring_setup+0x47a/0x2980 [ 1623.066556] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1623.067646] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1623.068793] ? wait_for_completion_io+0x270/0x270 [ 1623.069916] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1623.071089] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1623.072249] do_syscall_64+0x33/0x40 [ 1623.073083] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.074250] RIP: 0033:0x7f00b63acb19 [ 1623.075088] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.079311] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1623.081135] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1623.082877] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1623.084511] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1623.086150] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1623.087758] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:34:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 73) 03:34:38 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5382, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1623.187651] FAULT_INJECTION: forcing a failure. [ 1623.187651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1623.190619] CPU: 0 PID: 9255 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1623.192242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1623.194180] Call Trace: [ 1623.194800] dump_stack+0x107/0x167 [ 1623.195653] should_fail.cold+0x5/0xa [ 1623.196539] _copy_to_user+0x2e/0x180 [ 1623.197442] pagemap_read+0x333/0x590 [ 1623.198316] ? clear_refs_write+0x780/0x780 [ 1623.199296] ? iov_iter_advance+0x181/0xec0 [ 1623.200358] do_iter_read+0x4fa/0x760 [ 1623.201293] ? import_iovec+0x83/0xb0 [ 1623.202216] vfs_readv+0xe5/0x160 [ 1623.203041] ? vfs_iter_read+0xa0/0xa0 [ 1623.203975] ? __fdget_pos+0xf1/0x190 [ 1623.204886] ? lock_downgrade+0x6d0/0x6d0 [ 1623.205900] ? ksys_write+0x12d/0x260 [ 1623.206813] ? __fget_files+0x2f8/0x520 [ 1623.207787] do_readv+0x139/0x300 [ 1623.208625] ? vfs_readv+0x160/0x160 [ 1623.209622] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1623.211038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1623.212412] do_syscall_64+0x33/0x40 [ 1623.213418] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1623.214750] RIP: 0033:0x7f65e567fb19 [ 1623.215635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1623.220617] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1623.222625] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1623.224471] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1623.226463] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1623.228206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1623.229881] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:34:54 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 74) 03:34:54 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) dup2(r0, r0) 03:34:54 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 12) lseek(0xffffffffffffffff, 0x0, 0x0) 03:34:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2201, 0x0) 03:34:54 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:34:54 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x00000010000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:34:54 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5385, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1638.788663] FAULT_INJECTION: forcing a failure. 03:34:54 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b03", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1638.788663] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1638.791428] CPU: 1 PID: 9265 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1638.792869] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1638.794910] Call Trace: [ 1638.795570] dump_stack+0x107/0x167 [ 1638.796466] should_fail.cold+0x5/0xa [ 1638.797437] __alloc_pages_nodemask+0x182/0x600 [ 1638.798596] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1638.800124] ? cap_capable+0x1cd/0x230 [ 1638.801091] alloc_pages_current+0x187/0x280 [ 1638.802141] __get_free_pages+0xc/0xa0 [ 1638.803092] io_uring_setup+0xe27/0x2980 [ 1638.804114] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1638.805408] ? wait_for_completion_io+0x270/0x270 [ 1638.806563] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1638.807830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1638.809105] do_syscall_64+0x33/0x40 [ 1638.810037] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1638.811181] RIP: 0033:0x7f00b63acb19 [ 1638.811950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1638.815757] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1638.817380] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1638.818845] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1638.820295] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1638.821877] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1638.823578] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1638.841247] tmpfs: Bad value for 'mpol' 03:34:54 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2202, 0x0) 03:34:54 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000000c0)=0xfff) close_range(r0, 0xffffffffffffffff, 0x2) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) write(r2, &(0x7f00000001c0)="3935083a8d9f18e32ac412231818d0f9570159727dd03fe6957f256f51e329cc5bd9b2321a5c7f522920a0117f50777d5ec759680557bdd9519e1a02b1f4dde84a120607ff5e1ed2d64860a8b88114ef17b747ec006c1aab66c1352f5f5725bf5df6fdbeeafdddfc11936d9e22000000ef9f4caf125704db3ea22e22f56bb2ea7f20e429cd3782f518cda9e2bb437edde36b894e2d3a5b2b392a96de11c08025fe8a8d4f5de5e700bc1511d84f5adfda9781824f3e2db28a344fe8746edf548ae0dbb8bd745689e3dd7856908397ff57e3ce746373c15098581ae18c975534ac43547934da34c20ebe7075f12e9ef2ec34e6d97e379690852c806660349e9239c2c9a13377d8a178d5a997c567aa50b4cf952b56eb672153cc97e09a664ee0847beb2ff3323e30d93e060fe4447409d0dc3b98038db574fed999d5c136a83e81df591aacf98bbf133737ac00"/349, 0x15d) 03:34:54 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227e, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1638.909191] FAULT_INJECTION: forcing a failure. [ 1638.909191] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1638.912033] CPU: 0 PID: 9281 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1638.913560] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1638.915397] Call Trace: [ 1638.915989] dump_stack+0x107/0x167 [ 1638.916803] should_fail.cold+0x5/0xa [ 1638.917676] __alloc_pages_nodemask+0x182/0x600 [ 1638.918712] ? add_mm_counter_fast+0x220/0x220 [ 1638.919738] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1638.921085] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1638.922270] ? lock_downgrade+0x6d0/0x6d0 [ 1638.923191] ? mark_held_locks+0x9e/0xe0 [ 1638.924104] alloc_pages_vma+0xbb/0x410 [ 1638.925001] handle_mm_fault+0x152f/0x3500 [ 1638.926058] ? __pmd_alloc+0x5e0/0x5e0 [ 1638.927051] ? vmacache_find+0x55/0x2a0 [ 1638.928078] do_user_addr_fault+0x56e/0xc60 [ 1638.929230] exc_page_fault+0xa2/0x1a0 [ 1638.930293] asm_exc_page_fault+0x1e/0x30 [ 1638.931339] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1638.932694] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1638.937292] RSP: 0018:ffff888048527b50 EFLAGS: 00050246 [ 1638.938644] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1638.940549] RDX: 0000000000000000 RSI: ffff888046852898 RDI: 0000000020023000 [ 1638.942362] RBP: 0000000020022768 R08: 0000000000000000 R09: ffff888046852fff [ 1638.944135] R10: ffffed1008d0a5ff R11: 0000000000000001 R12: 0000000020023768 [ 1638.945909] R13: ffff888046852000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1638.947720] _copy_to_user+0x13d/0x180 [ 1638.948546] pagemap_read+0x333/0x590 [ 1638.949348] ? clear_refs_write+0x780/0x780 [ 1638.950310] ? iov_iter_advance+0x181/0xec0 [ 1638.951470] do_iter_read+0x4fa/0x760 [ 1638.952499] ? import_iovec+0x83/0xb0 [ 1638.953541] vfs_readv+0xe5/0x160 [ 1638.954472] ? vfs_iter_read+0xa0/0xa0 [ 1638.955519] ? __fdget_pos+0xf1/0x190 [ 1638.956391] ? lock_downgrade+0x6d0/0x6d0 [ 1638.957360] ? ksys_write+0x12d/0x260 [ 1638.958315] ? __fget_files+0x2f8/0x520 [ 1638.959326] do_readv+0x139/0x300 [ 1638.960214] ? vfs_readv+0x160/0x160 [ 1638.961160] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1638.962508] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1638.963818] do_syscall_64+0x33/0x40 [ 1638.964783] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1638.966096] RIP: 0033:0x7f65e567fb19 [ 1638.967041] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1638.971708] RSP: 002b:00007f65e2bd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1638.973618] RAX: ffffffffffffffda RBX: 00007f65e5793020 RCX: 00007f65e567fb19 [ 1638.975432] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1638.977248] RBP: 00007f65e2bd41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1638.979074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1638.980890] R13: 00007ffcf46a588f R14: 00007f65e2bd4300 R15: 0000000000022000 03:35:10 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x00000010000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:35:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5386, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:10 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x541c, &(0x7f00000000c0)) r2 = mq_open(&(0x7f0000000100)='-;\xa6j\x1dh@\x00\xec\x16f\xe8\xec\xbaB\x12\xffn\x1fx\xee\x1e\x81\xf7PS\xac\xaa\xfe\xda\xd7\x03\x95\xd2Z\x7f\x84z\")\xcbv\x97\x06\x00\x00\x00\x01\xd8\x05_+^\xba\xcd)\xc1\xab\xcd\xb7\xa3\x00Ow4*\x9b\xb9\xa9]G*\x14\xb2L\xd60\xc4\xf7\x1b', 0x1, 0x2, 0x0) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x6, &(0x7f0000000200)=0x7, 0x4) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) r4 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r4, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r4, 0x0, 0x0, 0x9, 0x0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1, @thr={&(0x7f0000000340)="c37897ac1c8e076e6d1ed8a9f9a4e00ae5effe4ce5f367eede8efde4c975e43e79d459ac7a227f612ad1a1e82dc7aa64bfb4b6f92e6d8af18bdd51f6cd6c42f1705cd5ad4fec676e26190597bf7e6e5f60f41e484574dbb0e603ed60d2d121067fc4e554f1dc28307b2eba", &(0x7f00000002c0)="408f6b48c0b42dee9bf061ff9c8256a5cca3ae323f1de8b234868b9081c77323fdff7f53fe7dd8a0c78bafb32087d146339172eadfa428a00893d4150b4648a02c96ac0bd290ba82cdc061381acf574868cb5fe99455fd3f27fc5572ec57a96139e7309438ccf9f4f91d921e"}}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xee01}}, './file0\x00'}) mq_notify(r5, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r1, 0xc018937a, &(0x7f0000000000)=ANY=[@ANYBLOB="a50000000100000018000000", @ANYRES32=r1, @ANYBLOB="01000000000000002e2f66696c653000"]) openat(r6, &(0x7f0000000180)='./file0\x00', 0x280, 0x0) ioctl$BTRFS_IOC_DEFAULT_SUBVOL(r2, 0x40089413, &(0x7f0000000080)=0x7) 03:35:10 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 75) 03:35:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2203, 0x0) 03:35:10 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227f, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:10 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 13) lseek(0xffffffffffffffff, 0x0, 0x0) 03:35:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b08", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1655.091917] FAULT_INJECTION: forcing a failure. [ 1655.091917] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1655.094846] CPU: 1 PID: 9300 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1655.096273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.098125] Call Trace: [ 1655.098718] dump_stack+0x107/0x167 [ 1655.099609] should_fail.cold+0x5/0xa [ 1655.100609] __alloc_pages_nodemask+0x182/0x600 [ 1655.102006] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1655.103546] ? cap_capable+0x1cd/0x230 [ 1655.104546] alloc_pages_current+0x187/0x280 [ 1655.105694] __get_free_pages+0xc/0xa0 [ 1655.106687] io_uring_setup+0xf9a/0x2980 [ 1655.107727] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1655.109024] ? wait_for_completion_io+0x270/0x270 [ 1655.110288] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.111623] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.112938] do_syscall_64+0x33/0x40 [ 1655.113897] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.115250] RIP: 0033:0x7f00b63acb19 [ 1655.116209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.120246] tmpfs: Bad value for 'mpol' [ 1655.120997] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1655.121022] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1655.121035] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1655.121048] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1655.121074] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1655.131204] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1655.167277] FAULT_INJECTION: forcing a failure. [ 1655.167277] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1655.169956] CPU: 1 PID: 9315 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1655.171413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.173144] Call Trace: [ 1655.173723] dump_stack+0x107/0x167 [ 1655.174487] should_fail.cold+0x5/0xa [ 1655.175301] _copy_to_user+0x2e/0x180 [ 1655.176103] pagemap_read+0x333/0x590 [ 1655.176902] ? clear_refs_write+0x780/0x780 [ 1655.177814] ? iov_iter_advance+0x181/0xec0 [ 1655.178733] do_iter_read+0x4fa/0x760 [ 1655.179541] ? import_iovec+0x83/0xb0 [ 1655.180364] vfs_readv+0xe5/0x160 [ 1655.181084] ? vfs_iter_read+0xa0/0xa0 [ 1655.181937] ? __fdget_pos+0xf1/0x190 [ 1655.182877] ? lock_downgrade+0x6d0/0x6d0 [ 1655.183937] ? ksys_write+0x12d/0x260 [ 1655.184872] ? __fget_files+0x2f8/0x520 [ 1655.185912] do_readv+0x139/0x300 [ 1655.186811] ? vfs_readv+0x160/0x160 [ 1655.187774] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.189009] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.190249] do_syscall_64+0x33/0x40 [ 1655.191123] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.192327] RIP: 0033:0x7f65e567fb19 [ 1655.193123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.197419] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1655.199193] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1655.200984] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1655.202819] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.204634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.206460] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:35:10 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x000000100000000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:35:10 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2282, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:10 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b09", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:10 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x541b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2205, 0x0) [ 1655.322619] tmpfs: Bad value for 'mpol' 03:35:10 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 76) 03:35:10 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 14) lseek(0xffffffffffffffff, 0x0, 0x0) 03:35:10 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2270, 0x0) [ 1655.411739] FAULT_INJECTION: forcing a failure. [ 1655.411739] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1655.414680] CPU: 0 PID: 9337 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1655.416104] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.417848] Call Trace: [ 1655.418405] dump_stack+0x107/0x167 [ 1655.419170] should_fail.cold+0x5/0xa [ 1655.420072] __alloc_pages_nodemask+0x182/0x600 [ 1655.421119] ? add_mm_counter_fast+0x220/0x220 [ 1655.422126] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1655.423431] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1655.424571] ? lock_downgrade+0x6d0/0x6d0 [ 1655.425470] ? mark_held_locks+0x9e/0xe0 [ 1655.426371] alloc_pages_vma+0xbb/0x410 [ 1655.427239] handle_mm_fault+0x152f/0x3500 [ 1655.428166] ? __pmd_alloc+0x5e0/0x5e0 [ 1655.429017] ? vmacache_find+0x55/0x2a0 [ 1655.429899] do_user_addr_fault+0x56e/0xc60 [ 1655.430845] exc_page_fault+0xa2/0x1a0 [ 1655.431692] asm_exc_page_fault+0x1e/0x30 [ 1655.432593] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1655.433772] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1655.437758] RSP: 0018:ffff888035927b50 EFLAGS: 00050246 [ 1655.438899] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1655.440426] RDX: 0000000000000000 RSI: ffff888016c5c898 RDI: 0000000020024000 [ 1655.441978] RBP: 0000000020023768 R08: 0000000000000000 R09: ffff888016c5cfff [ 1655.443520] R10: ffffed1002d8b9ff R11: 0000000000000001 R12: 0000000020024768 [ 1655.445070] R13: ffff888016c5c000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1655.446657] _copy_to_user+0x13d/0x180 [ 1655.447507] pagemap_read+0x333/0x590 [ 1655.448338] ? clear_refs_write+0x780/0x780 [ 1655.449274] ? iov_iter_advance+0x181/0xec0 [ 1655.450232] do_iter_read+0x4fa/0x760 [ 1655.451065] ? import_iovec+0x83/0xb0 [ 1655.451899] vfs_readv+0xe5/0x160 [ 1655.452650] ? vfs_iter_read+0xa0/0xa0 [ 1655.453499] ? __fdget_pos+0xf1/0x190 [ 1655.454334] ? lock_downgrade+0x6d0/0x6d0 [ 1655.455237] ? ksys_write+0x12d/0x260 [ 1655.456069] ? __fget_files+0x2f8/0x520 [ 1655.456954] do_readv+0x139/0x300 [ 1655.457711] ? vfs_readv+0x160/0x160 [ 1655.458525] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.459673] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.460799] do_syscall_64+0x33/0x40 [ 1655.461614] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.462724] RIP: 0033:0x7f65e567fb19 [ 1655.463531] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.466624] FAULT_INJECTION: forcing a failure. [ 1655.466624] name failslab, interval 1, probability 0, space 0, times 0 [ 1655.467528] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1655.467548] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1655.467569] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1655.474699] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1655.476248] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1655.477806] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1655.479380] CPU: 1 PID: 9339 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1655.480868] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1655.482667] Call Trace: [ 1655.483242] dump_stack+0x107/0x167 [ 1655.484027] should_fail.cold+0x5/0xa [ 1655.484849] ? io_rsrc_node_switch_start.part.0+0x43/0x250 [ 1655.486062] ? io_rsrc_node_switch_start.part.0+0x43/0x250 [ 1655.487272] should_failslab+0x5/0x20 [ 1655.488097] kmem_cache_alloc_trace+0x55/0x320 [ 1655.489091] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 1655.490275] io_uring_setup+0x14f6/0x2980 [ 1655.491178] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1655.492278] ? wait_for_completion_io+0x270/0x270 [ 1655.493340] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1655.494486] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1655.495603] do_syscall_64+0x33/0x40 [ 1655.496406] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1655.497525] RIP: 0033:0x7f00b63acb19 [ 1655.498330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1655.502328] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1655.503973] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1655.505483] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1655.506922] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1655.508311] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1655.509816] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:35:27 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_open(&(0x7f0000000000)='-@\x00', 0x41, 0x8, &(0x7f0000000040)={0x1, 0x81, 0xff, 0x7}) mq_notify(r0, 0x0) 03:35:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5421, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 15) lseek(0xffffffffffffffff, 0x0, 0x0) 03:35:27 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x000000100000000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:35:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b0d", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2283, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 77) 03:35:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2271, 0x0) [ 1672.228760] FAULT_INJECTION: forcing a failure. [ 1672.228760] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1672.230327] CPU: 1 PID: 9364 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1672.231189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1672.232236] Call Trace: [ 1672.232574] dump_stack+0x107/0x167 [ 1672.233033] should_fail.cold+0x5/0xa [ 1672.233520] _copy_to_user+0x2e/0x180 [ 1672.234009] pagemap_read+0x333/0x590 [ 1672.234491] ? clear_refs_write+0x780/0x780 [ 1672.235030] ? iov_iter_advance+0x181/0xec0 [ 1672.235579] do_iter_read+0x4fa/0x760 [ 1672.236064] ? import_iovec+0x83/0xb0 [ 1672.236541] vfs_readv+0xe5/0x160 [ 1672.236976] ? vfs_iter_read+0xa0/0xa0 [ 1672.237459] ? __fdget_pos+0xf1/0x190 [ 1672.237945] ? lock_downgrade+0x6d0/0x6d0 [ 1672.238468] ? ksys_write+0x12d/0x260 [ 1672.238947] ? __fget_files+0x2f8/0x520 [ 1672.239455] do_readv+0x139/0x300 [ 1672.239888] ? vfs_readv+0x160/0x160 [ 1672.240361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1672.241020] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1672.241664] do_syscall_64+0x33/0x40 [ 1672.242140] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1672.242781] RIP: 0033:0x7f65e567fb19 [ 1672.243245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1672.245550] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1672.246498] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1672.247387] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1672.248282] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1672.249184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1672.250073] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:35:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b0e", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1672.262582] FAULT_INJECTION: forcing a failure. [ 1672.262582] name failslab, interval 1, probability 0, space 0, times 0 [ 1672.264037] CPU: 1 PID: 9359 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1672.264873] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1672.265915] Call Trace: [ 1672.266258] dump_stack+0x107/0x167 [ 1672.266720] should_fail.cold+0x5/0xa [ 1672.267189] ? create_object.isra.0+0x3a/0xa20 [ 1672.267749] should_failslab+0x5/0x20 [ 1672.268220] kmem_cache_alloc+0x5b/0x310 [ 1672.268718] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1672.269455] create_object.isra.0+0x3a/0xa20 [ 1672.270004] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1672.270634] kmem_cache_alloc_trace+0x151/0x320 [ 1672.271212] io_rsrc_node_switch_start.part.0+0x43/0x250 [ 1672.271876] io_uring_setup+0x14f6/0x2980 [ 1672.272416] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1672.272861] tmpfs: Bad value for 'mpol' [ 1672.273041] ? wait_for_completion_io+0x270/0x270 [ 1672.273066] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1672.273077] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1672.273096] do_syscall_64+0x33/0x40 [ 1672.276262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1672.276890] RIP: 0033:0x7f00b63acb19 [ 1672.277350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1672.279632] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1672.280574] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1672.281451] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1672.282358] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1672.283278] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1672.284196] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:35:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5450, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2284, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$BTRFS_IOC_SCRUB_CANCEL(r3, 0x941c, 0x0) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$EVIOCSKEYCODE_V2(r2, 0x40284504, &(0x7f0000000000)={0x68, 0x18, 0x6, 0x5, "cf5d0dda71bf40d51acf3aa4209eb9b1060f9773288b3d1c3445c3384ddf9fcf"}) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x9, 0x1010, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r4, 0x0, &(0x7f00000000c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x5}, 0x2) 03:35:27 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 78) 03:35:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2272, 0x0) 03:35:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b10", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 16) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1672.392204] FAULT_INJECTION: forcing a failure. [ 1672.392204] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1672.393617] CPU: 1 PID: 9383 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1672.394419] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1672.395377] Call Trace: [ 1672.395688] dump_stack+0x107/0x167 [ 1672.396110] should_fail.cold+0x5/0xa [ 1672.396554] __alloc_pages_nodemask+0x182/0x600 [ 1672.397101] ? add_mm_counter_fast+0x220/0x220 [ 1672.397634] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1672.398354] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1672.398963] ? lock_downgrade+0x6d0/0x6d0 [ 1672.399443] ? mark_held_locks+0x9e/0xe0 [ 1672.399924] alloc_pages_vma+0xbb/0x410 [ 1672.400393] handle_mm_fault+0x152f/0x3500 [ 1672.400893] ? __pmd_alloc+0x5e0/0x5e0 [ 1672.401353] ? vmacache_find+0x55/0x2a0 [ 1672.401827] ? vmacache_update+0xce/0x140 [ 1672.402320] do_user_addr_fault+0x56e/0xc60 [ 1672.402835] exc_page_fault+0xa2/0x1a0 [ 1672.403283] asm_exc_page_fault+0x1e/0x30 [ 1672.403765] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1672.404388] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1672.406531] RSP: 0018:ffff88804874fb50 EFLAGS: 00050246 [ 1672.407147] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1672.407974] RDX: 0000000000000000 RSI: ffff88800974c898 RDI: 0000000020025000 [ 1672.408794] RBP: 0000000020024768 R08: 0000000000000000 R09: ffff88800974cfff [ 1672.409619] R10: ffffed10012e99ff R11: 0000000000000001 R12: 0000000020025768 [ 1672.410455] R13: ffff88800974c000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1672.411305] _copy_to_user+0x13d/0x180 [ 1672.411763] pagemap_read+0x333/0x590 [ 1672.412206] ? clear_refs_write+0x780/0x780 [ 1672.412707] ? iov_iter_advance+0x181/0xec0 [ 1672.413217] do_iter_read+0x4fa/0x760 [ 1672.413665] ? import_iovec+0x83/0xb0 [ 1672.414119] vfs_readv+0xe5/0x160 [ 1672.414522] ? vfs_iter_read+0xa0/0xa0 [ 1672.414985] ? __fdget_pos+0xf1/0x190 [ 1672.415421] ? lock_downgrade+0x6d0/0x6d0 [ 1672.415913] ? ksys_write+0x12d/0x260 [ 1672.416361] ? __fget_files+0x2f8/0x520 [ 1672.416835] do_readv+0x139/0x300 [ 1672.417239] ? vfs_readv+0x160/0x160 [ 1672.417673] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1672.418287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1672.418887] do_syscall_64+0x33/0x40 [ 1672.419321] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1672.419910] RIP: 0033:0x7f65e567fb19 [ 1672.420338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1672.422469] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1672.423347] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1672.424169] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1672.425001] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1672.425828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1672.426652] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:35:27 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x000000100000000']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1672.443506] FAULT_INJECTION: forcing a failure. [ 1672.443506] name failslab, interval 1, probability 0, space 0, times 0 [ 1672.444861] CPU: 1 PID: 9395 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1672.445653] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1672.446621] Call Trace: [ 1672.446924] dump_stack+0x107/0x167 [ 1672.447342] should_fail.cold+0x5/0xa [ 1672.447779] ? create_object.isra.0+0x3a/0xa20 [ 1672.448309] should_failslab+0x5/0x20 [ 1672.448751] kmem_cache_alloc+0x5b/0x310 [ 1672.449224] create_object.isra.0+0x3a/0xa20 [ 1672.449739] kmemleak_alloc_percpu+0xa0/0x100 [ 1672.450259] pcpu_alloc+0x4e2/0x1240 [ 1672.450693] ? io_async_queue_proc+0x80/0x80 [ 1672.451200] percpu_ref_init+0x31/0x3d0 [ 1672.451656] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 1672.452277] io_uring_setup+0x14f6/0x2980 [ 1672.452751] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1672.453335] ? wait_for_completion_io+0x270/0x270 [ 1672.453904] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1672.454508] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1672.455102] do_syscall_64+0x33/0x40 [ 1672.455533] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1672.456126] RIP: 0033:0x7f00b63acb19 [ 1672.456551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1672.458683] RSP: 002b:00007f00b3901108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1672.459559] RAX: ffffffffffffffda RBX: 00007f00b64c0020 RCX: 00007f00b63acb19 [ 1672.460386] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1672.461209] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1672.462031] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1672.462843] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:35:27 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5451, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2275, 0x0) [ 1672.505440] tmpfs: Bad value for 'mpol' 03:35:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2276, 0x0) 03:35:27 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:27 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2279, 0x0) 03:35:28 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5452, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:28 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 79) 03:35:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227a, 0x0) 03:35:28 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1672.632990] FAULT_INJECTION: forcing a failure. [ 1672.632990] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1672.634407] CPU: 1 PID: 9420 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1672.635188] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1672.636131] Call Trace: [ 1672.636435] dump_stack+0x107/0x167 [ 1672.636847] should_fail.cold+0x5/0xa [ 1672.637290] _copy_to_user+0x2e/0x180 [ 1672.637745] pagemap_read+0x333/0x590 [ 1672.638186] ? clear_refs_write+0x780/0x780 [ 1672.638678] ? iov_iter_advance+0x181/0xec0 [ 1672.639182] do_iter_read+0x4fa/0x760 [ 1672.639621] ? import_iovec+0x83/0xb0 [ 1672.640059] vfs_readv+0xe5/0x160 [ 1672.640461] ? vfs_iter_read+0xa0/0xa0 [ 1672.640907] ? __fdget_pos+0xf1/0x190 [ 1672.641345] ? lock_downgrade+0x6d0/0x6d0 [ 1672.641832] ? ksys_write+0x12d/0x260 [ 1672.642270] ? __fget_files+0x2f8/0x520 [ 1672.642737] do_readv+0x139/0x300 [ 1672.643136] ? vfs_readv+0x160/0x160 [ 1672.643564] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1672.644167] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1672.644755] do_syscall_64+0x33/0x40 [ 1672.645178] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1672.645771] RIP: 0033:0x7f65e567fb19 [ 1672.646199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1672.648301] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1672.649175] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1672.649997] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1672.650814] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1672.651640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1672.652457] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:35:44 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 17) lseek(0xffffffffffffffff, 0x0, 0x0) 03:35:44 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:44 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5460, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1689.585159] FAULT_INJECTION: forcing a failure. [ 1689.585159] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.588073] CPU: 1 PID: 9437 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1689.589779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.591879] Call Trace: [ 1689.592547] dump_stack+0x107/0x167 [ 1689.593468] should_fail.cold+0x5/0xa [ 1689.594445] ? create_object.isra.0+0x3a/0xa20 [ 1689.595591] should_failslab+0x5/0x20 [ 1689.596545] kmem_cache_alloc+0x5b/0x310 [ 1689.597565] create_object.isra.0+0x3a/0xa20 [ 1689.598688] kmemleak_alloc_percpu+0xa0/0x100 03:35:45 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 80) 03:35:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227b, 0x0) 03:35:45 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:35:45 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2287, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1689.599821] pcpu_alloc+0x4e2/0x1240 [ 1689.600988] ? io_async_queue_proc+0x80/0x80 [ 1689.602168] percpu_ref_init+0x31/0x3d0 [ 1689.603176] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 1689.604549] io_uring_setup+0x14f6/0x2980 [ 1689.605601] ? __do_sys_io_uring_enter+0x1890/0x1890 03:35:45 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1689.606882] ? wait_for_completion_io+0x270/0x270 [ 1689.608237] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.609555] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.610876] do_syscall_64+0x33/0x40 [ 1689.611813] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.613112] RIP: 0033:0x7f00b63acb19 [ 1689.614050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.618678] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1689.620586] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1689.622399] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1689.624192] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 03:35:45 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2, r5}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_TREE_SEARCH_V2(r1, 0xc0709411, &(0x7f0000000040)={{r4, 0xa7, 0xffffffff, 0xeb8, 0xff, 0x2, 0x8, 0x9, 0x8, 0xb51, 0x80000000, 0x2, 0x5, 0xf127, 0x8}, 0x20, [0x0, 0x0, 0x0, 0x0]}) syz_io_uring_setup(0x259e, &(0x7f0000000300)={0x0, 0xa9a2, 0x2, 0x2, 0x106}, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000000380), &(0x7f00000003c0)) openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) [ 1689.625985] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1689.627693] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1689.644363] FAULT_INJECTION: forcing a failure. [ 1689.644363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1689.647017] CPU: 0 PID: 9448 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1689.648455] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1689.650196] Call Trace: [ 1689.650750] dump_stack+0x107/0x167 [ 1689.651508] should_fail.cold+0x5/0xa [ 1689.652306] __alloc_pages_nodemask+0x182/0x600 [ 1689.653309] ? add_mm_counter_fast+0x220/0x220 [ 1689.654285] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1689.655547] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1689.656644] ? lock_downgrade+0x6d0/0x6d0 [ 1689.657505] ? mark_held_locks+0x9e/0xe0 [ 1689.658410] alloc_pages_vma+0xbb/0x410 [ 1689.659242] handle_mm_fault+0x152f/0x3500 [ 1689.660128] ? __pmd_alloc+0x5e0/0x5e0 [ 1689.661281] ? vmacache_find+0x55/0x2a0 [ 1689.662135] do_user_addr_fault+0x56e/0xc60 [ 1689.663048] exc_page_fault+0xa2/0x1a0 [ 1689.663855] asm_exc_page_fault+0x1e/0x30 [ 1689.664716] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1689.665828] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1689.669645] RSP: 0018:ffff88804766fb50 EFLAGS: 00050246 [ 1689.670759] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1689.672215] RDX: 0000000000000000 RSI: ffff88800c2d0898 RDI: 0000000020026000 [ 1689.673681] RBP: 0000000020025768 R08: 0000000000000000 R09: ffff88800c2d0fff [ 1689.675188] R10: ffffed100185a1ff R11: 0000000000000001 R12: 0000000020026768 [ 1689.676663] R13: ffff88800c2d0000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1689.678169] _copy_to_user+0x13d/0x180 [ 1689.678979] pagemap_read+0x333/0x590 [ 1689.679765] ? clear_refs_write+0x780/0x780 [ 1689.680656] ? iov_iter_advance+0x181/0xec0 [ 1689.681559] do_iter_read+0x4fa/0x760 [ 1689.682368] ? import_iovec+0x83/0xb0 [ 1689.683167] vfs_readv+0xe5/0x160 [ 1689.683876] ? vfs_iter_read+0xa0/0xa0 [ 1689.684694] ? __fdget_pos+0xf1/0x190 [ 1689.685475] ? lock_downgrade+0x6d0/0x6d0 [ 1689.686354] ? ksys_write+0x12d/0x260 [ 1689.687151] ? __fget_files+0x2f8/0x520 [ 1689.687988] do_readv+0x139/0x300 [ 1689.688703] ? vfs_readv+0x160/0x160 [ 1689.689472] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1689.690552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1689.691607] do_syscall_64+0x33/0x40 [ 1689.692376] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1689.693427] RIP: 0033:0x7f65e567fb19 [ 1689.694210] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1689.698013] RSP: 002b:00007f65e2bd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1689.699588] RAX: ffffffffffffffda RBX: 00007f65e5793020 RCX: 00007f65e567fb19 [ 1689.701054] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000003 [ 1689.702539] RBP: 00007f65e2bd41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1689.704004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1689.705492] R13: 00007ffcf46a588f R14: 00007f65e2bd4300 R15: 0000000000022000 03:35:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227d, 0x0) [ 1689.726403] tmpfs: Bad value for 'mpol' 03:35:45 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:45 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2288, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:45 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40049409, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:35:45 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227e, 0x0) 03:36:03 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 18) lseek(0xffffffffffffffff, 0x0, 0x0) 03:36:03 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 81) 03:36:03 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40086602, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227f, 0x0) 03:36:03 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:03 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$BTRFS_IOC_SPACE_INFO(r0, 0xc0109414, &(0x7f0000005c40)={0x6c5, 0x4, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) 03:36:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2289, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1707.630841] FAULT_INJECTION: forcing a failure. [ 1707.630841] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1707.633309] CPU: 0 PID: 9493 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1707.634725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1707.636420] Call Trace: [ 1707.636967] dump_stack+0x107/0x167 [ 1707.637727] should_fail.cold+0x5/0xa [ 1707.638522] _copy_to_user+0x2e/0x180 [ 1707.639313] pagemap_read+0x333/0x590 [ 1707.640100] ? clear_refs_write+0x780/0x780 [ 1707.640983] ? iov_iter_advance+0x181/0xec0 [ 1707.641880] do_iter_read+0x4fa/0x760 [ 1707.642675] ? import_iovec+0x83/0xb0 [ 1707.643218] FAULT_INJECTION: forcing a failure. [ 1707.643218] name failslab, interval 1, probability 0, space 0, times 0 [ 1707.643453] vfs_readv+0xe5/0x160 [ 1707.643472] ? vfs_iter_read+0xa0/0xa0 [ 1707.643498] ? __fdget_pos+0xf1/0x190 [ 1707.648483] ? lock_downgrade+0x6d0/0x6d0 [ 1707.649335] ? ksys_write+0x12d/0x260 [ 1707.650129] ? __fget_files+0x2f8/0x520 [ 1707.650959] do_readv+0x139/0x300 [ 1707.651670] ? vfs_readv+0x160/0x160 [ 1707.652438] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1707.653626] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1707.654704] do_syscall_64+0x33/0x40 [ 1707.655474] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1707.656542] RIP: 0033:0x7f65e567fb19 [ 1707.657317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1707.661142] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1707.662727] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1707.664204] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1707.665675] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1707.667194] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1707.668671] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1707.670197] CPU: 1 PID: 9489 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1707.671918] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1707.673959] Call Trace: [ 1707.674629] dump_stack+0x107/0x167 [ 1707.675531] should_fail.cold+0x5/0xa [ 1707.676478] ? percpu_ref_init+0xd8/0x3d0 [ 1707.677499] should_failslab+0x5/0x20 [ 1707.678448] kmem_cache_alloc_trace+0x55/0x320 [ 1707.679561] ? io_async_queue_proc+0x80/0x80 [ 1707.680631] percpu_ref_init+0xd8/0x3d0 [ 1707.681587] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 1707.686878] io_uring_setup+0x14f6/0x2980 [ 1707.687863] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1707.689050] ? wait_for_completion_io+0x270/0x270 [ 1707.690234] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1707.691437] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1707.692785] do_syscall_64+0x33/0x40 [ 1707.693614] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1707.694682] RIP: 0033:0x7f00b63acb19 [ 1707.695438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1707.699735] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1707.701641] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1707.703263] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1707.704909] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 03:36:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2282, 0x0) [ 1707.706675] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1707.708605] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:36:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1707.740786] tmpfs: Bad value for 'mpol' 03:36:20 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40087602, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:20 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 82) 03:36:20 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:20 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b47, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:20 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2283, 0x0) 03:36:20 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000000)={0x7, 0x1f, 0x2ad, 0xc7b, 0x800}, 0x14) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = syz_open_dev$ttys(0xc, 0x2, 0x1) dup2(r1, r0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$AUTOFS_DEV_IOCTL_FAIL(r3, 0xc0189377, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0x6, 0x1}}, './file0\x00'}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) 03:36:20 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:20 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 19) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1725.527583] FAULT_INJECTION: forcing a failure. [ 1725.527583] name failslab, interval 1, probability 0, space 0, times 0 [ 1725.530061] CPU: 1 PID: 9526 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1725.531624] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1725.533329] Call Trace: [ 1725.533874] dump_stack+0x107/0x167 [ 1725.534645] should_fail.cold+0x5/0xa [ 1725.535441] ? create_object.isra.0+0x3a/0xa20 [ 1725.536374] tmpfs: Bad value for 'mpol' [ 1725.537247] should_failslab+0x5/0x20 [ 1725.538061] kmem_cache_alloc+0x5b/0x310 [ 1725.538926] create_object.isra.0+0x3a/0xa20 [ 1725.539833] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1725.540877] kmem_cache_alloc_trace+0x151/0x320 [ 1725.541906] ? io_async_queue_proc+0x80/0x80 [ 1725.542827] percpu_ref_init+0xd8/0x3d0 [ 1725.543686] io_rsrc_node_switch_start.part.0+0x6a/0x250 [ 1725.544792] io_uring_setup+0x14f6/0x2980 [ 1725.545667] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1725.546770] ? wait_for_completion_io+0x270/0x270 [ 1725.547772] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1725.548832] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1725.549996] do_syscall_64+0x33/0x40 [ 1725.550800] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1725.551854] RIP: 0033:0x7f00b63acb19 [ 1725.552635] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1725.556621] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1725.558338] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1725.559827] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1725.561348] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1725.562937] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1725.564434] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1725.566674] FAULT_INJECTION: forcing a failure. [ 1725.566674] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1725.569236] CPU: 1 PID: 9525 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1725.570766] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1725.572523] Call Trace: [ 1725.573088] dump_stack+0x107/0x167 [ 1725.573885] should_fail.cold+0x5/0xa [ 1725.574776] __alloc_pages_nodemask+0x182/0x600 [ 1725.575761] ? add_mm_counter_fast+0x220/0x220 [ 1725.576697] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1725.578045] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1725.579215] ? lock_downgrade+0x6d0/0x6d0 [ 1725.580108] ? mark_held_locks+0x9e/0xe0 [ 1725.581006] alloc_pages_vma+0xbb/0x410 [ 1725.581880] handle_mm_fault+0x152f/0x3500 [ 1725.582816] ? __pmd_alloc+0x5e0/0x5e0 [ 1725.583682] ? vmacache_find+0x55/0x2a0 [ 1725.584555] do_user_addr_fault+0x56e/0xc60 [ 1725.585479] exc_page_fault+0xa2/0x1a0 [ 1725.586404] asm_exc_page_fault+0x1e/0x30 [ 1725.587390] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1725.588558] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1725.592671] RSP: 0018:ffff8880459b7b50 EFLAGS: 00050246 [ 1725.593822] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1725.595639] RDX: 0000000000000000 RSI: ffff888046454898 RDI: 0000000020027000 [ 1725.597382] RBP: 0000000020026768 R08: 0000000000000000 R09: ffff888046454fff [ 1725.599275] R10: ffffed1008c8a9ff R11: 0000000000000001 R12: 0000000020027768 [ 1725.600951] R13: ffff888046454000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1725.602575] _copy_to_user+0x13d/0x180 [ 1725.603543] pagemap_read+0x333/0x590 [ 1725.604500] ? clear_refs_write+0x780/0x780 [ 1725.605447] ? iov_iter_advance+0x181/0xec0 [ 1725.606552] do_iter_read+0x4fa/0x760 [ 1725.607349] ? import_iovec+0x83/0xb0 [ 1725.608135] vfs_readv+0xe5/0x160 [ 1725.608882] ? vfs_iter_read+0xa0/0xa0 [ 1725.609822] ? __fdget_pos+0xf1/0x190 [ 1725.610637] ? lock_downgrade+0x6d0/0x6d0 [ 1725.611723] ? ksys_write+0x12d/0x260 [ 1725.612539] ? __fget_files+0x2f8/0x520 [ 1725.613593] do_readv+0x139/0x300 [ 1725.614353] ? vfs_readv+0x160/0x160 [ 1725.615316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1725.616424] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1725.617743] do_syscall_64+0x33/0x40 [ 1725.618542] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1725.619861] RIP: 0033:0x7f65e567fb19 [ 1725.620638] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1725.625356] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1725.627299] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1725.629117] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1725.630935] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1725.632754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1725.634580] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:36:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:21 executing program 2: r0 = fsmount(0xffffffffffffffff, 0x0, 0x5) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0xee00, 0xffffffffffffffff}}, './file0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) 03:36:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2284, 0x0) 03:36:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4020940d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b49, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, 0x0) 03:36:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5382, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:21 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000040)='\x15\x8e6', 0x0, 0x110, 0x0) mq_notify(r0, 0x0) 03:36:21 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 20) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1725.790657] tmpfs: Bad value for 'mpol' [ 1725.967099] FAULT_INJECTION: forcing a failure. [ 1725.967099] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1725.969705] CPU: 0 PID: 9564 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1725.971136] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1725.972847] Call Trace: [ 1725.973398] dump_stack+0x107/0x167 [ 1725.974161] should_fail.cold+0x5/0xa [ 1725.974981] _copy_to_user+0x2e/0x180 [ 1725.975783] io_uring_setup+0x11b5/0x2980 [ 1725.976654] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1725.977709] ? wait_for_completion_io+0x270/0x270 [ 1725.978747] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1725.979834] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1725.980917] do_syscall_64+0x33/0x40 [ 1725.981695] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1725.982775] RIP: 0033:0x7f00b63acb19 [ 1725.983550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1725.987365] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1725.988969] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1725.990460] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1725.991939] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1725.993416] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1725.994905] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:36:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80086601, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:35 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:35 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:35 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 21) lseek(0xffffffffffffffff, 0x0, 0x0) 03:36:35 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 83) 03:36:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, 0x0) 03:36:35 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5385, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:35 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x803, 0x1, 0x0) mq_notify(r0, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) mq_timedsend(r1, &(0x7f0000000100)="4373863f5a6f0cf542f5b001e814b5617b87c09500bbe6758a7d44834d1327b6e599aa8442ed084327ef1ed87c6f94a79226196409cdb1988118042e289bd5eae7adfa3256f2430b3d34480af22085514de306ca48094850810f215dee003011316f6718e46814e8e0e44b0565b72aadcc97c9ad60f53522016bcd94b8c7c46d6398133eceb5a9da093b64a77b", 0x8d, 0x4, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) r4 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r3, 0xc0189379, &(0x7f0000000000)={{0x1, 0x1, 0x18, r4}, './file0\x00'}) [ 1740.450433] tmpfs: Bad value for 'mpol' 03:36:35 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000000)='-@\x00', 0x40, 0x0, 0x0) r1 = mq_open(&(0x7f0000000040)='!+\x00', 0x40, 0x40, &(0x7f0000000080)={0x7, 0x1, 0xdb9, 0xffffffffffffffff}) r2 = syz_io_uring_setup(0x160, &(0x7f0000000280)={0x0, 0x8fbc, 0x4, 0x3, 0x156}, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000300)=0x0, &(0x7f0000000340)) mq_open(&(0x7f0000000540)='!#:{).:!-/-\']\x00', 0x1, 0x71, &(0x7f0000000580)={0x6, 0x4, 0x101, 0x8}) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r2, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x1, 0x0, r6, 0x0, &(0x7f00000005c0)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @private2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000, 0x0, {0x0, r7}}, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0x741}}, './file0\x00'}) syz_io_uring_submit(r3, r5, &(0x7f0000000500)=@IORING_OP_STATX={0x15, 0x5, 0x0, r8, &(0x7f00000003c0), &(0x7f00000004c0)='./file0\x00', 0x1, 0x4000}, 0x0) mq_notify(r0, 0x0) mq_notify(r1, &(0x7f0000000240)={0x0, 0x25, 0x4, @thr={&(0x7f00000000c0)="a944f9ca5cf483e10a5d45664a1b5538d29fc2a5136135a6d83f29c4320b7a567b828e8044f7f90e7c5182517ab74ea228f3ad4a249b8eba298f5aa4740453e59895385ed6c8a4010988afeeff56e506663c65a4f089c642bb1635a926c9a98031398ea8c76fddb572d8bffdb4325ef54fac95a19a97f06b38c78f84fb6329739bf307de3eb0b1c0be2bd889c2229c956ec061b1a0e76df3d64d3de96ca85c85cd84848b39e44044f453c45adb41a8395b8fe69e0ec91a98601bd45274f79b42ec831fd16eb3de1057035d4f2764db682e8ee3a23ef918", &(0x7f00000001c0)="82c130f67729fe9c517dc54339595e029076850116db864ba11706dcdd640a86a7d6a2f75b9aca04fbbd88c778bb8ad2e0b2a160b64958aafce44d01c76a9e931e6c64f8c321842adf95582ec1a39044f03f9a6f24b7fe300eef08aba085f9ecf1f1f544d6436200fd1ba4db05259b"}}) 03:36:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2287, 0x0) [ 1740.594839] FAULT_INJECTION: forcing a failure. [ 1740.594839] name failslab, interval 1, probability 0, space 0, times 0 [ 1740.596537] CPU: 0 PID: 9578 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1740.597540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1740.598791] Call Trace: [ 1740.599182] dump_stack+0x107/0x167 [ 1740.599719] should_fail.cold+0x5/0xa [ 1740.600295] ? __d_alloc+0x2a/0x990 [ 1740.600833] should_failslab+0x5/0x20 [ 1740.601406] kmem_cache_alloc+0x5b/0x310 [ 1740.602021] __d_alloc+0x2a/0x990 [ 1740.602546] ? find_held_lock+0x2c/0x110 [ 1740.603145] d_alloc_pseudo+0x19/0x70 [ 1740.603703] alloc_file_pseudo+0xce/0x250 [ 1740.604315] ? trace_hardirqs_on+0x5b/0x180 [ 1740.604945] ? alloc_file+0x5a0/0x5a0 [ 1740.605511] anon_inode_getfile+0xc8/0x1f0 [ 1740.606141] io_uring_setup+0x138b/0x2980 [ 1740.606768] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1740.607512] ? wait_for_completion_io+0x270/0x270 [ 1740.608230] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1740.609002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1740.609752] do_syscall_64+0x33/0x40 [ 1740.610296] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1740.611051] RIP: 0033:0x7f00b63acb19 [ 1740.611597] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1740.614262] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1740.615381] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1740.616423] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1740.617464] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1740.618516] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1740.619569] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1740.663740] FAULT_INJECTION: forcing a failure. [ 1740.663740] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1740.665244] CPU: 0 PID: 9589 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1740.666049] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1740.667033] Call Trace: [ 1740.667345] dump_stack+0x107/0x167 [ 1740.667780] should_fail.cold+0x5/0xa [ 1740.668236] _copy_to_user+0x2e/0x180 [ 1740.668691] pagemap_read+0x333/0x590 [ 1740.669137] ? clear_refs_write+0x780/0x780 [ 1740.669644] ? iov_iter_advance+0x181/0xec0 [ 1740.670158] do_iter_read+0x4fa/0x760 [ 1740.670616] ? import_iovec+0x83/0xb0 [ 1740.671067] vfs_readv+0xe5/0x160 [ 1740.671467] ? vfs_iter_read+0xa0/0xa0 [ 1740.671917] ? __fdget_pos+0xf1/0x190 [ 1740.672359] ? lock_downgrade+0x6d0/0x6d0 [ 1740.672846] ? ksys_write+0x12d/0x260 [ 1740.673289] ? __fget_files+0x2f8/0x520 [ 1740.673761] do_readv+0x139/0x300 [ 1740.674168] ? vfs_readv+0x160/0x160 [ 1740.674609] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1740.675223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1740.675825] do_syscall_64+0x33/0x40 [ 1740.676267] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1740.676860] RIP: 0033:0x7f65e567fb19 [ 1740.677297] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1740.679458] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1740.680341] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1740.681178] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1740.682012] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1740.682860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1740.683692] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:36:50 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 84) 03:36:50 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5386, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 2: utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0xfffffffffffffffa, 0x400}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) setxattr$trusted_overlay_nlink(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000100)={'U+', 0x100}, 0x16, 0x3) fcntl$lock(0xffffffffffffffff, 0x26, &(0x7f0000000140)={0x0, 0x0, 0x8, 0xc6a0}) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) 03:36:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80087601, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2288, 0x0) 03:36:50 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 22) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1755.207845] FAULT_INJECTION: forcing a failure. [ 1755.207845] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1755.210380] CPU: 1 PID: 9617 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1755.211815] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.213545] Call Trace: [ 1755.214097] dump_stack+0x107/0x167 [ 1755.214865] should_fail.cold+0x5/0xa [ 1755.215666] __alloc_pages_nodemask+0x182/0x600 [ 1755.216645] ? add_mm_counter_fast+0x220/0x220 [ 1755.217604] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1755.218876] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1755.219975] ? lock_downgrade+0x6d0/0x6d0 [ 1755.220831] ? mark_held_locks+0x9e/0xe0 [ 1755.221690] alloc_pages_vma+0xbb/0x410 [ 1755.222529] handle_mm_fault+0x152f/0x3500 [ 1755.223435] ? __pmd_alloc+0x5e0/0x5e0 [ 1755.224267] ? vmacache_find+0x55/0x2a0 [ 1755.225108] do_user_addr_fault+0x56e/0xc60 [ 1755.226025] exc_page_fault+0xa2/0x1a0 [ 1755.226855] asm_exc_page_fault+0x1e/0x30 [ 1755.227733] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1755.228858] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1755.233033] RSP: 0018:ffff888045847b50 EFLAGS: 00050246 [ 1755.234152] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1755.235738] RDX: 0000000000000000 RSI: ffff88800996e898 RDI: 0000000020028000 [ 1755.237390] RBP: 0000000020027768 R08: 0000000000000000 R09: ffff88800996efff [ 1755.239046] R10: ffffed100132ddff R11: 0000000000000001 R12: 0000000020028768 [ 1755.240694] R13: ffff88800996e000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1755.242373] _copy_to_user+0x13d/0x180 [ 1755.243314] pagemap_read+0x333/0x590 [ 1755.244202] ? clear_refs_write+0x780/0x780 [ 1755.245198] ? iov_iter_advance+0x181/0xec0 [ 1755.246210] do_iter_read+0x4fa/0x760 [ 1755.247106] ? import_iovec+0x83/0xb0 [ 1755.247991] vfs_readv+0xe5/0x160 [ 1755.248792] ? vfs_iter_read+0xa0/0xa0 [ 1755.249689] ? __fdget_pos+0xf1/0x190 [ 1755.250569] ? lock_downgrade+0x6d0/0x6d0 [ 1755.251541] ? ksys_write+0x12d/0x260 [ 1755.252426] ? __fget_files+0x2f8/0x520 [ 1755.253367] do_readv+0x139/0x300 [ 1755.254168] ? vfs_readv+0x160/0x160 [ 1755.255042] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1755.256251] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1755.257440] do_syscall_64+0x33/0x40 [ 1755.258299] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.259489] RIP: 0033:0x7f65e567fb19 [ 1755.260342] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.264570] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1755.266314] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1755.267963] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1755.269598] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1755.271243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1755.272881] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1755.273463] tmpfs: Bad value for 'mpol' 03:36:50 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x541b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 2: fstatfs(0xffffffffffffffff, &(0x7f0000000000)=""/190) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f0000000100)='!@\x00\xadu\"\xd9)\xa0\xbe\xdf\xb4\x83\x8b\x99\x11\xf6\xf3\xbc\x93c\xd4\xf2\f\xc2\xa6MXt\xe1\xcar*\x1f\xcd\xc0!\x1d\v\x93I\xbc1f\x83\xeb\t\x95lg\x9e\x9bQZ#ol\x8e\x90C\xa0\xd5\xf3Q\xeaix1\xad\xc8\x84A\x86', 0x40, 0x100, 0x0) mq_notify(r0, 0x0) [ 1755.289125] FAULT_INJECTION: forcing a failure. [ 1755.289125] name failslab, interval 1, probability 0, space 0, times 0 [ 1755.291769] CPU: 1 PID: 9625 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1755.293345] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1755.295267] Call Trace: [ 1755.295871] dump_stack+0x107/0x167 [ 1755.296707] should_fail.cold+0x5/0xa [ 1755.297585] ? create_object.isra.0+0x3a/0xa20 [ 1755.298645] should_failslab+0x5/0x20 [ 1755.299523] kmem_cache_alloc+0x5b/0x310 [ 1755.300536] create_object.isra.0+0x3a/0xa20 [ 1755.301542] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1755.302720] kmem_cache_alloc+0x159/0x310 [ 1755.303675] __d_alloc+0x2a/0x990 [ 1755.304479] ? find_held_lock+0x2c/0x110 [ 1755.305413] d_alloc_pseudo+0x19/0x70 [ 1755.306284] alloc_file_pseudo+0xce/0x250 [ 1755.307241] ? trace_hardirqs_on+0x5b/0x180 [ 1755.308226] ? alloc_file+0x5a0/0x5a0 [ 1755.309113] anon_inode_getfile+0xc8/0x1f0 [ 1755.310088] io_uring_setup+0x138b/0x2980 [ 1755.311057] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1755.312219] ? wait_for_completion_io+0x270/0x270 [ 1755.313347] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1755.314563] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1755.315758] do_syscall_64+0x33/0x40 [ 1755.316612] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1755.317786] RIP: 0033:0x7f00b63acb19 [ 1755.318648] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1755.322877] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1755.324620] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1755.326262] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1755.327907] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1755.329548] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1755.331191] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:36:50 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2289, 0x0) 03:36:50 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5421, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:36:50 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:36:50 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1755.492626] tmpfs: Bad value for 'mpol' 03:37:04 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b47, 0x0) 03:37:04 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 85) 03:37:04 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:04 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:04 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 23) lseek(0xffffffffffffffff, 0x0, 0x0) 03:37:04 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:04 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5450, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:04 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x10282, 0x0) r2 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xa, 0x12, r1, 0x0) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x28880, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, @perf_config_ext={0x4000000000000}, 0x0, 0x0, 0x0, 0x1, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r3, &(0x7f0000000080)=""/53, 0x35) r4 = mmap$IORING_OFF_SQES(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x2000003, 0x2010, r1, 0x10000000) r5 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r5, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000056b40)={0x40, [], 0x9, "86ea58c060adcf"}) mq_timedsend(r5, 0x0, 0x0, 0x9, 0x0) mq_notify(r5, &(0x7f0000000100)={0x0, 0x41, 0x1}) syz_io_uring_submit(r2, r4, &(0x7f0000000040)=@IORING_OP_SPLICE={0x1e, 0x0, 0x0, @fd_index=0x9, 0x0, {0x0, r3}, 0x1e1, 0x1, 0x0, {0x0, 0x0, r5}}, 0xba) fallocate(r3, 0x40, 0x8b45, 0xfffffffffffffcab) mmap(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000000, 0x5de8c091d79f7390, r3, 0x9aa2d000) mq_notify(r0, 0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) [ 1769.402858] tmpfs: Bad value for 'mpol' 03:37:04 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4b49, 0x0) [ 1769.522277] FAULT_INJECTION: forcing a failure. [ 1769.522277] name failslab, interval 1, probability 0, space 0, times 0 [ 1769.524735] CPU: 1 PID: 9675 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1769.526164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1769.527883] Call Trace: [ 1769.528432] dump_stack+0x107/0x167 [ 1769.529181] should_fail.cold+0x5/0xa [ 1769.529957] ? __alloc_file+0x21/0x320 [ 1769.530757] should_failslab+0x5/0x20 [ 1769.531556] kmem_cache_alloc+0x5b/0x310 [ 1769.532399] __alloc_file+0x21/0x320 [ 1769.533157] alloc_empty_file+0x6d/0x170 [ 1769.534115] alloc_file+0x5e/0x5a0 [ 1769.534876] alloc_file_pseudo+0x16a/0x250 [ 1769.535868] ? alloc_file+0x5a0/0x5a0 [ 1769.536789] anon_inode_getfile+0xc8/0x1f0 [ 1769.537809] io_uring_setup+0x138b/0x2980 [ 1769.538830] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1769.540044] ? wait_for_completion_io+0x270/0x270 [ 1769.541210] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1769.542464] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1769.543700] do_syscall_64+0x33/0x40 [ 1769.544585] entry_SYSCALL_64_after_hwframe+0x67/0xd1 03:37:04 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0189436, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:04 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1769.545848] RIP: 0033:0x7f00b63acb19 [ 1769.548221] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1769.549152] FAULT_INJECTION: forcing a failure. [ 1769.549152] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1769.551883] RSP: 002b:00007f00b3901108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1769.551903] RAX: ffffffffffffffda RBX: 00007f00b64c0020 RCX: 00007f00b63acb19 [ 1769.551914] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1769.551929] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1769.559079] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1769.560535] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1769.562000] CPU: 0 PID: 9678 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1769.562753] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1769.563672] Call Trace: [ 1769.563967] dump_stack+0x107/0x167 [ 1769.564366] should_fail.cold+0x5/0xa [ 1769.564785] _copy_to_user+0x2e/0x180 [ 1769.565204] pagemap_read+0x333/0x590 [ 1769.565624] ? clear_refs_write+0x780/0x780 [ 1769.566100] ? iov_iter_advance+0x181/0xec0 [ 1769.566578] do_iter_read+0x4fa/0x760 [ 1769.567011] ? import_iovec+0x83/0xb0 [ 1769.567432] vfs_readv+0xe5/0x160 [ 1769.567811] ? vfs_iter_read+0xa0/0xa0 [ 1769.568238] ? __fdget_pos+0xf1/0x190 [ 1769.568656] ? lock_downgrade+0x6d0/0x6d0 [ 1769.569115] ? ksys_write+0x12d/0x260 [ 1769.569534] ? __fget_files+0x2f8/0x520 [ 1769.569986] do_readv+0x139/0x300 [ 1769.570365] ? vfs_readv+0x160/0x160 [ 1769.570780] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1769.571362] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1769.571932] do_syscall_64+0x33/0x40 [ 1769.572339] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1769.572903] RIP: 0033:0x7f65e567fb19 [ 1769.573317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1769.575340] RSP: 002b:00007f65e2bd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1769.576178] RAX: ffffffffffffffda RBX: 00007f65e5793020 RCX: 00007f65e567fb19 [ 1769.576958] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1769.577736] RBP: 00007f65e2bd41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1769.578513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1769.579302] R13: 00007ffcf46a588f R14: 00007f65e2bd4300 R15: 0000000000022000 03:37:05 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5451, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1769.610640] tmpfs: Bad value for 'mpol' 03:37:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc020660b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:05 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5382, 0x0) 03:37:05 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5452, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:05 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1769.731841] tmpfs: Bad value for 'mpol' 03:37:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0481273, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5460, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:21 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r1, 0x0, 0x482, &(0x7f0000000000)=""/163, &(0x7f00000000c0)=0xa3) mq_notify(r0, 0x0) 03:37:21 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 86) 03:37:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5385, 0x0) 03:37:21 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 24) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1786.458881] tmpfs: Bad value for 'mpol' [ 1786.462101] FAULT_INJECTION: forcing a failure. [ 1786.462101] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1786.464485] CPU: 0 PID: 9723 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1786.465826] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.467462] Call Trace: [ 1786.467989] dump_stack+0x107/0x167 [ 1786.468706] should_fail.cold+0x5/0xa [ 1786.469458] __alloc_pages_nodemask+0x182/0x600 [ 1786.470378] ? add_mm_counter_fast+0x220/0x220 [ 1786.471321] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1786.472541] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1786.473581] ? lock_downgrade+0x6d0/0x6d0 [ 1786.474385] ? mark_held_locks+0x9e/0xe0 [ 1786.475198] alloc_pages_vma+0xbb/0x410 [ 1786.475982] handle_mm_fault+0x152f/0x3500 [ 1786.476822] ? __pmd_alloc+0x5e0/0x5e0 [ 1786.477597] ? vmacache_find+0x55/0x2a0 [ 1786.478372] ? vmacache_update+0xce/0x140 [ 1786.479205] do_user_addr_fault+0x56e/0xc60 [ 1786.480058] exc_page_fault+0xa2/0x1a0 [ 1786.480820] asm_exc_page_fault+0x1e/0x30 [ 1786.481647] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1786.482722] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1786.486413] RSP: 0018:ffff888046c57b50 EFLAGS: 00050246 [ 1786.487480] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1786.488898] RDX: 0000000000000000 RSI: ffff8880464fc898 RDI: 0000000020029000 [ 1786.490313] RBP: 0000000020028768 R08: 0000000000000000 R09: ffff8880464fcfff [ 1786.491752] R10: ffffed1008c9f9ff R11: 0000000000000001 R12: 0000000020029768 [ 1786.493170] R13: ffff8880464fc000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1786.494627] _copy_to_user+0x13d/0x180 [ 1786.495422] pagemap_read+0x333/0x590 [ 1786.496181] ? clear_refs_write+0x780/0x780 [ 1786.497037] ? iov_iter_advance+0x181/0xec0 [ 1786.497904] do_iter_read+0x4fa/0x760 [ 1786.498663] ? import_iovec+0x83/0xb0 [ 1786.499430] vfs_readv+0xe5/0x160 [ 1786.500117] ? vfs_iter_read+0xa0/0xa0 [ 1786.500903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.501951] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1786.503051] do_readv+0x139/0x300 [ 1786.503737] ? vfs_readv+0x160/0x160 [ 1786.504476] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 03:37:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5386, 0x0) [ 1786.505502] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.506618] do_syscall_64+0x33/0x40 [ 1786.507358] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.508361] RIP: 0033:0x7f65e567fb19 [ 1786.509087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.512695] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1786.514187] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1786.515595] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1786.516990] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1786.518383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1786.519788] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:37:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:21 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) fallocate(r0, 0x10, 0xfffffffffffffffd, 0x5) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) r2 = syz_open_dev$hidraw(&(0x7f00000000c0), 0x1, 0x80000) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f0000000240)={0x2, 0x400, 0xdd, &(0x7f0000000140)=""/221}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000002c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32=0xee01, @ANYRES32=0xee01, @ANYBLOB="36eb78776b87f0ff7f000000000000a2a2c156a037f3f6c2e273e0de3d125e2bb76f6f5a9dccc8c8d0a81c17bd55383ebb5b18bd48cd0cff0925031b18a374eb5b74c45cc11a192e82816f16006ba53fe4644a6f7943cc93689eaba5b6865484134074432a697ebf3edf9b15f8c163cfacd08e33ebd13a72d1a7e7ae3a6696ea509f42adb714ddf134cf6566d178724f0dce29e59789d9bc20c57b5e1eccadf0a390398074fe3665935188686d5b8c70f539a17600"]) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r4, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$INCFS_IOC_PERMIT_FILL(r4, 0x40046721, &(0x7f0000000080)={r0}) ioctl$EXT4_IOC_GROUP_ADD(r1, 0x40286608, &(0x7f0000000280)={0x7, 0xffff, 0x25, 0x1f, 0x9a, 0xee6}) ioctl$SIOCGSTAMPNS(r3, 0x8907, &(0x7f0000000040)) 03:37:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB, @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40049409, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1786.592401] FAULT_INJECTION: forcing a failure. [ 1786.592401] name failslab, interval 1, probability 0, space 0, times 0 [ 1786.594854] CPU: 1 PID: 9724 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1786.596359] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1786.598153] Call Trace: [ 1786.598722] dump_stack+0x107/0x167 [ 1786.599515] should_fail.cold+0x5/0xa [ 1786.600373] ? create_object.isra.0+0x3a/0xa20 [ 1786.601371] should_failslab+0x5/0x20 [ 1786.602190] kmem_cache_alloc+0x5b/0x310 [ 1786.603072] create_object.isra.0+0x3a/0xa20 [ 1786.604033] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1786.605178] kmem_cache_alloc+0x159/0x310 [ 1786.606063] __alloc_file+0x21/0x320 [ 1786.606852] alloc_empty_file+0x6d/0x170 [ 1786.607726] alloc_file+0x5e/0x5a0 [ 1786.608520] alloc_file_pseudo+0x16a/0x250 [ 1786.609418] ? alloc_file+0x5a0/0x5a0 [ 1786.610239] anon_inode_getfile+0xc8/0x1f0 [ 1786.611155] io_uring_setup+0x138b/0x2980 [ 1786.612041] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1786.613159] ? wait_for_completion_io+0x270/0x270 [ 1786.614204] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1786.615352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1786.616483] do_syscall_64+0x33/0x40 [ 1786.617276] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1786.618413] RIP: 0033:0x7f00b63acb19 [ 1786.619345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1786.623876] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1786.625765] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1786.627509] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1786.629322] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1786.631079] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1786.632801] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:37:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0xfdfdffff, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40086602, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1786.689428] tmpfs: Bad value for 'mpol' 03:37:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x541b, 0x0) 03:37:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bff", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40087602, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0xfffffdfd, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:36 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 25) lseek(0xffffffffffffffff, 0x0, 0x0) 03:37:36 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measu', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:36 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='\x00\x01@', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) 03:37:36 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:36 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 87) 03:37:36 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:36 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4020940d, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:36 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5421, 0x0) [ 1801.190401] tmpfs: Bad value for 'mpol' [ 1801.208812] FAULT_INJECTION: forcing a failure. [ 1801.208812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1801.210297] CPU: 1 PID: 9797 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1801.211142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.212148] Call Trace: [ 1801.212469] dump_stack+0x107/0x167 [ 1801.212906] should_fail.cold+0x5/0xa [ 1801.213358] _copy_to_user+0x2e/0x180 [ 1801.213822] pagemap_read+0x333/0x590 [ 1801.214271] ? clear_refs_write+0x780/0x780 [ 1801.214787] ? iov_iter_advance+0x181/0xec0 [ 1801.215325] do_iter_read+0x4fa/0x760 [ 1801.215763] ? import_iovec+0x83/0xb0 [ 1801.216212] vfs_readv+0xe5/0x160 [ 1801.216618] ? vfs_iter_read+0xa0/0xa0 [ 1801.217079] ? __fdget_pos+0xf1/0x190 [ 1801.217520] ? lock_downgrade+0x6d0/0x6d0 [ 1801.218011] ? ksys_write+0x12d/0x260 [ 1801.218461] ? __fget_files+0x2f8/0x520 [ 1801.218937] do_readv+0x139/0x300 [ 1801.219354] ? vfs_readv+0x160/0x160 [ 1801.219792] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.220404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.221010] do_syscall_64+0x33/0x40 [ 1801.221444] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.222040] RIP: 0033:0x7f65e567fb19 [ 1801.222483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.224652] RSP: 002b:00007f65e2bd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1801.225550] RAX: ffffffffffffffda RBX: 00007f65e5793020 RCX: 00007f65e567fb19 [ 1801.226406] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1801.227275] RBP: 00007f65e2bd41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1801.228124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1801.228972] R13: 00007ffcf46a588f R14: 00007f65e2bd4300 R15: 0000000000022000 [ 1801.236684] FAULT_INJECTION: forcing a failure. [ 1801.236684] name failslab, interval 1, probability 0, space 0, times 0 [ 1801.238340] CPU: 1 PID: 9791 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1801.239342] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1801.240534] Call Trace: [ 1801.240924] dump_stack+0x107/0x167 [ 1801.241361] should_fail.cold+0x5/0xa [ 1801.241808] ? security_file_alloc+0x34/0x170 [ 1801.242350] should_failslab+0x5/0x20 [ 1801.242808] kmem_cache_alloc+0x5b/0x310 [ 1801.243318] security_file_alloc+0x34/0x170 [ 1801.243931] __alloc_file+0xb7/0x320 [ 1801.244464] alloc_empty_file+0x6d/0x170 [ 1801.245046] alloc_file+0x5e/0x5a0 [ 1801.245553] alloc_file_pseudo+0x16a/0x250 [ 1801.246157] ? alloc_file+0x5a0/0x5a0 [ 1801.246713] anon_inode_getfile+0xc8/0x1f0 [ 1801.247329] io_uring_setup+0x138b/0x2980 [ 1801.247930] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1801.248658] ? wait_for_completion_io+0x270/0x270 [ 1801.249368] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1801.250125] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1801.250863] do_syscall_64+0x33/0x40 [ 1801.251406] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1801.252135] RIP: 0033:0x7f00b63acb19 [ 1801.252676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1801.255327] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1801.256415] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1801.257425] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1801.258438] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1801.259467] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1801.260476] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:37:51 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bfd", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80086601, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 26) lseek(0xffffffffffffffff, 0x0, 0x0) 03:37:51 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 88) 03:37:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5450, 0x0) 03:37:51 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x0, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000000)=0x2) 03:37:51 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measu', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0xfdfdffff, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1815.757113] FAULT_INJECTION: forcing a failure. [ 1815.757113] name failslab, interval 1, probability 0, space 0, times 0 [ 1815.759592] CPU: 1 PID: 9812 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1815.761054] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1815.762246] tmpfs: Bad value for 'mpol' [ 1815.762826] Call Trace: [ 1815.762853] dump_stack+0x107/0x167 [ 1815.762883] should_fail.cold+0x5/0xa [ 1815.765781] ? create_object.isra.0+0x3a/0xa20 [ 1815.766759] should_failslab+0x5/0x20 [ 1815.767579] kmem_cache_alloc+0x5b/0x310 [ 1815.768431] ? percpu_ref_put_many.constprop.0+0x4e/0x110 [ 1815.769587] create_object.isra.0+0x3a/0xa20 [ 1815.770506] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1815.771586] kmem_cache_alloc+0x159/0x310 [ 1815.772457] security_file_alloc+0x34/0x170 [ 1815.773374] __alloc_file+0xb7/0x320 [ 1815.774165] alloc_empty_file+0x6d/0x170 [ 1815.775031] alloc_file+0x5e/0x5a0 [ 1815.775789] alloc_file_pseudo+0x16a/0x250 [ 1815.776688] ? alloc_file+0x5a0/0x5a0 [ 1815.777505] anon_inode_getfile+0xc8/0x1f0 [ 1815.778394] io_uring_setup+0x138b/0x2980 [ 1815.779291] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1815.780380] ? wait_for_completion_io+0x270/0x270 03:37:51 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b21", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1815.781413] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1815.782689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1815.783779] do_syscall_64+0x33/0x40 [ 1815.784561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1815.785638] RIP: 0033:0x7f00b63acb19 [ 1815.786413] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1815.790287] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1815.791891] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1815.793383] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1815.794871] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1815.796378] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1815.797871] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1815.805112] FAULT_INJECTION: forcing a failure. [ 1815.805112] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1815.807657] CPU: 1 PID: 9813 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1815.809095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1815.810827] Call Trace: [ 1815.811393] dump_stack+0x107/0x167 [ 1815.812162] should_fail.cold+0x5/0xa [ 1815.812969] __alloc_pages_nodemask+0x182/0x600 [ 1815.813948] ? add_mm_counter_fast+0x220/0x220 [ 1815.814915] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1815.816195] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1815.817301] ? lock_downgrade+0x6d0/0x6d0 [ 1815.818174] ? mark_held_locks+0x9e/0xe0 [ 1815.819034] alloc_pages_vma+0xbb/0x410 [ 1815.819885] handle_mm_fault+0x152f/0x3500 [ 1815.820782] ? __pmd_alloc+0x5e0/0x5e0 [ 1815.821610] ? vmacache_find+0x55/0x2a0 [ 1815.822455] do_user_addr_fault+0x56e/0xc60 [ 1815.823383] exc_page_fault+0xa2/0x1a0 [ 1815.824205] asm_exc_page_fault+0x1e/0x30 [ 1815.825078] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1815.826218] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1815.830105] RSP: 0018:ffff8880351e7b50 EFLAGS: 00050246 [ 1815.831224] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1815.832744] RDX: 0000000000000000 RSI: ffff88804affc898 RDI: 000000002002a000 [ 1815.834249] RBP: 0000000020029768 R08: 0000000000000000 R09: ffff88804affcfff [ 1815.835759] R10: ffffed10095ff9ff R11: 0000000000000001 R12: 000000002002a768 [ 1815.837259] R13: ffff88804affc000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1815.838794] _copy_to_user+0x13d/0x180 [ 1815.839637] pagemap_read+0x333/0x590 [ 1815.840447] ? clear_refs_write+0x780/0x780 [ 1815.841355] ? iov_iter_advance+0x181/0xec0 [ 1815.842280] do_iter_read+0x4fa/0x760 [ 1815.843089] ? import_iovec+0x83/0xb0 [ 1815.843908] vfs_readv+0xe5/0x160 [ 1815.844641] ? vfs_iter_read+0xa0/0xa0 [ 1815.845459] ? __fdget_pos+0xf1/0x190 [ 1815.846257] ? lock_downgrade+0x6d0/0x6d0 [ 1815.847161] ? ksys_write+0x12d/0x260 03:37:51 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measu', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1815.847975] ? __fget_files+0x2f8/0x520 [ 1815.849074] do_readv+0x139/0x300 [ 1815.849810] ? vfs_readv+0x160/0x160 [ 1815.850602] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1815.851713] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1815.852797] do_syscall_64+0x33/0x40 [ 1815.853577] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1815.854650] RIP: 0033:0x7f65e567fb19 [ 1815.855443] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1815.859317] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1815.860913] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1815.862409] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1815.863915] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1815.865409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1815.866904] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:37:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5451, 0x0) 03:37:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0xfffffdfd, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80087601, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 27) lseek(0xffffffffffffffff, 0x0, 0x0) 03:37:51 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bf5", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1815.958710] tmpfs: Bad value for 'mpol' [ 1815.981786] FAULT_INJECTION: forcing a failure. [ 1815.981786] name failslab, interval 1, probability 0, space 0, times 0 [ 1815.984253] CPU: 1 PID: 9838 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1815.985705] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1815.987483] Call Trace: [ 1815.988041] dump_stack+0x107/0x167 [ 1815.988805] should_fail.cold+0x5/0xa [ 1815.989616] ? io_uring_alloc_task_context+0x99/0x6a0 [ 1815.990703] should_failslab+0x5/0x20 [ 1815.991520] kmem_cache_alloc_trace+0x55/0x320 [ 1815.992490] io_uring_alloc_task_context+0x99/0x6a0 [ 1815.993542] ? io_import_iovec+0x1120/0x1120 [ 1815.994467] ? lock_downgrade+0x6d0/0x6d0 [ 1815.995344] ? do_raw_spin_lock+0x121/0x260 [ 1815.996248] ? rwlock_bug.part.0+0x90/0x90 [ 1815.997141] __io_uring_add_tctx_node+0x2c6/0x520 [ 1815.998152] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1815.999247] ? alloc_fd+0x2e7/0x670 [ 1816.000036] io_uring_setup+0x1fbb/0x2980 [ 1816.000915] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1816.001985] ? wait_for_completion_io+0x270/0x270 [ 1816.003022] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.004132] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.005220] do_syscall_64+0x33/0x40 [ 1816.006003] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1816.007082] RIP: 0033:0x7f00b63acb19 03:37:51 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5452, 0x0) [ 1816.007877] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.011955] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1816.013543] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1816.015032] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1816.016540] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1816.018032] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1816.019531] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:37:51 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:37:51 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fo', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:37:51 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 89) [ 1816.125345] tmpfs: Bad value for 'mpol' [ 1816.126627] FAULT_INJECTION: forcing a failure. [ 1816.126627] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1816.129219] CPU: 1 PID: 9855 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1816.130654] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1816.132403] Call Trace: [ 1816.132975] dump_stack+0x107/0x167 [ 1816.133738] should_fail.cold+0x5/0xa [ 1816.134545] _copy_to_user+0x2e/0x180 [ 1816.135368] pagemap_read+0x333/0x590 [ 1816.136164] ? clear_refs_write+0x780/0x780 [ 1816.137066] ? iov_iter_advance+0x181/0xec0 [ 1816.137985] do_iter_read+0x4fa/0x760 [ 1816.138793] ? import_iovec+0x83/0xb0 [ 1816.139600] vfs_readv+0xe5/0x160 [ 1816.140343] ? vfs_iter_read+0xa0/0xa0 [ 1816.141164] ? __fdget_pos+0xf1/0x190 [ 1816.141967] ? lock_downgrade+0x6d0/0x6d0 [ 1816.142837] ? ksys_write+0x12d/0x260 [ 1816.143647] ? __fget_files+0x2f8/0x520 [ 1816.144502] do_readv+0x139/0x300 [ 1816.145225] ? vfs_readv+0x160/0x160 [ 1816.146011] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1816.147103] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1816.148189] do_syscall_64+0x33/0x40 [ 1816.148963] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1816.150022] RIP: 0033:0x7f65e567fb19 [ 1816.150803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1816.154646] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1816.156228] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1816.157705] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1816.159197] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1816.160688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1816.162170] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:38:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bf6", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:08 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$F2FS_IOC_MOVE_RANGE(0xffffffffffffffff, 0xc020f509, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffff, 0x863, 0x6}) ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r0, 0xc0406619, &(0x7f0000000040)={@desc={0x1, 0x0, @desc3}}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) 03:38:08 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 90) 03:38:08 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:08 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0xfdfdffff, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:08 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 28) lseek(0xffffffffffffffff, 0x0, 0x0) 03:38:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x5460, 0x0) 03:38:08 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fo', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:38:08 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0xfffffdfd, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1832.770199] FAULT_INJECTION: forcing a failure. [ 1832.770199] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1832.773131] CPU: 1 PID: 9878 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1832.774742] tmpfs: Bad value for 'mpol' [ 1832.774770] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1832.774786] Call Trace: [ 1832.778105] dump_stack+0x107/0x167 [ 1832.778959] should_fail.cold+0x5/0xa [ 1832.779877] __alloc_pages_nodemask+0x182/0x600 [ 1832.780981] ? add_mm_counter_fast+0x220/0x220 [ 1832.782076] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1832.783507] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1832.784760] ? lock_downgrade+0x6d0/0x6d0 [ 1832.785750] ? mark_held_locks+0x9e/0xe0 [ 1832.786733] alloc_pages_vma+0xbb/0x410 [ 1832.787672] handle_mm_fault+0x152f/0x3500 [ 1832.788691] ? __pmd_alloc+0x5e0/0x5e0 [ 1832.789626] ? vmacache_find+0x55/0x2a0 [ 1832.790583] do_user_addr_fault+0x56e/0xc60 [ 1832.791635] exc_page_fault+0xa2/0x1a0 [ 1832.792540] asm_exc_page_fault+0x1e/0x30 [ 1832.793497] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1832.794746] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1832.798960] RSP: 0018:ffff8880481a7b50 EFLAGS: 00050246 [ 1832.800198] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1832.801823] RDX: 0000000000000000 RSI: ffff888047aaa898 RDI: 000000002002b000 [ 1832.803476] RBP: 000000002002a768 R08: 0000000000000000 R09: ffff888047aaafff [ 1832.805126] R10: ffffed1008f555ff R11: 0000000000000001 R12: 000000002002b768 [ 1832.806682] R13: ffff888047aaa000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1832.808221] _copy_to_user+0x13d/0x180 [ 1832.808970] pagemap_read+0x333/0x590 [ 1832.809710] ? clear_refs_write+0x780/0x780 [ 1832.810533] ? iov_iter_advance+0x181/0xec0 [ 1832.811351] do_iter_read+0x4fa/0x760 [ 1832.812117] ? import_iovec+0x83/0xb0 [ 1832.812833] vfs_readv+0xe5/0x160 [ 1832.813503] ? vfs_iter_read+0xa0/0xa0 [ 1832.814243] ? __fdget_pos+0xf1/0x190 [ 1832.814953] ? lock_downgrade+0x6d0/0x6d0 [ 1832.815784] ? ksys_write+0x12d/0x260 [ 1832.816573] ? __fget_files+0x2f8/0x520 [ 1832.817523] do_readv+0x139/0x300 [ 1832.818227] ? vfs_readv+0x160/0x160 [ 1832.819003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1832.820059] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1832.821136] do_syscall_64+0x33/0x40 [ 1832.821933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1832.823018] RIP: 0033:0x7f65e567fb19 [ 1832.823824] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1832.827512] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1832.828834] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1832.830079] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1832.831305] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1832.832548] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1832.833821] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:38:08 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40049409, 0x0) 03:38:08 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0189436, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:08 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r3 = epoll_create(0x3ff) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x20000001}) dup2(r4, r2) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r1, 0x4, r4, 0x2) waitid(0x0, r1, 0x0, 0x8, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) clone3(&(0x7f00000002c0)={0x41010000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1}, &(0x7f00000000c0)=""/219, 0xdb, &(0x7f00000001c0)=""/148, &(0x7f0000000280)=[r1], 0x1, {r6}}, 0x58) mq_notify(r0, 0x0) 03:38:08 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fo', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1832.991332] FAULT_INJECTION: forcing a failure. [ 1832.991332] name failslab, interval 1, probability 0, space 0, times 0 [ 1832.993179] CPU: 1 PID: 9882 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1832.994292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1832.995654] Call Trace: [ 1832.996085] dump_stack+0x107/0x167 [ 1832.996680] should_fail.cold+0x5/0xa [ 1832.997307] ? create_object.isra.0+0x3a/0xa20 [ 1832.998048] should_failslab+0x5/0x20 [ 1832.998660] kmem_cache_alloc+0x5b/0x310 [ 1832.999315] create_object.isra.0+0x3a/0xa20 [ 1833.000027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1833.000845] kmem_cache_alloc_trace+0x151/0x320 [ 1833.001597] io_uring_alloc_task_context+0x99/0x6a0 [ 1833.002401] ? io_import_iovec+0x1120/0x1120 [ 1833.003108] ? lock_downgrade+0x6d0/0x6d0 [ 1833.003778] ? do_raw_spin_lock+0x121/0x260 [ 1833.004471] ? rwlock_bug.part.0+0x90/0x90 [ 1833.005155] __io_uring_add_tctx_node+0x2c6/0x520 [ 1833.005930] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1833.006777] ? alloc_fd+0x2e7/0x670 [ 1833.007368] io_uring_setup+0x1fbb/0x2980 [ 1833.008052] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1833.008865] ? wait_for_completion_io+0x270/0x270 [ 1833.009660] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1833.010503] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1833.011335] do_syscall_64+0x33/0x40 [ 1833.011940] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1833.012764] RIP: 0033:0x7f00b63acb19 [ 1833.013357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1833.016295] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1833.017514] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1833.018652] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1833.019804] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1833.020953] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1833.022091] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:38:08 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bfc", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1833.047152] tmpfs: Bad value for 'mpol' 03:38:24 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 91) 03:38:24 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc020660b, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40086602, 0x0) 03:38:24 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 29) lseek(0xffffffffffffffff, 0x0, 0x0) 03:38:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:24 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930bfe", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:24 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x8c0, 0x10, 0x0) mq_notify(r0, 0x0) 03:38:24 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowne', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1849.156371] FAULT_INJECTION: forcing a failure. [ 1849.156371] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1849.158977] CPU: 1 PID: 9914 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1849.160433] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1849.162182] Call Trace: [ 1849.162742] dump_stack+0x107/0x167 [ 1849.163512] should_fail.cold+0x5/0xa [ 1849.164332] _copy_to_user+0x2e/0x180 [ 1849.165138] pagemap_read+0x333/0x590 [ 1849.165947] ? clear_refs_write+0x780/0x780 [ 1849.166855] ? iov_iter_advance+0x181/0xec0 [ 1849.167790] do_iter_read+0x4fa/0x760 [ 1849.168594] ? import_iovec+0x83/0xb0 [ 1849.169405] vfs_readv+0xe5/0x160 [ 1849.170132] ? vfs_iter_read+0xa0/0xa0 [ 1849.170954] ? __fdget_pos+0xf1/0x190 [ 1849.171763] ? lock_downgrade+0x6d0/0x6d0 [ 1849.172644] ? ksys_write+0x12d/0x260 [ 1849.173451] ? __fget_files+0x2f8/0x520 [ 1849.174311] do_readv+0x139/0x300 [ 1849.175045] ? vfs_readv+0x160/0x160 [ 1849.175842] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1849.176953] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1849.178044] do_syscall_64+0x33/0x40 [ 1849.178832] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1849.179916] RIP: 0033:0x7f65e567fb19 [ 1849.180700] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1849.184603] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1849.186206] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1849.187713] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1849.189212] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1849.190715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 03:38:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0}) [ 1849.192223] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:38:24 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x40087602, 0x0) 03:38:24 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0481273, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1849.219584] tmpfs: Bad value for 'mpol' 03:38:24 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000000)='-\x0e\x96\xd8\x11\xae\xd7\xc6t\x9b>F\x8d,\xfe\xedCM\x00\xb2l\xe7rgx\x8f\xb5\v\xcd5E\xc1\xdap\xe9\x1f\x00\x00\x00\xb22\xea\xb7\x85T\x7fTJ\xf8\\\xa1C\xa8}T\xc9Q\xf8\x15\xfc\xf7mmWa\xb9\xf0|\xcaYz\x1a\xae\xbeB_\x8f>\x19\x82\x1b\x92\x03\x00'/96, 0x0, 0x0, 0x0) mq_notify(r0, 0x0) 03:38:24 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1849.250561] FAULT_INJECTION: forcing a failure. [ 1849.250561] name failslab, interval 1, probability 0, space 0, times 0 [ 1849.253065] CPU: 1 PID: 9932 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1849.254482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1849.256216] Call Trace: [ 1849.256763] dump_stack+0x107/0x167 [ 1849.257523] should_fail.cold+0x5/0xa [ 1849.258318] ? create_object.isra.0+0x3a/0xa20 [ 1849.259271] should_failslab+0x5/0x20 [ 1849.260076] kmem_cache_alloc+0x5b/0x310 [ 1849.260929] create_object.isra.0+0x3a/0xa20 [ 1849.261854] kmemleak_alloc_percpu+0xa0/0x100 [ 1849.262792] pcpu_alloc+0x4e2/0x1240 [ 1849.263581] __percpu_counter_init+0x10d/0x2d0 [ 1849.264545] io_uring_alloc_task_context+0xcc/0x6a0 [ 1849.265582] ? io_import_iovec+0x1120/0x1120 [ 1849.266503] ? lock_downgrade+0x6d0/0x6d0 [ 1849.267368] ? do_raw_spin_lock+0x121/0x260 [ 1849.268269] ? rwlock_bug.part.0+0x90/0x90 [ 1849.269153] __io_uring_add_tctx_node+0x2c6/0x520 [ 1849.270156] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1849.271244] ? alloc_fd+0x2e7/0x670 [ 1849.272016] io_uring_setup+0x1fbb/0x2980 [ 1849.272881] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1849.273933] ? wait_for_completion_io+0x270/0x270 [ 1849.274956] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1849.276059] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1849.277164] do_syscall_64+0x33/0x40 [ 1849.277962] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1849.279064] RIP: 0033:0x7f00b63acb19 [ 1849.279871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1849.283845] RSP: 002b:00007f00b38e0108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1849.285488] RAX: ffffffffffffffda RBX: 00007f00b64c00e0 RCX: 00007f00b63acb19 [ 1849.287019] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1849.288559] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1849.290088] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1849.291617] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:38:24 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0}) 03:38:24 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:24 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowne', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1849.451712] tmpfs: Bad value for 'mpol' 03:38:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0xfdfdffff, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:39 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f00000011c0)='-\x1d\x80\\\xa8_irm\xa8\x0f\xa0\x05\xd1P?q\xe3l\xc2C\xe9o\a\x04\x8a|\x02\x00\x00\x00\t\x17\"\xd6(W\x87\x83\xff\x14\xce\xdb\xe8\xcaJ+y\xa4\x14\x82\xb2\xdf\x18?\x03\xea\x14\x02A\xea\xe4\x1a5\xef\xdc<\xa0\xf9\xb0\xd63f\xd4s\x83\xd3\x1f\x89\xa5T\xb6P\xeb\x96\xfb,\xb1?\xc0&\x15ek', 0x40, 0x110, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x7, 0x4, @thr={&(0x7f0000000000)="21ee91e8a073b9f90b8b583831ecc2c4361c971f2546067223fcbbb41654fb69358e6d968c88280a8cc39cfd8d95998a81882b6b007372c599a2f2fd2ed290799ffedcd4c1807b3fa66f027d", &(0x7f0000000080)="a7546c7d3cf3a7d1b41badd89831f6cecb8de239da6d516b5cb9e8f0b077a4e4f6dbef7176774798681d5397423c81225076a8899dd1d6d0a79c2449e62d3341fae5aca6a157416fa49698235212f0c56b75ec695a980435a10c3b3131a0fecc702f8a31b0ab08efda1da592c3ee79489a6bbb3a3fbc0919c04e626391e33a3281f032ff"}}) mq_notify(r0, 0x0) r1 = dup2(r0, r0) r2 = dup2(r0, r1) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000012c0)=ANY=[@ANYBLOB="c2218a48dc19a71f2b4bc0aaade139eb2d89680f0f1bcbde956f8610203498980053cfd1f34cae2c83a4c9ec652eb3f3fa6cb24eb7dfcc23c56bc770a88c3f0afbcf601a97c17d95e61beaf37e3b821b53d758edafbd1ea622d6c226ad96b7b0770feb2269746d", @ANYRES32=r2, @ANYBLOB="00000000000000002e2f66696c653000974f25a94ee4972b6cb802290a65ac9188e1a66efed54dab1e86b4c3df4124b89c87b18c149da2c91f6d4e71cf7a88facafde3c1f10c330f0b3393f67798b3462ffcf1ddcab985ace4322af19d0d6ec8c4d113387ee4698f8fe79b091216c7bdaf097d9345779144a8bfdce5005f87891e854edbb023f4a76aee68"]) ioctl$BTRFS_IOC_SNAP_DESTROY(r2, 0x5000940f, &(0x7f00000001c0)={{r3}, "c87f16f9e191ee051cf2b35100dd5210543053f61554ef4c81b0253d1210344cc8eac2c5ee1f337eeead9a80d64da9ec6c896f78de7c870a3c578416ee7fa6e9f941da65e91fd6eb8b6713567580546d4f64b4986ac4e34f3213d23037abd1a91e27b681916fa47370d2e14234921b5b83c3cb59d1ab957d537a9c10d3a61528370349a9fa1b19d7d1ffbed1db505e05c816be6f6c311c7d7d7e85a49a5542b6522a8398a1853e3cb8afd56dd1eb25f808d853299a3740071d104aa3fac61d89e10189f46b065e2cbfd5c66aa87e8dbdbc85a7c0cadb219846ffb735f3d9611234bd8588098c6da4e4cd32b125ec3159c4ed17c550f14eb00fbb5d399356d82a8f18abd69ea32420b89f72b91abfa79f7ee32ed53b41202d1e9e0e4655a9cd037a890d1f9b23a08a7e6b3ad4b62638c790df267475e311e812cba291375c6d20793bd775d9b79714569e5bfb6d327479ba1ad9145048ea0d38ac55a43e15f40e675aef0dd19cb1a51469306a505cf1d81c42247235a7c3a0dca6604ed8c11b4366108668575f402f08d402c87bd31987eed0a53ba729eeaa5171fd9aa59cd1d9446f85c1ec2f0aa125d1ea03e08efd136a6ed85c30d37c0d0846910f483f3d9155c2c044d912db25fef9ffbc1a710db5f1fe542037a887807d357e4f077a545d6458a9f1a6f80e63932bac5dd74b1bd0b6ca55a8db1c7c32105aba9c0cbef067fad12948f7f0ef1a213e468fea3f5fc705acbd3d9a8d1c6cba235aacf9d7c9c05fcc4591661e7b53af0ed10e377e5766b23de0679b8783193edcf9c75a66f90ff9686b2c9a5767824eefbeb5c0e497bc7957c47ea28b02e02455c89ed8b3363df9d113baa53f4d0600ebfe56829125493eba510561c0e8335639a6427a84a8bac2de0712916826b14d7726379b81ad87ccd58865e5de697c878ceaf14821bd12c9c8358f5a7d157a1164c7731bfa0a203ef908f086cf7e3cb5f70221afb2381c3b20ef69cbd546ecdfe988c6a2649ac154211b92ef6f8f2f9f9a09d2622f9944b83ba74f3c507f58803b0659a0657f1d7322c81622c3768ce118d046b319016efa3a62f72e195935e2e5c88b8832b7f83f4efac47f38f70d2a6ce2405507c840c98ea12944f8b9dc42818d032a86948545078c106c88b7c2526644c5e898918b2438c6eaf4092c68e6718d1fb38cbfbefd102ebb1de808763eac28520c980f26d5252e6321c6acbb80960fe35e7f52b52027a64ffbc66d6ca50e3154004f959fd24cdaed28014b679e900d5d69b34c399ae8537df6a251387df0085e9408a226c3a44b611c7cf2c01be3885824bc9b772ca2dd86d7458b4d26670905881008717b2e06d98c377592a5e562527ea18a545e5f9225108f7623923f386187bda701d1db8973f1309f9803a26384a67bb687155e764e792bfbd1c97ed6acf6713fc48df9e3b4452c649b5ecb1cb1d5b12d6cdcd29693cbab27627c74f410cac6c30cba0093d3d65b5df5072a28fdb163bdba3e1eafd8d1cb793611c0d1957d7fe4f9deeff833087beb4aedffc41c10036947567ae0a107703b3cc2a10d9adda4f3ba8f265926ac0d0329b5843b13916b6014d29262c8f03e3367dedb4308ba273fb28166b80d6d77191c7b771d69d257b647ddb3b37675ab1b8943975868c362c346a10515edd45d259f283ba5c9422bc51b7e8822eded1f5d1715e381600b5afa9449405d82c5254c8b3925bd8b97ae59472ccd33679a746acccc4c28dcd7275b4d336671238d3641c39ab977d3e3354474d75a406f525bac2625ee94aba5638e7f504bedd1cc8ea50c3590f1f1a601927dbd95e96984c469199360eccb630dce688dcc3c61691297064b053b96756587182ed6928343668afd9010fd8b2c4aa775f5e66dec295124fa72181a71fbfc9d581ca6061af67e07cc63bd46783612716382b8720fbb61a61e218a2c96cc959d330889ead95ea41b2d9598c5901a5aac29a374bca7c1aa1a75e96cde6d8e4fac85b90e76259525396c83c03c050163e3db7fa49ea77fa11302fad1b60cf48220c056d0c133d6dcd4644b508db26151529a41aceb44b49adaddae25c6e0df5d101bbcf08f58493392f2996b79bddb2c4e2c9307ba5c69e5db095ddaa991902360f63586e367c6df6fbeb4a3170bdc855c071822bc5deb451bc809ad46b86840dbba222ed1c51657dccc743e967a01ae730dabc36f75a1fa560efff5b36b6cee622cc81ff24cf1df352a468366c2541c6659f3b74a83b3e2fe8ea0f395a306e3d2bdd46b34e7182422ee7848c411e33ac02a51ff5a4b475b1a66977f6e1b2a637f4e36184c3dbae2c32293169bf75d90a257349c5cc034bb9a2258be9576f3d814ea47534c8e733be12c35ba025bed73488a75b2427fa08070276b48dc4d086bab39556045a518bbddd6a3086b94b0e83dafe6aff66d40d9068ae986641f1ec266252da375dc82e702b9b8f12d81071f0f928175fdfdd0624f0d69b7d44c1592742bdf467d3007846e1fa0b6426df3536902fc4a74b8c5ec7e97fa5a6c5a37a1a1da8f3b10aa7c495d31ac8b0d521362d524fb7fb197eb63e215f231ca2e285bf5a0dadf2b09ea0cc6225b27d28b92c83b96933a43808332a3d0e3be574af898913eb434269ddf6008237c359f3b0694632308c23d0175bd31587f693a6b1275b87ebf3b69df0fb074aec6844ad229f8cc0c1b727ab64f52e90f27cead105ce4a9d02ec61f9f26bfb92a335549c2c19b4e0ad0b53f76df97355444502bfd588acb64317bcc39fea84cd3e4b1c1125f7ace2df2c7700007bedaff61cf9e38294d1c4638d18854125c079c22ae177f79caeb0999e94a36879c5ceb26965fbcd0b4a4c9a0f89a93220aced3cda5bcd6b0f86df4cf7deefdd11b8668f057c237ef1314c0d2bd7d4a959a50cae8870cceac893be2877b7fc54457260b56736bedaf237e92158ad8faca7d557c806cefa55a768789a7953b95eec61524fc04b863aff2be711c77a20a5ff2f05774fbc933d054a0aa60709112e3fa2812d1c3ee077ce14f8551da875358518aa59616e33c1a868364422eb00bd966bf73a37aefb6c18c25952b0dbf6b95857c2f928e91012dc33e9d88794ad282254e5a1ec8f850a593592276059c579b0286ad9c09610f3719b41d648bc61494180ee45253cceb76dec905463f042be3cae06d15fcc6fcc8cca550e29591bd10ac7f5f5ab8240b578eb4335de677bd7168c892a628f24d30193f1a7be3773b139231391baaf2c5415c32c255152306b9aff129705cec73202dc3fa70c82bbe239b2439514ca72a9013ae6886fc5801ad4711dffd84f4730dbfb5ff071387a95c1a8abe3354b80538cfa267cf25c5431a5ce5b6da3f71abb618f4babc912f67f6de8aeab1e05601d5722f30e5711a0e5c402cd49ddf15016a51064a05027172b73b677cd761440c9710265d436e389a17a0891a9b7605817efc22b8cf6f8d439d39555fedead8899abf01f2d1af1629328a49cb8fbd03ffe509b762e4b3071215cc5a0517d7757484f0977458ce6bd6c409c7d5689d26f6e342eae578c0f5547dccd9073bc30d23e0719cd4170135b87dcad7b2b5a47ae6a7a59985e99c5c5755a7bc0de3d1254bd7fb7d7095481c76e3606616eadcbc52401089248ac6162ac493ae53f90f9416c13c73fbccf91d3d1b2b3747e868cb20f47c1c4752d133df9d093238765d41c527b28956f8a1a6aab32bed5864f02b69fea5c372e5be23975ea0c5d60d9c7661bfcad9c7783adbc50147a87272bdae028a1155b6ac64375f65824c834709ccc525e8e31cd5ddfc3cef0cb8e7e8c7069f821e99cef37f0326602dc4861f53d9b4743d6e3f2f7179ed368e90c95bb71ea9de3b69626362c2f9245b9c1b8e7dc57fe1348e083c6c075f63a072f11bfa138ffb0754daa309d9443d837d6b4f5754e78208d816f2382b8ad9fafb6c95ccc53be61f0f244d61d3b7decb24f57aadf4207a01c80f8b85f4f759db55591745e15d648c19e2fc5c5cb08ef144b96ab7c833310916d0638ff1f9f5a500c450c00b5ce2668d55905db72dea9a8b92ff0d7422afa9b0792dc98fa548669cd96168aa71de66cc053a70dcba3de564090257b56cc63068198708c4dc4650ca3632fa0f968f82c5498fa4f9ff602681f9bf1ae83f15397adcb30466e4a677614a073c7cda85dbe8eb2f5d8659567acbec3ca1cc3e6e258668f4b9c21d8346e39ec591ff90cd69f72ad05fd970cbc07841aab1b9f31c0d6b4fd47d701e3950303afaa47f2fd1e77f940baddebe9bcb1c49526007aa9f22659848dba4f1e4c69e18e155d9d3e4a4c1a786807bc9c32f5ae9566e565ffae812e0d4638b06422797b3b37eacd9293163acc392980ac3b3e16c308cba654dfc0072b0673321b956c7ad5690adac761cee8e9058e36fc5cead3b875de3ecce7f3ba456c61634f7c14c40377af31cc8482f99168a20e54c04747faa87b4826d5cd6614d56e6c01aa3fb4fe6bfa9f57d4f55f2df9d33896ff4a4c446c610d1d3027e9143ace2142a986d69628a3adcbb3281ccaee6e404edd9b0d7a74801a48c0e32e18dd5083a8443d32fdc680bcae432976b26185021be491cf13a3cf3bf5ba7307064ab24dbb77333ebff59b4440471c418b40bddd6a086d37744c769a518b504557208eacecb54b2051059ff89c938f159174b02051ea84dbd6bbb0a4e1052e3f119ff6eb15754f9b5a17418349a644b7542965caf61de42253179fe8d0eb83a9f18cbf2fcaa35a5fd67431cb56da2d6a47b8aab70a436c11605ab7830b44e33e1c6bce3bc69c13b43084c99ca0cdea488052a7df4001bb7c7ed2b9a6d1d9058bb1f0b817ac1a15e8cc58ce4180e863ed3bdaa0775b15f5c6506aef2dbff9320b981d096282e70b9f4845223f33860570feffadaccaeb52a6d77d7adea866cacaf963d8c2c6b8ab2114052badf0a58136c516a8f451fe94dd68691d4d1fb4c4b1e73ebf49772897f4feb4ad3824120f1c0145eaa8501396df205e798ca7d7e4d771c1aef834e02d0dbb4c0a1ee8001a033b2f96140499640efa7dd986eaf4fa1e612d969854b0247134f6a4bd8b7087cb451f2703972d095a3675a67344206b31ff3b3b4960092193dcab0a8d0758e4c454df7898ec7c77ff75d6eeebbd7d33a1e7f1f7c9037424ea26cde7e5cd476f5b9624185a7ecc4aa91b25eac93b21ebe78ec9030bf1c97cf6a469a05c39f803d1c4eb716452da20e8e197ff232150ff8ef3af0cbc0cb780db3f6b45a68f7ed21b01265405cf7dbab4051673ff2727304aed5052fd18dfbf562e76af37633b605c339b723d931df0a5d98f4d5273ce1b961c3382aaae81b38339630875221513f2bbca774648c164dc616fc1ba785c0b2346cf672d41d6fa2cf7d40c454fdfe4afb5e011edd5dfeda7824b5642dfdb3e22e08ba33e6841dc51c57b2a87ca046bac8fe63fa28ce68f3814f422aa67fe778e15f75ce27ada5bb95fc1c9e6ca5061e672bd089551dd4095d043355c18579e3be4e37c655e279cd90505cf8b7f4c92c516a81249b398400ba5e762d8faeb8670fb9d0f3dcfbe5794c06ca9346f7fe93010e4840929e5fbd00e34427147cd91f56e740b3c07bd3a075d235345fd4ecb4747ae66170f78c8f125e6ee40fb72acfe86cf621aa1d321fb48ceb314bd016fb0ad853fa2fed44c3e38d81d810068b7124cfba31e47b8f6ccfe97d0de4ae7ab4770bcaaddc0a45813fe2890b86e5410ac1fb53d0a3d4450ad1"}) 03:38:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x4020940d, 0x0) 03:38:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 92) 03:38:39 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 30) lseek(0xffffffffffffffff, 0x0, 0x0) 03:38:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1863.913805] FAULT_INJECTION: forcing a failure. [ 1863.913805] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1863.916682] CPU: 1 PID: 9965 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1863.918181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1863.920003] Call Trace: [ 1863.920586] dump_stack+0x107/0x167 [ 1863.921343] should_fail.cold+0x5/0xa [ 1863.922176] __alloc_pages_nodemask+0x182/0x600 [ 1863.923184] ? add_mm_counter_fast+0x220/0x220 [ 1863.924224] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1863.925535] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1863.926671] ? lock_downgrade+0x6d0/0x6d0 [ 1863.927605] ? mark_held_locks+0x9e/0xe0 [ 1863.928514] alloc_pages_vma+0xbb/0x410 [ 1863.929375] handle_mm_fault+0x152f/0x3500 [ 1863.930298] ? __pmd_alloc+0x5e0/0x5e0 [ 1863.931145] ? vmacache_find+0x55/0x2a0 [ 1863.932149] do_user_addr_fault+0x56e/0xc60 [ 1863.933261] exc_page_fault+0xa2/0x1a0 [ 1863.934255] asm_exc_page_fault+0x1e/0x30 [ 1863.935315] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1863.936749] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1863.941521] RSP: 0018:ffff888046cc7b50 EFLAGS: 00050246 [ 1863.942880] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1863.944789] RDX: 0000000000000000 RSI: ffff888047742898 RDI: 000000002002c000 [ 1863.946608] RBP: 000000002002b768 R08: 0000000000000000 R09: ffff888047742fff [ 1863.948485] R10: ffffed1008ee85ff R11: 0000000000000001 R12: 000000002002c768 [ 1863.950058] R13: ffff888047742000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1863.951672] _copy_to_user+0x13d/0x180 [ 1863.952529] pagemap_read+0x333/0x590 [ 1863.953353] ? clear_refs_write+0x780/0x780 [ 1863.954273] ? iov_iter_advance+0x181/0xec0 [ 1863.955219] do_iter_read+0x4fa/0x760 [ 1863.956092] ? import_iovec+0x83/0xb0 03:38:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowne', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1863.956918] vfs_readv+0xe5/0x160 [ 1863.957869] ? vfs_iter_read+0xa0/0xa0 [ 1863.958683] ? __fdget_pos+0xf1/0x190 [ 1863.959514] ? lock_downgrade+0x6d0/0x6d0 [ 1863.960443] ? ksys_write+0x12d/0x260 [ 1863.961223] ? __fget_files+0x2f8/0x520 [ 1863.962096] do_readv+0x139/0x300 [ 1863.962842] ? vfs_readv+0x160/0x160 [ 1863.963685] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1863.964819] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1863.965928] do_syscall_64+0x33/0x40 [ 1863.966725] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1863.967876] RIP: 0033:0x7f65e567fb19 [ 1863.968673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1863.972675] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1863.974325] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1863.975900] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1863.977428] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1863.978999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1863.980536] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1863.993290] FAULT_INJECTION: forcing a failure. [ 1863.993290] name failslab, interval 1, probability 0, space 0, times 0 [ 1863.994707] tmpfs: Bad value for 'mpol' [ 1863.995000] CPU: 0 PID: 9967 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1863.997097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1863.998423] Call Trace: [ 1863.998859] dump_stack+0x107/0x167 [ 1863.999448] should_fail.cold+0x5/0xa [ 1864.000086] ? create_object.isra.0+0x3a/0xa20 [ 1864.000827] should_failslab+0x5/0x20 [ 1864.001443] kmem_cache_alloc+0x5b/0x310 [ 1864.002100] create_object.isra.0+0x3a/0xa20 [ 1864.002817] kmemleak_alloc_percpu+0xa0/0x100 [ 1864.003554] pcpu_alloc+0x4e2/0x1240 [ 1864.004190] __percpu_counter_init+0x10d/0x2d0 [ 1864.004925] io_uring_alloc_task_context+0xcc/0x6a0 [ 1864.005713] ? io_import_iovec+0x1120/0x1120 [ 1864.006419] ? lock_downgrade+0x6d0/0x6d0 [ 1864.007085] ? do_raw_spin_lock+0x121/0x260 [ 1864.007770] ? rwlock_bug.part.0+0x90/0x90 [ 1864.008466] __io_uring_add_tctx_node+0x2c6/0x520 [ 1864.009239] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1864.009925] ? alloc_fd+0x2e7/0x670 [ 1864.010513] io_uring_setup+0x1fbb/0x2980 [ 1864.011189] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1864.012015] ? wait_for_completion_io+0x270/0x270 [ 1864.012805] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.013641] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.014463] do_syscall_64+0x33/0x40 [ 1864.015064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.015893] RIP: 0033:0x7f00b63acb19 [ 1864.016483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.019431] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1864.020480] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1864.021356] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1864.022232] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1864.023111] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1864.024000] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:38:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80086601, 0x0) 03:38:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0}) 03:38:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0xfffffdfd, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0}) 03:38:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x80087601, 0x0) 03:38:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1864.188187] tmpfs: Bad value for 'mpol' 03:38:56 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 93) 03:38:56 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:38:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0xfdfdffff, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 31) lseek(0xffffffffffffffff, 0x0, 0x0) 03:38:56 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, 0x0) 03:38:56 executing program 2: stat(&(0x7f00000001c0)='./file0\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r0, 0x0) getresuid(&(0x7f0000001140), &(0x7f0000001180)=0x0, &(0x7f00000011c0)) mount$cgroup(0x0, &(0x7f00000010c0)='./file0\x00', &(0x7f0000001100), 0x2060090, &(0x7f0000001200)={[{@name={'name', 0x3d, '-@\x00'}}, {@release_agent={'release_agent', 0x3d, './file0'}}, {@clone_children}, {}, {@clone_children}], [{@euid_lt={'euid<', r0}}, {@pcr={'pcr', 0x3d, 0x20}}, {@appraise}, {@obj_type={'obj_type', 0x3d, '-@\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x61, 0x38, 0x63, 0x63, 0x62, 0x63, 0x34, 0x38], 0x2d, [0x36, 0x34, 0x34, 0x38], 0x2d, [0x66, 0x64, 0x35, 0x34], 0x2d, [0x65, 0x66, 0x34, 0x63], 0x2d, [0x36, 0x61, 0x61, 0x31, 0x66, 0x37, 0x66, 0x33]}}}, {@fowner_lt={'fowner<', r1}}, {@uid_lt={'uid<', 0xee00}}, {@obj_user={'obj_user', 0x3d, '-@\x00'}}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000001040), 0x40c301, 0x0) copy_file_range(r2, &(0x7f0000001000)=0x80000001, r3, &(0x7f0000001080), 0x3, 0x0) mq_notify(r2, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, &(0x7f0000000000)={{r2}, "c6b1f4558a1b5adc79e6d5606075b5b791b01db3008d731e6c7971edbc9d021dcd99f3e814ca9ba77f76e3fd909e30dc9cb17685bd934ea5a8c250b09a8f008fa67b3227fef1bb833b850fa81be4d5c9478206e52958e6d94ca92d43ef5e1348e6cdfa9e3512476ba2fd79c21764f8a28d0695e06338465caba8ea73ea3da1c9413fefd54256251d84b44c05b77dad1a9e4d2ef047e71388bc63e600ca1375a6cb2ccc8dd12d08cb3cd226fb1bd35c45d369611c1d913f2e8dab8ec81729c76a2a61c0e54e31b208f25930aad9ec4e513f65cd20fdeeedaab92f5753f112a09d92af248f6fcf0b56bb173e749c4cd629a0b1d2a229a41be460c5985aa79565aa1672eac5ec3447dddd11c0c41b3f1d1c24b2d45ec9f8042483807c849f8b4abd272e30b5022637c20204a4dea5bec60c837a2b7bc9bb399a7ccd2201834461101dc169120d6f2063424a8b6f1ee901d00a2e76fc25e2b2ac906e941adcaeda4c62fac836e11a36b192d25512751a4fb0565496bf6f484bc6500c8d08aab26d0bb955c344eae1cc8cd33cec9232c622a128c8c80e5a9132d640795bb6f41f543894f36428683b24058b306ad81cf14f256e4bac52ea0b85352e04deb2a0c3307495f1e90be0a12ce08c8e71fcafaf868cc993d42d8e5ed2b8da4399a28d46af913aae6dd2aa7a246b4faf386f76c73af82415af395e4bb7d5a0e791e3891effb642dfb5bcb62ce605c87bfb8737e4355e5beca5509960b71bfd67b7157a6c2bb4185063141ff00d6a907243da3241b04893ffbf339d94758790cf13b1abd48e17c38ee25200c600133e5939354bda827b0d33ef7fb3c8766efd59d013ddc3fdc781fe8401187fbf2b9266cef49092656cfc7faec9c35438a22a04bf12af78381d4a493daa890befca3c33091da6db8f0abd2fda81d83887744e24ed87223356c91d5bf0c7ff15156e5b4f21769ac9e99cbb9ad88d804f1470aeb9745a36303936f369e9e26431772833a7c6f6169866be7b2ad14d4427fed78877015c3a5078c7cbb8691684b47b576c264850203b614ddf699eb5b9be02e0cf36af0382eb6d0625f0a381676617f4a7c7e2adb6e563d31fa3fbd24ef65a73b1564312b1fe4e5fbf1cd2f3824c69a9742e119002c9bd6a1ae57161020c9bc79ae8c534ecd3de43f7b88f2f02a8eb309fcf43b0fe82fd2ec896300cf61caa60d9d6b3e1cab08599eef8f9dcb3fba65380be1eec52fbdf217a565d4ef91ca443ac0eea6e7fda4f8d9b2d34b0effb163ba7cee365d07585bb9776c50665c2a56c985e358d6208ebadcb2642e7f0f99ccabfd9940b70230360f8935715aab2c2a5ddef69fd2475154b9783d1baa8b600a74304cbea7486e0908b8928592ab0f7c734c0b071a983a41f133f6fbc2f10b3d113740934235df2a19094c6c3a8b78abcd0c7dc3c707474f541439107f1ddc38d113a0fccf5d211dc51d2438d8cec9c46f886798371e75af9c409afdc747ad6e7012353f2c1378b18f3934a6052540443ec0ed09fd7b15af71888b81cdb2678ea76d3573bfb27cb0259a7f2ed7bb97d8c1830b2cdcefd38400d7e52e738dd2173dbd55eeac5000ee0859348933c6b16a4bb37d498597eaff872dd6a7c3e078734b5efe91daf3023e28c5a60d1456482a70abb808e395e8c49497ac8c6cd65d6e4c5d1948068e584f9e0bba6f6b066679a248fec71ce6deb855f7c94709569de550babe4f9908ae112ca454c950ee1592aab02167a63aca42bdac834b2651a7b34fb3ede564c388d614eeec048f5b68501f500fc2c677a2610fc815cc6d9bd25e50cf13d770659112f901ad11256064e7147869445fc2f0804453bb4a8be0414cfedbf7d8f1cd7a5d6239657f40372525f5e037f8d433afe56d15caace14ceab7069355ff0da38ff3a61b73d71dade07472126d6da27692ef0f3fc28595492ae2554fade68b232d058e30950a1dd9350d3ca1fe70fe91460cdfc5787cbdfa5148ad2cdc8d66116e8c9dee33f6c88d9ce211c7a23d6f08e731a9b1c8a627a319522764e6b7e11378d55df7a86bfe278c6b0bb79b25e30ed7e72f1da985af156bae859427c3f6cae8f65dbbcca8e8d39ac8a64f61a63d4df187d3ffff63c90251d00f98f68e6efe8683ca19fce99750a87139330cb405e38e5598891d6b141918044da8a0c6c506bda1ea4549706789c6202d575ef62ec1ca4a8b361d47ac856ad9175127009ccddbf938e6d94de58b6cb49909d312613c0f6b91593528604b64465d36837a3eb35dc8fea972052869f8a7c374672d0654e2e417df2be2e4f9d6c188230f2cbac39467fc23689b546f0d8a6accd7e4f500d2c946293e6c51cb47a52f61d12a947742c536146b7d920e4e90199a26c9f88bc0e015196001b9301c445f473b61ffdbc91ccc28d09051cf7bdad53281c397b49779bd43161bf9c04eba2851963785e3fcd03053a6dd4c507fa761f2ddad5bd1ca6014346390995146d627a4e13ca94f7c2a4d7a0d13ba013cc28bb791da1457c31b2b66a659cff4bef4de427b13425e231c6142e878618a92ba4d4c6fbdada3cf03a9b38c42c7057f26eaeb96f7fedce2e6fed00f6e35b228159948b8cd3b67108995cc21ffaf9d3eac7876ef47e5ea12245a7d6db473c8ab83966d0949f1d1146d810475efa0fab85966e75bd7829767dbf5b4e0414349d0fb39f1776eefab53e8bbb77de48b95ac0c666295d9a26f5e34f2ab987ea376e13d95575ab55e446cbfdb00b15cca7cb545237f99346d887f66fb88f08daf99b49e66ccb4ede892cad85c9eae75e98ca1d11a83191ce6c4ba25ba525d33f53edd7b5c26c294d8cbe0cca5b8d054d7ada92cc43e7043beca6e584e582b2c2e3643689dd9e24035808125dc162034b6c3635427626f72ed9d3d2102c3c2a4814c6fcaac69785e221a35523a0ac8978ddd39184e65005688869a2ccf765c752651de25664c81d445f054b6e6fe33c870878227be8fc727cbc1eadaa392a5c950480e67df853af53b644faaad67d871cd8bcce92c3723de40bf72fea2da74ed79772ae5a0c5dd7aa94ce1e312030c9cd6be22f84c50f2043cbba49ccf94f5537ff85a45164974f715b1daef8e37d408ca17bd4e7418d19968bc0d5b695d05e9b6b32488c99a9c9f99407c8736276bd577865b3cb165e97fb17cfab70bc53a02d4e7171c9df2681e1dc98e004ee8beaeff3cd3fcdd3d41670c2b9126e111366253164dc2b6faf878cf8faa7371ae59d46c3a7aa2bfd93be22bfead5d4ebcb671f432ae3886b92607378506ea6428efcc74c006981c42a0fe421efa75a5d0e814f7fd849b1b2c025c3842e6be512306f5c66d27f5ca47893b13c21aa230f401fdd9ad5a1def5069eb8f9edd063159ec75ce1f4cdcba5a987d436e80a0fd95d049fc50461a259bf4d1721fb32ca23f2d4be2e89e15c147cddc579c33d0c31171424efed3bc41052e3d6b4d454a58e194a4f0ae94c2bc05815ae137d6256cebec47c1659b53bb7d62d36a8d199e6fdf4cb6e47f1c9b6015722f26f12c624c2668bf2f5871953e28d4d92b1555a66e79a9c59880f37d7f23cc0a7d7bfe80bbe7676225e06a795437e29fab68db6c27a26df0ef186b7132403f56014ee6a60c622c097e10c8d16f64c72474e6d709ebfd22900ea613b8bbafd61cdbe1aab13cb16ce4fb423b52beeed789ca32eb902e7625cfc2911a48c98b7fc11696ab35068c4f252c19d5c5cfbc97cebb94e7f6b85128c8c13d0171705ec35778bcbfefda03fe6db22dd9e94622a8ca9788b0babbc62d6e172568947f35f27d581c3c72930ea4439dc10e0462531c13ccbc532adef6d9e1d9d126824c083cea0f5627f8dd0eaae4fcff067447f6facccf20d2739d456da9c39e5ec79adf4bb382ed7bbc68e4bcb62e1f64bd613d902b7c18e43e7558b33f6d4240bde6302d1194cfa2254b63cd19bdf2c609c6f42ae1cc485b8cb88ff02179d33eee8225c15b4ba8c434c93d8c24b40391250bdeefc8a68dc62ccd7847a38fd95d7a4748d478a16fadd2cf1600078715b2a1ab23bde3d659f1f999fb505c21df4f188ff045e3a55b59cca154e888e60063d143c2043f50c11a2cd36050bb6fa6bc85af0b9eb3cd68f236b37ed31d0b6f65883aa6560aec7fa71408c9d0733db8b5e63bf720fad981fe569b93eb155b9bc073b081822ac04eca8d95aa046ab0c5c6d85beb8e3fd5e75e841ed0f4a39f23ef05d2b5f3bc78dc6c6942c97478f439dbb0cee0743e2b4fd1d0097d8f5a0a19a874539fa0cdc3460a2deb8620af9ebc2526052f19e7b7aff9a74fe69b022e410e91c3147d985eea1a0b06d008bdc852b5820f584f0c19926dc878a4c7c1970536ea5be5092bd86547340405f470a3c09ef13a7dfe16c9d2e01253362766fc016e8b932c220f8df7161c4c78eba8887a9331d5773e2b6fd4eaade1015d764c8c489340728ff15c70c7816f1f55c7914171a6218318158e3777268f0f69decc28781bfa663013aa9462de33e60ed1b31f28212800c321ec8730e3d565aecbc5691b64c51370fb2db5221cdcc163adb675e48a0f3052a8c17b73d119e4cf2084869b9684e3aa49d4cdee16e537a9b5d090a56f54a60d7c7938cc366d41373696ce2321e377ab0bc6dc0a8d9636dba68f72ae27ba461d08d9ffb8ad3c9fc9ce70acb087892132e6940acac8ae29d874d344c35aa9fffe7cfe76d2e719b1c4f5bcdec70d78fa150e3cfc060b0dd65e9b5fe5ccd1c9a7988c095411a018b0cc1280088e003ecaa96a2fae01556b167594b94ccf54bbc03db6cf302c51700992999b4e845a360068fa73cb51a33dd122c7597b6adab911dddbaa20a590cefb4409db32668d75015bce934454449ed6b2f9a82992cf64deeed173486731f433ed85e775c0d354e5f4a98bee80dadf35c1c0ab0481ab551af716568781d361b54a49be1a47384c137fa379eb9857317a902ec7311c3aa223a777b2c6f49185c854a5254628e015baa0e9fc204cc4f04db464ff5cb45f191472848db532a611715c37424fe66eb93c70dd47a48d5e47410a7a8437750c73175118cdf29ed9a9a2dd7798c25aa6009dbc77595ad025b09e2ac93f988f95fded38305e0ecc1f789d3058b5086a20617a656bd213820d2649605adeb53e832f58b2511a2955514c0618a3d5c7de826929689c90e94b233188c75aec50c083a2851c729ce183ca480592b9dc9055c6bfb23db630e154b9a6b37be7da7a33a10b731815918366b77ac64dbefb06a535fb86de7cc89954a3aadfdc66007ab7965a8301548e769c61dc3cac0e5ce397c21de50c53871e08f0e2b78ceb8b3fc078cb6438fdeae11227669b496c574f4d06a0d247420c25a52877949a17b44d7740e0d8ec9d712d04223aaf0989de0ab189628a0f9039afd20f67852f02ad36d9f59f0be53248cb75974316618f011fde09f02d5135d6bc0984114368be084e21af5c0e1a35a015814d66f7d4c18752ba731da8f90f0c688c62564433bfcb533014667e734f5b8ab0ce9cf007d1079f4cb7a4623f566be4e2038b247afbe8a912788267a6571363d064e4f68e8429a35e498db793496ea2ec81a096a0f29fa9621f6e584e470a42817d7a62d5fbf0587a727ba4ed47c3a2e8c1cdf06af70bca6b6106293dadbce4fad4bd3d6967b484d4eda6b38d851fe019ca32ff040589c7be50d3fbb0b6743cbed7fc36c1681df1bd457a1732cc424f25b0fe1994e195fa1eb1d59fa3ca9a7357995c652a818d7520dc3"}) tkill(0xffffffffffffffff, 0x13) [ 1880.633532] FAULT_INJECTION: forcing a failure. [ 1880.633532] name failslab, interval 1, probability 0, space 0, times 0 [ 1880.636381] CPU: 1 PID: 10020 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1880.638177] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1880.640318] Call Trace: [ 1880.641006] dump_stack+0x107/0x167 [ 1880.641958] should_fail.cold+0x5/0xa [ 1880.642955] ? io_uring_alloc_task_context+0x4a3/0x6a0 [ 1880.644326] should_failslab+0x5/0x20 [ 1880.645302] kmem_cache_alloc_trace+0x55/0x320 [ 1880.646479] io_uring_alloc_task_context+0x4a3/0x6a0 [ 1880.647797] ? io_import_iovec+0x1120/0x1120 [ 1880.648779] ? lock_downgrade+0x6d0/0x6d0 [ 1880.649823] ? do_raw_spin_lock+0x121/0x260 [ 1880.650793] ? rwlock_bug.part.0+0x90/0x90 [ 1880.651883] __io_uring_add_tctx_node+0x2c6/0x520 [ 1880.652909] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1880.654247] ? alloc_fd+0x2e7/0x670 [ 1880.655091] io_uring_setup+0x1fbb/0x2980 [ 1880.656180] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1880.657249] ? wait_for_completion_io+0x270/0x270 [ 1880.658512] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1880.659689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1880.661026] do_syscall_64+0x33/0x40 [ 1880.661873] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1880.663196] RIP: 0033:0x7f00b63acb19 [ 1880.663982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1880.668731] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1880.670314] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1880.672156] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1880.673985] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1880.675818] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1880.677650] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1880.706744] tmpfs: Bad value for 'mpol' [ 1880.748273] FAULT_INJECTION: forcing a failure. [ 1880.748273] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1880.750749] CPU: 1 PID: 10033 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1880.752214] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1880.753952] Call Trace: [ 1880.754504] dump_stack+0x107/0x167 [ 1880.755274] should_fail.cold+0x5/0xa [ 1880.756091] _copy_to_user+0x2e/0x180 [ 1880.756894] pagemap_read+0x333/0x590 [ 1880.757696] ? clear_refs_write+0x780/0x780 [ 1880.758599] ? iov_iter_advance+0x181/0xec0 [ 1880.759515] do_iter_read+0x4fa/0x760 [ 1880.760338] ? import_iovec+0x83/0xb0 [ 1880.761140] vfs_readv+0xe5/0x160 [ 1880.761866] ? vfs_iter_read+0xa0/0xa0 [ 1880.762681] ? __fdget_pos+0xf1/0x190 [ 1880.763479] ? lock_downgrade+0x6d0/0x6d0 [ 1880.764367] ? ksys_write+0x12d/0x260 [ 1880.765169] ? __fget_files+0x2f8/0x520 [ 1880.766017] do_readv+0x139/0x300 [ 1880.766743] ? vfs_readv+0x160/0x160 [ 1880.767528] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1880.768618] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1880.769658] do_syscall_64+0x33/0x40 [ 1880.770435] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1880.771503] RIP: 0033:0x7f65e567fb19 [ 1880.772285] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1880.776150] RSP: 002b:00007f65e2bd4188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1880.778079] RAX: ffffffffffffffda RBX: 00007f65e5793020 RCX: 00007f65e567fb19 [ 1880.779888] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1880.781715] RBP: 00007f65e2bd41d0 R08: 0000000000000000 R09: 0000000000000000 [ 1880.783524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1880.785354] R13: 00007ffcf46a588f R14: 00007f65e2bd4300 R15: 0000000000022000 03:38:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0xfffffdfd, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0}) 03:38:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0045878, 0x0) 03:38:56 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = accept$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, &(0x7f0000000100)=0x1c) pread64(r0, &(0x7f0000000080)=""/117, 0x75, 0x7ffffffd) r1 = mq_open(&(0x7f0000000040)='\b\x00\x00\x00\x10\x00\x00\':#\xb8\xae-\x8f\xbaG\x10l\xbci\x8d\xa0!9;K\be\\Y\xf8\xa2&{\xbfM\xbeT\x11\xb9\x7fq\xf9AM\xef', 0x800, 0x5b, 0x0) fcntl$addseals(r1, 0x409, 0x1) mq_notify(r1, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = syz_open_dev$vcsa(&(0x7f0000000140), 0x0, 0x204000) read(r5, &(0x7f0000000180)=""/104, 0x68) r6 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) getsockopt$inet6_IPV6_IPSEC_POLICY(r6, 0x29, 0x22, &(0x7f0000000280)={{{@in=@empty, @in=@dev}}, {{@in6=@private0}, 0x0, @in6=@remote}}, &(0x7f0000000240)=0xe8) getsockopt$inet_IP_IPSEC_POLICY(r5, 0x0, 0x10, &(0x7f0000003000)={{{@in=@empty, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@local}, 0x0, @in=@broadcast}}, &(0x7f0000003100)=0xe8) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000004280)=[{{&(0x7f0000000200)={0xa, 0x4e24, 0x8001, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7ff}, 0x1c, &(0x7f0000000840)=[{&(0x7f0000000380)="ca7f2a4c00d21304866c68555b9c9b9d0987324a6a5c4b497511709cffc37311136a5db2e635b08a398f84c8f102df84d752ce29b876fb86c20ebec1701a16951358c5e0908a7cd91c801eea6aaa2062", 0x50}, {&(0x7f0000000400)="3c8618d23029134bc12e46c1ecb17028ce1c7e6db2f0cfa3385dffa87542d250d688899edd0de104646a468f932da0eb9079d6874f7e6c5aa66af2cde9476fe699ad1fd80734fcdf2b39619af61d479d7c3ec064b958269859cbec4cd84f6355eb6368331ca7c7f19f", 0x69}, {&(0x7f0000000480)="1bfd301638173578dcdedc0cd79f1fb502050216a725db27ba2f74ce0c3273bf4f5c6817eb058a7b68bad8cc4cbc94b67627b28ee4918533646c820cc088ada7ad5901ee632f1bc57caaad502ea2946a9eda223583772326f3ce8d8fbc0bd7530fdfec95db66349fa2342f6195f3ae242a612dad4b98074056f3c77b547c4ed641f9a9cc9b44dd9c5142bb4a5deaad0e0af0b6aae8908d02220018467d3c83393d6a94b3d2b1dcd79ef2d0a14bd2d92a62de324c715135db04a6bbd76dcbc7197f1a44533d206b5d781445c8924565b5635429256043f02216e3633d83d8b8e01d27e198b4", 0xe5}, {&(0x7f0000000580)="e2cb1a4a806bed3d4963d0438a970d99a5e459cf2e273e7bf859ccd2e435da02cfe3d8a8adb9325b2834a51a23a82d65af784aaf7e8c087c4d290fa289bca524f89b9c1ec27174a8d6ef943950634600c3736b6912853756b1d507745c76ced313c338be17a56195684f328c1525b606d34727baa2751a5fce68870b5af045c93b11d3795333a640796cd092a3833d164a68c4b3ba8183a58247fdfb63731ae2db2214e5897bd2f24302d9032591ab4cff6b9d8431e46bfdd98a1b02aabaa391888f686da219", 0xc6}, {&(0x7f0000000680)="c59cdf1d2efc254cb0626da00f45eb3ecd3be432a701c015942a83c96fab4bf0d2e96d0bb41cf12086d30639ac5bfac8bc1a09b6eabfc93f97014ea82ef81b9a9f901e", 0x43}, {&(0x7f0000000700)="15eff516db78c72cdaefb98b9f5f0904bf897487912c2dd0b4bdcba9a25a6dd4b70fb1e83c13f448c589c9203693f9307ce31cd3f0197059f1c3bd0fa94fa994ac59f47bc757240c6bc61d8d107710c70058e90bc535fed210a6142af2d7c4aaeb7bdab5d7fe058b7c9298656ba44a9d93", 0x71}, {&(0x7f0000000780)="fe59c12a1d65d17f2e30361700f9afe0dfacc7f3f59ce184bb982dffa5d02335106f4e37facc35d6e28de8a77f4f5e2fd56d37227f4c45f13d33415728f6acbbcb26c54f0ad8fbc09e7acde19760161e247979", 0x53}, {&(0x7f0000000800)}], 0x8, &(0x7f00000008c0)=[@hopopts_2292={{0x110, 0x29, 0x36, {0xff, 0x1e, '\x00', [@generic={0x7f, 0x87, "7d3ae858b4dd0f7f001845ed45999e85b2e9516e33dcd130f0e6bb65eb7f66039943ede2c957dd7e8b2b6736852f5262cffaa41007c09762ae52f28fb82106fdf095e40966454cf55df4474fcf021ee6c3c6cb4ccb547a7b8178a9ac1ab2ef8079831c475f475a56c9d2517718a555c448346f7777733ffc32456255ce966117a785aa6de4b1b8"}, @pad1, @calipso={0x7, 0x50, {0x1, 0x12, 0x9, 0xfe00, [0x1, 0xfffffffffffffffe, 0x6, 0x85a, 0x800, 0x7ff, 0x7, 0x1f, 0x18]}}, @enc_lim={0x4, 0x1, 0x2}, @pad1, @padn={0x1, 0x2, [0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x10000}, @ra={0x5, 0x2, 0x5}, @enc_lim]}}}, @hopopts_2292={{0x60, 0x29, 0x36, {0x2e, 0x8, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x1}, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x2}, @hao={0xc9, 0x10, @dev={0xfe, 0x80, '\x00', 0x31}}, @ra={0x5, 0x2, 0x7f}, @pad1, @padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @padn={0x1, 0x3, [0x0, 0x0, 0x0]}]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x1}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xfffeffff}}, @flowinfo={{0x14}}, @dstopts={{0x1028, 0x29, 0x37, {0x73, 0x202, '\x00', [@padn={0x1, 0x9, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @enc_lim={0x4, 0x1, 0x83}, @generic={0xff, 0x1000, "f33d315df40638a5f255fa9d91c9166409403721b870299bdfb7ebd39e5ab328dd73716934bba56b394d5bde61960284c1edeb16a9c47491ba495f6d8e4fb7c35f1f510f5a35c120ac4433e16c43e567bd2837961215427cfc69d62bb7909657d9f5ea7dd16f4682444d9469de207842e4540236561fc4b17f82b404175d24c75d8c35e7724192e5e6de86ac2402c14668b74bfefac680f703483795f85f1a4c064b5f2334ea7551007d2ddbc31cc0206c5f8beff28e3750a6c191cb88123c394b1556c8d88c5a2bfb28393b3c2f9e1ab0dec1eb8e2df5c7a3176c21aa9e30d01d5157cee15cd0056e862cfd959c87c76467bc90b0a5fcdf9fd3358c90573ef9064a4cdb569b54c35e6b7a6dd1618f86a5648a9dd87c83728d4b0ad7ac10c92ea9f686d1bf3e2213ec4debc7a4ce4b9ae3435ef1d03754e8591c17b3bbe0212decf8731b690b936e36ca512004f1fd09b6efd8721557265605b5aa792e61a1d9ae0cf83ab4f9d9084849352ba533120f01860f9d6c52e8c99f8baddbc334e94b935b6da88b1a67f821f7f92743148f6a29b35acb4989e9178f53c338645def36c03320bee509ee32be7c178b195bf04aadbafc98d6bdfd46024d895c3a95a7225ee5a60063fb790dabb65e27992b635da815fa87e3adaa385abd4176c884c545c09aad9595c18651835e5af43df11aff9da720d69fe8bebb4d99f54b64f3dec8ed81da1c97cb34bd77bb7c681c03af5eb2ed9e1c9d5497d62c7672999c9dda737a5c1cd504b7781c8f50c6d399460a9b3933e7a56f835580493c27bc27a6e3a87f78336573e1f691bdcf8e49783b79847997f4952ada9c5f8f288bba4e3c63f046e74ccc784efc18acff533b4244c5aa1ae62eb1aade94b9bf341cd386595bef8273ef445811be2217fb690f71c5b9ab397f71166cffac224280658876fbd7ef897ac2b4010aaa955cc3352f7b4ac5ac5ef8c933d42786ea9c95a7cf1bafb2ca409838ce071c40429496b6677db3d88b76601bfc1f27adf98f5fbb7585bef2c0e9defd6dc876929117e169657889cb2efd0b98a75c15b98999bbf35354583e214afccb55c01539bf397a75b96725134a287870cdaace1bdb7f0987047a583cfb7309b576a9f88092ff65b2afc83ab88b523b47ab02f97e1b33fc727172ca1627ed9001c8024089c306753abd58ae6e470f3b09e30a6fc19565f25c1fa1b7347fcfc6724b317e9dfacb09955c1cddc20855d1842449fcc18a64b6d7ff4c0c736fa1a0b8edefccf18106aafbc1a2d2f43f32e064c07cadfa173e2faf25ef93f3a5a3ac9bdb21006ee2ec93a06a7973048ede61edd80c2860af4b073d63911c2474b956327e2cad2fce33d1c04d022ebfb4515036a420f0e6e0cd42727a9c66fe6ce7e308a717871fcef18987ff8914281b7343aa46f7b18d22e4da19cec368c08c621dc97db14a487706b0460dae44a2ecdc4794a113be5c3c0cc2d7af4f0f477230ce79d4c824dbc791dd30202fddb5e5116e9099245430db5040db7a348e80782500d0dd6d884b02798ef1b0628cc9b4cf0e67a1b0c1fbd75dfcc09fb137775cc9ea58a0ae3f2d3850e15b78225015e76d6de310a0c854c9713ea231faf7513c6571a689dcc11851da2a89714657a8ada288462871444d3abe2e672368867a73b86645d7a1723fb7e7cd79286168176c3d9842c5b5bd60fd0a774eefa6dc644b762b2e652709410daf9e437fa857c73e5be707dc5dc166ef0250a547a65e1e412741958fb6df12fedc3751e43f561237ec58f975a7c4a9624f5611fdfa6104b19536f8ab51a147eae6190a951989141e852c509da43735e50dae8062bc610ee38514159cbe5300f0d3c32a5463279abed24ccb98fb751d6a274c52b6df219e9fc40edc590fb6e548bcbaa5540400bd7d83bda82cf32611e4bd6de14508a1ad14b09b6327b7ea803451d2b628c4c5829fd43ab7036eca1aac41d7e6d5d15f4b89f023e48c08205b542f23ee6b6cb282a378ad1ca8825adc4c4e4d9bfb3b5c7f963ea4504868fb0853b0f8ecc0d2d6cd89afc14950476207a4a943ed1adf96e8e732b0e3734352b82b07a0d46acd68e5b91dfa4f7762e893a5c3869e8f8c1bc768de14d5f7a94e426d9afe1148199a9d50228b01113db0f7512d8b5d407732fcb6e487341b7516a696f5f0c08a70fff0e213830e04d3b15192f1237d9cb23dfdce75b8aa7d4bd40668b6cdfb82907c156033bbb8368ca434ce33453dc6bb629381a1dbf3e31f1b440ef3ae4bdccb073d11e36e55d30a9dd9ca22d58969bcc48d1f9b4d3b59773b9e1895037a908aaa8d895b453c76e513278df6298205370b37b26e4d0e80274a92ac8972f816b387455df881bc08e039fcab940a9d22faed2ba8a3498a8a31ce5c56da3ffdfe8705104ea4a546010a64d2665071979df74a3397740761f890749b588605bc0f6bf57d555415c0833c981c2969aad2cf611ea54a2ac3842c397a396ecf4df7e4e635c96af0243c473cf689009b012279ce930e55b76762a2847c67de1fa6b3bea98f9f394e264ce9d8d514b10e44df6767d54b660d41e8360d14bf013135a325f3797b59b57d95073eb1c309b95c15a2e1aebd3da1c84a6f169fa2100684297d1dcd9a7fda9b509ba7c97d936505ac463ecfb9d347db19a6755287bfe32d6ba2f2d1e3134bebebdf91ac21abc6156537f1998e129d71e2facae604fa51217ee52cd2ca0afe39e60af544b5baf8dc28d8385126096bd4daccbfc581b8663a5fa223b76baf654c767db043b21ac3bc85059f3519c1ea07cdfdec8a992438069a5b6279e907d22b0ad0c3aa20dc306dda8d6fb77f6e7839a1c9a497ec4b4d57163f82e4c21ef8476c078616c688bb6a48334165cb070e416da542454a3af887c1f4509c1dbd1701b8a9058c2111220cc192549176d2ea329a903c91011b52e3aeadd04d8e68615db94a1ea0b98387cfc42f41bbe2596d8b753e56801e5d07cba42e3d7effdfc8a2da871f0df1cf9b63c5a0b019847e060eb6c6b14e607383268f1d452fb2cd5656e0ed58c7e479e261c91ddfef9f59cbf56936b39715d778c198f6b307f9c1ce56a86e9fffb5373f8fe83948bf536ce5f21c06253953a96944b9f3df75630977c1a8e569988fa48defa31b66b1d606fda0a5eeb94e5b481d3d4c0fb02dbe7507267eb3111318904dba0bd2679a2c5755e0ab311b5656a94f29838e14b41477ef35428202a0438156ea7a102cad8c666782d19dd5e36ca1c7b868d03852b46fad5543770914ab9aac9025b93e843391c578f9491ea0e4a816de1c2c88d1e6cbe8aab5d62858ba6ac524b210cc7597b92be589f2c5580f89d07fb4ab640a25d37ea9d2b134e081ba5f294572c24bd4b6472b455e0486eb10764e216e304f53d2a553f88f9bc5006eb7638df7f29095c00f3e8cee0218c816af8586bd975a4955d660fda7e877a1ce348e6379a470449a8a18c5be0d410fbbbc690c0507e23f2e07368dc4cfa3cdb8ae158bf7c29948abe591681e37f15873d1f89195ed49c422f2e880369adaf9215e83753ea93e405ce7e921499a150d69b1cba037a431a42a913beba176d0104f867701bbe03bbe7f4cca0102478458a9bbb58d9ec8985df2b2deff82e187fd2f5d4dbe080652149e777b522f02a238e3a046ec8832288b05bdd049bdf33e7d1515f16c8ce307405f048a745a6e15a307c2db6334f48e94900198ec10088ce0caf319b3f51130123414eb4f14f67f1a7a42211e950ee009ebb700d54aea25980e1d38e176ffa6223d043fe434209de0525266105d4480f9f61ec889ab8fbc9b50e574b5c77879b4b6e04c9e542806d5a999d8bda0f8a3500d3c65a0e5cbff11ab1f820abc1f8c60463dbefc3e122f1750de3e32d02675669e01c57fc0e51c6b3ad49a1671858da38f175b1f34ceb0b272e3f6792845a2000eb38f58c1484f4d4cf89905e8f7f89e8a1cae4110dbca7979943f6be13044453641f5af6b9bd728e6995ed1f34f9e9e5a9358ccb9d03cd01b6da95d6e35c5c71bc5f62e63421a32869eab1854225e7fe1e6690164134ae8cc3e98808141f77f3095470c77fbb196f9f23dec90e281f5fc12d236c1f4752da8835ceaeb47c69fc08957625829a219c70a67da5c194272ce64b149f3ebcfceafec3a646948e6710ae8ba160d8cdb08a6760477dcd3dc3a25dca8bb4e049e456bd09a1f1ad29d4c3260b2fdd334a9c134d2de4a7feccd5a973981c3a46cb70f88fa41f03a0c725e0699354e9804129eceb46c352561bc3576dc8eb481d8ae321ac05a58adcbcee279ef150307ac6f7fe60047701e998a3c8b27794e6603570b0ab6059e0dca3627a5c1a97211b4a883288e1f362d7b78ef2ac8a913e75df34afadf2af4be3d13c09043138f6793c95e2e9fe3e806ad7521af05e73fc8794f83e3523fe3bd85c789111cd10b7834239a6e43405460bcff77cbfa974954fb545b51af7fdbb4283f73a8da12541749f2a58bf64164f03d5b65173bdb8764fa6286b90df6ef0d85a5482f9ead6e3d3268e5e3a058c64870884676945c15842230e3ca82da396c6b676c3bbdc8b8c4dbe5683884838f314ae4d2611eafc7f4524f230356f1745960f5b811970fccaeca04c52dc0dbb7f0e12eb063457e696f35e465f035c5c97aa65ab3533e663a433d73ff188f7522d0268085c3c68e6a2b0e811819bebde869c2e99879f0c75e1a6514032a8cc0c2bd992b7d6464bee88541cbf96166c1f05da3e216f1f04769f903c92e1f95f59b794be0a3d8ec62485d17453c4125190b2da8ae83d53f5da88717c69c7c7c5827dbb52451a5bf5ee2e643ae9d2eadaf2185a40136b8c1aa03e42b243af4b080732a53c79a0601a7cb2554190e133553b09ab505772a0d693fc97f2de82565264a126c04862f99a01282871b35237c20da073ff0b8dbbea1d41036b92ad5086e6a1ced61637f0ef38aac3a088eeb956e6fd7f7e9a45bb98008f1976c162e6b304e8e9cd2c31dc3e103b87d98b4b2672545ffd65339981e5c8bf64a3e8bdcf5aca29c56e07f8ffbfab53fe182dfcfb2af90f46e72b2e576c4629ed5cfb6ebf7093dd4361c81d2fbb46ccbd2759dfd6c7dface30f8321799b356ec98df9aaece9ce6521ad858f380a4c942a836e4ee7aeda267482e5a92eeef6af4cd962c3d899638a5b8e539aa4e8dc3acdf23d152811b65f212ddc9134f316f978ec6d62b4ee4dc9cfd942cfe61d59160d8751e1a1fa43eb13e1457dd1a900e5fefb248adf61d5a5e0fd7b47d124d31b81802103b6449e3d0d9f516a301a41947a521897964d1819607b7bbb37307f5cf64910ad955e323935b610a3e92630bd39fdf94842dfa5fad335d01df3640e502531d2624255b3dd334e50162cb311e3520627c540b2d6db6871cc9cef533e0ad272e090db62e180e04c31b3d57b4bf902449bb645342e0dad941d4d0953db9b5eef9d30cdd6c639dc9ef2e19e1c86237d097a25ed8236ddbfde05b789503228cd1fdcfcf7397168caccd2c975abae706b6a74e73649cbec9e7cdf12021581b7875e6afeafa71fffa8f515f2a72ada729c1e24d5d1243d9ff1e8f412ed138b7b06288283dec3f42807e14851c45cbcf94290694b30fbb1e8a92e1ed444063ee26a52bf46dc7024b030c93acf4dabbd4497fb57f8d938c2499f42b9bd501e48a5cf542503728865626983d707d5d76ec20f49f85bb5ac90e765af6680be65d885fedadf2c9d8dd9414b2ab870f49760964303c428b4a706da9d8bb149b"}]}}}, @rthdr={{0x18, 0x29, 0x39, {0x33, 0x0, 0x1, 0x1}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2f59}}, @tclass={{0x14, 0x29, 0x43, 0x8}}, @dstopts={{0x60, 0x29, 0x37, {0x4, 0x8, '\x00', [@jumbo={0xc2, 0x4, 0x7fffffff}, @generic={0x9, 0x2b, "fbff6f8d0cf1fae480e0d0844a09831d23442e37797ad420fa6dcb5cd9c47c15346d6c2c5c27910ffac989"}, @hao={0xc9, 0x10, @private1}]}}}], 0x1288}}, {{&(0x7f0000001b80)={0xa, 0x4e24, 0x4, @loopback, 0xff9}, 0x1c, &(0x7f0000002f80)=[{&(0x7f0000001bc0)="0d1209f851a6dbe128244f90fd36f6d9d3915c58d70806c10f0e77ca0df50fa1b22266b8ec74dc33ab57bcbcd1687d04ffa703e8463efb819e67b36c500700a8f97f3676be3eeb07717b1922cc6e9e1c052353bac53bd252eed6c49612b9a55f997a4c8bb2d3839bf4bd7712355be8e6323ba4eb67289a5c7b2f22674077a6d42e41469fee5e153f1b2459c7dacfebcaf67c3c6462f36b906599a8a8712b59f59fb3a6687aa7d48c3cb500d82d37624a326f4d35c55dd3cd37a0826d47294c997afe30e571efd723191aa1434dd95537f1d4ab61f8056fadb5ce", 0xda}, {&(0x7f0000001cc0)="6a8ff3952439308869b4dc519f1e1345faca4303cf6a6e106b48a59e39e6e91b38af1457d60f25452a05224116481140bdb8dd48e90fea54c93bde03b5f54c5fcca98def5f3e29846e62c0a916c51e19805aab5f7b0a34aa0d95344f24cda36cbc63ee03fa37554771b1a829c72896baae194481f99dc6b8ed0f23be21dea14a095bdd5f85a26840e2819d218300cb2bc6c9607d230d2e78f614e68a1a62a306a322ea32354838975b025531c4aed7e6ce0a33f9c835723ac360f9ca78199c1812f771201d1479d4df51e17c858d472e2c862303", 0xd4}, {&(0x7f0000001dc0)="d0858d32159ba2adcbf60f40df4622f8bdd5a749d69bd0beb0d374bd0724d6ebf90df2b4d7bf6bf7ca464e3a6d9e7aeb5a817539f1cc34739fe5e6b03e9c94a173b19a963d4a38d14895cd8d5cdb93e70a9dbce6d4ee5beb115a75da1057469d323724e9a221e7cd5c4a40d6018c184764ce9d5cd8718052262449bfc25ccc6a86acff71ba729f5b961aa34e3c8cb7a5e712f2192c3f6cf97514b09c343a114778a24f9021a3658775748827578bf1ee6c93cf37470db1dbd840e22e6fbbdd797046a390ac994e0ec03a677b83e4dcf9a2542abf3d46d7330b83a72292361e8e7692dda1bde531ffdee77704b2303ff4b025cbd275e49ae60bb62ffc9474d7d9b5a63240b8411ca000d38c1f9e50a1c070532182ef8caed708b3dd427b83318a2058312278f902113557a8a3fe4ec3c54a0f4d0ed9318745c6b51145b7a903dcdfc511dad39974a69ff9da8664e4040e48483ed74b3e236508abe0fffda9115845dd6bf386565ca2155df3f0d9403cb88d0a5b3e04446534a6b18232aaacee104cd37b532afa0c54bcb618dee3fb8d54d43a885110d985e455615da61ea6fbc71030b791531328883125290872445f57727ec591a76ab5a6442e52d010677545b8a871d2ec3d5a11a881ced28eade562e7d3074ca672b8678f1ae5c7f68e188707378979e30ae944ef6f72aa1cc98b6600273b0768e57becadf82cf8fd50f6f7e2bf4989f45386e4ef66948e8136dd17bb364453c3b90c4767c9340a43ab7e1ab68539ab9c5130b47a2b9e0f78c4bbc9e623ae62e727d0e9df408aa16c33c0fe88ab091886f2cd9f58be273162cb23d8bb30a78e6060e0a3d3251cde9c7281d494d67b5373edecee5b18ebc04520a1cf2eec27428f56140c76891afb14b02c36c580bf32fd6f3b2f7af4ecefd024974892c20c6c1f5f6dab3aa367567b779c01056fd0c69b48aace7a23efb982b18e0565cd168c7faefe3ae2a7003960b9e2928f976868b38e3712f18404535d28aed91355054a446d908036f141902f5a186b0fe744c2bf46cd4e8232692254ae33ff99fa51b6b850035f599f0ba7e52d1104084fb85dabce6cf161351f8384ee3f628bb1f79197a62e5e25d295034a5faf4e5e5fc7f1ed12c7cc81cf45b7ee20a5206fe14477f274853c38214d31469653325cc4c46b471826afd057443cd2ab287024537d7efc21d9d95688babba63aa5d97fed7060d07d01e1775f44ba2e3e32f228b5586be021c5f4a2395b674377aac2285f0e9f3b92684a641e2d1949d8757745128e986485b502e58b3aa499d400770da39cdf0594050ca41429cb3b7f86e54944461b05bfaeb3795b22ec63940ad4e3d0c19ce2db511497d697d97a9d716f9cead56cac18c2dec473b7af004b39faad8fa92f4450c14c374ed0258bbdaeeda59838559b452b23afdfd987c94f764430518ba5c9e1d8358482a87eec45848382cde15fc86175b11fb4062feaf933f70bfd84e3cef1b7d6e0f3a524b12fc1972165ac6d63a57a56e767963b4506a7ac58f95a2881dcb974ababcc69fbd1fd535a98cb2d51c305d3a7fc4f418cc8a30a2f6ddd71d18306c93feb163cf28352610fc4413419dcc469aaab698866ad59e9776161f5bc10d540204049d32bff4091e5d6c2f5c70b7b488aeec0994c09d6fd234e2a158b31240ec00cbd9d6fbdacbca8b532fd40e637d832c1f3c63ebc541abbc597b909f1ad0acc651b680d056438c00a1251f3f7e8c89db2d1ab89a7d337f05c1dd3dbe7483dd3b16387d39893cbbcbafbc88fb2fbfbef9ea54b9c27beb45c765ed49e4613a5469f995b385854db1246dd0b54c81bbadc85bc0838ced7141bea3594ee007366362408645798d3464d1047c8515e72eec82283d47eca9ad07e66276bb431f3fc89508aeaea790641a7aaaf1378853b1214b752b1970cd606a312f577fcbeb46609c780d430cb2b2ebc27fe741700e22b9bd5ef609ba2d2b0c1d7b52e47e0a94638ef6258a80bcdc8cabcd85469414c0e616d728f6a7f319d55aa42090eedbb4c9fcf2b92447579fa51a1cd2736640a7b967bc764d815962ba91915027a42c7ae38777c210571af7ccf143078dbcee6504327cc5fdfb8c78c97cfaa4de35c424ce6cbcb1a84fe1f194a7ef4815891ea2dc90d55fd5bd40fa16e599a015c94bfa0101969e0cb220d08f8a39263934cf98c01688cfdef432c37abd4e3c0e7a5dcb391735e37a5aa3e74fef056e2acb0de37daedd408b0909280d5f6408c1812aba93d99470e912cb74069b6bbc3b1df54a3db62d7543960be3792334f79f550bac095bc363ff61c9058d48472bdd8716fd41a10f76acd64c3372b400bcd66cfd7c31e40f9a0905d39f3166d4519d3c13790aecf2ba85f50b826c125e45a3023b6f8b92ed76d6167d28b3521d893cd13c16249ef11b85be780a9682f129eab3d2d4a66acb7bae72a76a6efeb4e2fde3fac7259a1ffe2cf5e5b26de3109ed88b00f06918cfaf85e2049ad625ac571595fa4cd3ba76418245afc426875947fb37d9faa3986abc4ba0890b856a157dbe8946df16104e0a89c1f3dc9cd905d9b554156c6f21dd09902547bed42bd25d7b8d06d7a66621fe8df79e12ed01cc332caf4eeb1e83e74a8a0435c4f3bd1bfcf3e140e9b47e2e4e4364fe113b7c78b5a09c4859b4275bd10ac8e3bd07d6f3fa341110b974652c56f0ece30ac430a1861bd4bd8a5f922744e02a1aa104773085c2cd9bea0e5a215786a2b2eb75a3dd9f94ac7bdc0e139ba1521659160d071385ddf6c35cab00ce06e7a376d759e2a98d4528179ca2ac9c3418486163cd067a32a9f8d68c920550d535cbadb387da51a950f8885e461bcf9a8ed9c2725e3b785732fd5bf7074031c657790bd9f58a564d45f14ab439c6639a98e9e554ee3359dcbe4bef8352501ea83da50333ad16ca3d11eaf42a568de26e51a4c9b0cddfd08386a3b919aedbf7cb052cae013bdec0b0933fa1d5445327da3e7fe932cadc49d1cc3b422b7be3d3bd07cb0e5cba9d5d31b64feb51fb5b1c2af074358dab7492b1ea603518603cf72ad53d9c6e6a5612f26491ec59c0ba48a6a194c422e9c9aecc5129b83b292cd2b25df9522800788ff216fd882fb392db0a6a5226c976e16018ad89f6b9922b88df476df9d239320ea2dad9a2dcb86e64cd68a0b9041f911e87045c15694db213391a547bd417ddc340afa765087091af69db095aef1a5c2beee56471934b48d6558f8a6c3e94ac711b696e5ce789f4b707ecc491cf2c0303831e72077f433ae1f95910f47bd7df6d4480811095ee1ddbbd2ad51f623261f9b8211ca219c4768c0f5447572793ee6eb91e879412327e8b7dbd19b78436d825e6468d8c758fbaa4ba1fee441fba141445099625e5b3d6902f6d80d683c6c00b0bbb0d1ef1723955a5fce440c256a14e58160fdc943a3d4687501cec608a4ca39e8f6b7992cff2a8d69e4fb7b134a60ccb6ba004d6bf10775cb683be55d52c6573e367d73cade1e11e7f68635235ff9700a4e5d3aae0fe0c93982b1b01a92d2c42c3fb931731d4b555aa5bab7d34b1172a6bc1e664fb750703632505805b5863861e3b91636291e9261c9df4d082f7fbb09b51408fa6d6ea387be8906945a8324f122ccaf7e857fb9eab53abfbb1d59048ab261eba1bef6efa31ba74c1824212173d671da29b4ef30188c898973c940b4ab0a97af83594110ad926b9a5530c35a1a67a8eab526434d2f6b8e3bd0e8d156bd78141c64bf3553da3f543224303f0d280f9198845c28eddc460c4839a80fd2ce6bf37758f5497b74ab6a51ea23734c4fbcf297b7022085ba3fe2e283f5afd46de2130cdf5f7cce7567772728d7e87c906adcb70ba92dd7f27c4e068e3226e1bb3ceb9d287ca1cd182a4e60ed6c8b18170ea0e43e7d818e1c124998557cc2f90e4b04563c18a7b66fa6e8e9536d38d7844240d1f91ce2754fcb54d15f8db4a7a73965b55063dac538833577bb1e300994a821ad2ab3fb6219665bac99b544b1d28b4f983665d15643f5467cb8cc06ca4a4c08f6c6c2f18795ead8e9c9f4592b1cea27f8e444aa8de1ad3a7a2f36872e0af224cb6311be9a08535554e51d427af0ff3520890196c11a798881fc0021023edef0084f12decae4e98712b01a0487153a18f0796118fa9a2e3d306f594391e3998c8fbfc0b53ebfe91ee48fd10e0535c9fe15be9fbafb5656b7264f0654143c45aa6c0789aa1ecd59a872c96a1c3916f3c937f575ac23b0ffe48a728fe3e1928d2c02c0bed6019c5c3774cb01510c7914d8e38813e6f78febd9523d20b5aaefc6e4305567a5119b6a22fb34b43aee91858fabc20091aede8bb1b12425e5f3dd25ad30936e74c1bcbeb858d7b48f3b58f2e2cfbd0b7c34e5cb17763f6c7a71f08cbdc3b582bb2bfbfead19c8ca3fac8668b358ad173228b9e643de9e4f2dba0ed5005d2203d60b56c1fa43aaaef291e41efb1f39d2b445599259eaaf6842339cbdafb3a609ba81775438439f5505acb59fc991c6450281e68c36a036d13c785d861541a46992308723b7b1f9af0def9c7b4810e900d063d02b837414532b286dddb4b43c02ede967e591880e215d118d51620f2b3ddd855d218ccda308774448a78b4e941e62886abd481e328262b24d850584f80a394aad07ad21983f4da1c86bac8fe6a898a03772cd5d48edf4238d03d2c38fd1361b7913914ad21c31ca586d3c9b55efd8832a2c9240e44a07a130c9c2d5ac353c8dec0a1fa6c462cda749f8d7214c3e9999472e636df3026588bcf5e2f9db5d392ad2e3e7008700a1c4efc639ac74908c82f40eb8a26b53f7d4f4748a51c1fdc90e8e8b38b661dab8863905cc25d23434ceacb53ef39ff41915bfec55e619775ffe77bdd1f010a61f4ff8be969053b8cd986cbf75ff9590fd5862847ffa864ef673dec29ee6e781de18e1c046ac21a79bd9b72680699157cd1c28a2fe3eb5d3c30762ef668d8830249bf07d59b1220a08c16ee5333de8a88f8d7f609705afad19fdb7a7eeb7777613464bda15c444ad48f833cbeb3df2a644826ac7816a2fa0a3eef7ef981d639c013168386fda4d3aef037422855bb5ef5647be22a53210011289830fb605cfc72c992f5dcc82948236d8e9237feaa7166f46bc22dc5f34323629842180a08da9ac554ea0253761816fd494f4de1bb5c1ef32497e72fcad063f6b0ea5c0ddc75046d5f9a1a41ebf36bf85cd47e30f6af11610791cd489314f691a99c32c7e60196509a17caf0b68d4a35bfc24d799ba4f52a6b8ac1643a786e0877fb09d134fc24b0b2d63e2a2fd5c594c34d9054894da12c337dcdf7f7ed6ecf46b11102fd1d38a6ad9d756a4476f543b5c9a3306e38dddda3bb90e20f7248cee4da4866a0f2420ed1494a23b6e42dea0216e58e8678565afc193eafec515111924b73f00901ecfb1601f7bbd6c1c890ad38977a73ec0ae8e82cb479a172abf4d2501ef29632d339eee49703950738a7c47cb2ee9873179791e34e1c48ccdcde3e097451729f4b737b168b2c207ccd36d9b517ec98d82cc3a582164b509979ce8e7263fb138e68c47a08519c8eb86896a97a0e5a427cef2779fbb775153fbc3ab90eceda87138986009503e21c8cae8b149fc311f80c5a221fe83768a69a2fe763fe3255e9a5c13416df2588bd43409d4953752096647973f80b8b4a49fc76be8d86d8f66234c614cc90402b2b4b3a499a9aa05af23eae94a572fbd6f1ca76eccf92d8b43ac02ddd598d14a62d9c4bdf9aec3a41bfa", 0x1000}, {&(0x7f0000002dc0)="72948e288a64b6bc62bf554069469e477007400ca561efc840a420d1575e3af7545e5d30903023ecfa3a1700d7635b9e0bdc7c69a520ec2e33593ed7d1f3bab2ff864e20e6697141243583a55f9b77c55333f92672d5c601aecbd438be6e7722ff33d3e163abbbcb5c346ee2658fb43572c7fbb2f0f99b110a6d81f4a18e2d4b6945", 0x82}, {&(0x7f0000002e80)="fe0f0d794ea6b46c546721d46b3e0bd489d4adcf0fd794bee07e5482e6af7254fff46cd2ca9dbec82d1af0c224bbd70cd876936a1effda20898f5cc0dfee0691139f177a5615195aad1d90e024d773da5e4c3930bb7cfa58395dda699e8e34011dcd3d5dd52865c988f48ac6063a2644c0026af1d0c74693ffa99682af14f2e9ba4c3ca94bd6f4de4617aae555368c85e4b1ea966708e91a7c09d5245087bee392565ada50d4f2a5e2c814cfab03a4a0e56c80872d41fa8db43d97571afd748e310f3ad3b9c34dfcf2", 0xc9}], 0x5, &(0x7f0000003140)=[@rthdr_2292={{0x58, 0x29, 0x39, {0x0, 0x8, 0x0, 0xe7, 0x0, [@private0={0xfc, 0x0, '\x00', 0x1}, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @remote}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01']}}}, @dstopts_2292={{0x60, 0x29, 0x4, {0x2b, 0x8, '\x00', [@padn={0x1, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @jumbo={0xc2, 0x4, 0x8000}, @jumbo={0xc2, 0x4, 0x7fff}, @hao={0xc9, 0x10, @mcast2}, @jumbo={0xc2, 0x4, 0x80000001}, @hao={0xc9, 0x10, @private0}, @jumbo={0xc2, 0x4, 0x1f}]}}}, @hoplimit={{0x14, 0x29, 0x34, 0x2}}, @rthdr_2292={{0x28, 0x29, 0x39, {0x11, 0x2, 0x0, 0x2, 0x0, [@remote]}}}, @rthdr={{0x88, 0x29, 0x39, {0xa8, 0xe, 0x2, 0x6, 0x0, [@loopback, @empty, @private0, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, @local, @ipv4={'\x00', '\xff\xff', @private=0xa010102}]}}}, @dstopts={{0x30, 0x29, 0x37, {0x2b, 0x3, '\x00', [@jumbo={0xc2, 0x4, 0x4}, @hao={0xc9, 0x10, @private0}]}}}, @hoplimit_2292={{0x14, 0x29, 0x8, 0xffff}}, @pktinfo={{0x24, 0x29, 0x32, {@private1={0xfc, 0x1, '\x00', 0x1}, r7}}}, @dontfrag={{0x14, 0x29, 0x3e, 0x8}}], 0x208}}, {{&(0x7f0000003380)={0xa, 0x4e20, 0x4, @private1, 0x100}, 0x1c, &(0x7f0000003900)=[{&(0x7f00000033c0)="4c2218826c5204be8730c90cbb40994bd7202b4c2f8fd9c023c3918575369fab817022d9b0ca6cd4b310feb129147c240733c8df7a1a51d168d8dc872ca3e3fa65720f959f8d5c4d97c95eab22b94fdca2a19fa21b80194de66f019917638f160c62faf4c9c32d33f8baf5cada3a0dd9cabe0ab9cbcc3b9e71c7eef83b749b0471d79c28f6865f146891506df9278b634ab4434bdaedfdb223cfb0441c4ddb191455f256a1e0d84dbed5455c6d17ca149d7c3fd6a0604ef14feb320301f676e1ccfcc60909388915aeea", 0xca}, {&(0x7f00000034c0)="bc3a0dd334a02bfd45d41f266694563270685b035940c689d52d44ca81d119f3267eb35fe04f79a336745904eda6010c867d9465918588d309d36cb20472245aa899624f31d30318d45beed8043a9e300cc8572e6a7685268064cc65058ba5552039444b67dd", 0x66}, {&(0x7f0000003540)="0b6661684e95094411f1b2384303b234dd9fcd5bb8accfce65a05c2a7da1451cab46785c15960460eb0e1826908a5b0a4b7ea47490d9da9254d015f91889489d9fdbd60cd82dca959d20b67b05cbccc46320c046f40b8d15f3a4a2c652f3019ebe8dfb4e5fd7c3af57563ceb21f790ef14ff3c99e8e10151f692583dc28215f374038e533db86e94f28f84463d9d904b3186b3fdbc61e6db9e506de779fec26933c7fefb0f1553be33657c723e7d511aa9c3521700fb81da30be5aed28570017cbd56f352bc42730b8227ca21691c7ba65d6fcab2ebd89e7c066bb582067", 0xde}, {&(0x7f0000003640)="10a8288a0a87f4a16fb541fe5d5b3da3872554cd0d78570e04cab696768a06805ca9f431abe9e23b59905a194350744ff864cdf224feabc1e82afe6300002b089cf947cf0b0fa499b2c375adeaf44ada32774168d1d79dabc32f4372c0", 0x5d}, {&(0x7f00000036c0)="6f4136fa05107a3dd64037d2c953b57152ebd5be024147b9a5547f5a80e51e96ccf89dce21ae700f5817b15bf2805eec555659fa8191128cfaf8db8e3c77aa3dfa6f3e32ff45916802f452318b4642276cbe841d18f37b6ebd4e8e000869cce9a24ea1f5f7d581df102809107085217e9b584e68093dde217d19bfbd196a4fcdcc92035c1d485cf345144c44ca38d96589abb49299dcf145569fbb79b7f216acb5c12eaf30b300c98d628262299f87e40cfb012ef0c7c20275a4566cfba2305dcaeeb9aa007de0b2125e", 0xca}, {&(0x7f00000037c0)="4cb74a4bdd7b0d25d167969a3adfd3bc79c4ce54e50aceffaa7b402779af8736", 0x20}, {&(0x7f0000003800)="bba16b6b2ab4a906e9e39778c5be4f39b337b1e098dd9ff5da2ea6c999407e012f74cddb4f254abe883d1eda33a75e1bd3ba396ac74752386bde97820db4c3bd6427b14a9df013116c839453a10f2ba464b16cf0ffe27d21a5208865ea46c328e26fff180d9299617dfb0ddc7a28e51dfd7897b1e7ad909c2438545acccdcdedaae842ad820cc82682d67bfc120e43ae79eab8262bb995", 0x97}, {&(0x7f00000038c0)}], 0x8, &(0x7f0000003980)=[@rthdrdstopts={{0x40, 0x29, 0x37, {0x2f, 0x4, '\x00', [@calipso={0x7, 0x20, {0x0, 0x6, 0x3, 0xf1e, [0x40, 0x7f, 0x2]}}]}}}], 0x40}}, {{&(0x7f00000039c0)={0xa, 0x4e21, 0x92, @rand_addr=' \x01\x00', 0x277}, 0x1c, &(0x7f0000003c80)=[{&(0x7f0000003a00)="2cdaae9f0cff86617d38178db980093f35558989123d50719b76df9bcaff14c758e76be1fb7f9917850568e440e32b75f31f5619bc2ae1f4d40262d75e0804be59efeba4bf91c51d549fc1daab24a678c43161a44fe356612aa8f7577fa0ad5e6973083a636a41988238bd60b7abf7bd5a4189c6d4e1307e47ebea5e1ca6193dc89d8e4050e892487f2011326a1869052887cf70a2b5ced6302f9a3809d2369af22e6735f0a392d440eb6499e548b6645bf31c21", 0xb4}, {&(0x7f0000003ac0)="6d7d70fa9805d3e53ab73e468f2d38f8772ef8467abe48987a29eed741e39fb362169be4189b77f902607c9c8bcf589ce5c2", 0x32}, {&(0x7f0000003b00)="ea01a8756618eb627940844b0645116fa73170155460cf77413ea5fc3e0de31885b33d0bfd88cef3b459445199569da0396e13a21c279be029cdb60864b122945cf9af447b58b0f8447de1c3b70ce974e041121b3cb522ccbd1297dd9704602cc518b3043c3aa2fe02c90ee5690bea0cb82631cb4a2cc7fbde2fb612daee764b3d8a6fad08e4b430b412f177a256cf790122162271034872aa6b59f53d96249e95ce87b11a6792686ef6b22c89fd2241a738f3b82b724658adc08f027e8f4b6df3433dfee144", 0xc6}, {&(0x7f0000003c00)="87259f8903a9c8c1979254556e0488a5d186d3", 0x13}, {&(0x7f0000003c40)="5f4a71c3e41c345febafb69de2bef22128e9bd60a6", 0x15}], 0x5, &(0x7f0000003d00)=[@dstopts_2292={{0x20, 0x29, 0x4, {0x2b, 0x0, '\x00', [@pad1]}}}, @rthdr_2292={{0x78, 0x29, 0x39, {0x4, 0xc, 0x0, 0x7, 0x0, [@local, @local, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @dev={0xfe, 0x80, '\x00', 0x28}]}}}], 0x98}}, {{&(0x7f0000003dc0)={0xa, 0x4e20, 0x3, @empty, 0xffffffff}, 0x1c, &(0x7f0000004180)=[{&(0x7f0000003e00)="33917d23db14d0eba8647c0626c10a884e8147da8a4550cda9e76d1ffe06568a5bcc7cec5893c936dda1b4a0e655f3e3f7100db3ccdfdfebdaaefe892b8b1d8199a48dc166", 0x45}, {&(0x7f0000003e80)="b6da392ea05289b98a414a5252c79474c6afaf4e2a777c0a3a105d2c980941c81d059d8c602ef89f6d83a69a8de1a1060b52f9331306cc4ad7cd654db1b8ea8c16953b0422b9aa75e7cb0ea0a1a672ea7fca3d541fa7d847636073b854ec96de35d969d650cebf6706310664ae8b81ab74afd442ff1c02cf258c4053c3892edc34f20a0cc8ac5d2534c2b5c8cd1b0f1726096457f8f2551729a9df6692091e9e507ba16b62ba0754e2fa5e3e9a0fda1578c365d9f324ed4a391a37177ac28a517e5bba29ee3f38f45ecf0876253b906c7677bc19", 0xd4}, {&(0x7f0000003f80)="f74e3983f04ff05d3c2f2328f16b044b68f902feec01acf399ae1edf5a9c2463d7fb7dc44bbfca68adde8e0842dac4e2bb22d312a064828ebcb4dfa7f0360503ab4ee63afa96cd20456c0a2d9111e183667f1b516f48d4be6394db183469f73259cb329b599fc91b43040e1c08197d12b65690f39718fbe5b288f4c4f217fca821c124557d4daa8b261a34dd2fccc2fea8c1648289dac6", 0x97}, {&(0x7f0000004040)="df45c3cc8e64e3059cff8e15c9f31413e3a6866e881a2410ccc4340beefb7434e2b3990e463ba8932706f3c7af6076ea3a9089f781f5fedfea4071bae7782327f64d283fdf631cb42c6b2123b643390027", 0x51}, {&(0x7f00000040c0)="b2170f7322d898be8686daa6bc4d3657793bf2d6f0023157d52ca92d3b9b6e839f795b8efd66311cd21f9caa69186689c54e40f353625588d09689c68f9bd54ea1e3bfc57b7d5ce63907e0c8541a31dfe90a164c9ff6eeb4356d362031e5cdb1418d512d96c1c540e79aca2dd92a2c97686bdf33fb07aa03120b9c05487cfe8a5cda2a69d9e668397eb4f6f20297479337ffac5ae4525afd39d09b8cc1236545a0b632620c77a845e21e51d6ca8207a649cd38b81e911a931c8f0e", 0xbb}], 0x5, &(0x7f0000004200)=[@hoplimit_2292={{0x14, 0x29, 0x8, 0x1}}, @rthdr_2292={{0x68, 0x29, 0x39, {0x5e, 0xa, 0x0, 0x72, 0x0, [@local, @private0={0xfc, 0x0, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, @mcast2, @private2={0xfc, 0x2, '\x00', 0x1}]}}}], 0x80}}], 0x5, 0xc000) 03:38:56 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:38:56 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 94) 03:38:56 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0}) [ 1881.066887] tmpfs: Bad value for 'mpol' 03:38:56 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:38:56 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0189436, 0x0) 03:38:56 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1881.173685] FAULT_INJECTION: forcing a failure. [ 1881.173685] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1881.176129] CPU: 0 PID: 10065 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1881.177524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.179025] Call Trace: [ 1881.179501] dump_stack+0x107/0x167 [ 1881.180174] should_fail.cold+0x5/0xa [ 1881.180862] __alloc_pages_nodemask+0x182/0x600 [ 1881.181698] ? add_mm_counter_fast+0x220/0x220 [ 1881.182508] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1881.183601] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1881.184552] ? lock_downgrade+0x6d0/0x6d0 [ 1881.185290] ? mark_held_locks+0x9e/0xe0 [ 1881.186043] alloc_pages_vma+0xbb/0x410 [ 1881.186777] handle_mm_fault+0x152f/0x3500 [ 1881.187567] ? __pmd_alloc+0x5e0/0x5e0 [ 1881.188348] ? vmacache_find+0x55/0x2a0 [ 1881.189120] ? vmacache_update+0xce/0x140 [ 1881.189919] do_user_addr_fault+0x56e/0xc60 [ 1881.190738] exc_page_fault+0xa2/0x1a0 [ 1881.191502] asm_exc_page_fault+0x1e/0x30 [ 1881.192305] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1881.193349] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1881.196929] RSP: 0018:ffff88804ad7fb50 EFLAGS: 00050246 [ 1881.197953] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1881.199440] RDX: 0000000000000000 RSI: ffff88801d248898 RDI: 000000002002d000 [ 1881.200927] RBP: 000000002002c768 R08: 0000000000000000 R09: ffff88801d248fff [ 1881.202353] R10: ffffed1003a491ff R11: 0000000000000001 R12: 000000002002d768 [ 1881.203775] R13: ffff88801d248000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1881.205415] _copy_to_user+0x13d/0x180 [ 1881.206279] pagemap_read+0x333/0x590 [ 1881.207124] ? clear_refs_write+0x780/0x780 [ 1881.208110] ? iov_iter_advance+0x181/0xec0 [ 1881.209102] do_iter_read+0x4fa/0x760 [ 1881.209958] ? import_iovec+0x83/0xb0 [ 1881.210808] vfs_readv+0xe5/0x160 [ 1881.211584] ? vfs_iter_read+0xa0/0xa0 [ 1881.212501] ? __fdget_pos+0xf1/0x190 [ 1881.213359] ? lock_downgrade+0x6d0/0x6d0 [ 1881.214295] ? ksys_write+0x12d/0x260 [ 1881.215163] ? __fget_files+0x2f8/0x520 [ 1881.216114] do_readv+0x139/0x300 [ 1881.216906] ? vfs_readv+0x160/0x160 [ 1881.217773] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.218956] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.220152] do_syscall_64+0x33/0x40 [ 1881.221001] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.222155] RIP: 0033:0x7f65e567fb19 [ 1881.222995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.227116] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1881.228828] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1881.230428] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1881.232043] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1881.233632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1881.235239] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:38:56 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 32) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1881.309297] FAULT_INJECTION: forcing a failure. [ 1881.309297] name failslab, interval 1, probability 0, space 0, times 0 [ 1881.312113] CPU: 1 PID: 10070 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1881.313963] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1881.316185] Call Trace: [ 1881.316864] dump_stack+0x107/0x167 [ 1881.317781] should_fail.cold+0x5/0xa [ 1881.318685] ? create_object.isra.0+0x3a/0xa20 [ 1881.319811] should_failslab+0x5/0x20 [ 1881.320765] kmem_cache_alloc+0x5b/0x310 [ 1881.321781] create_object.isra.0+0x3a/0xa20 [ 1881.322863] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1881.324124] kmem_cache_alloc_trace+0x151/0x320 [ 1881.325289] io_uring_alloc_task_context+0x4a3/0x6a0 [ 1881.326542] ? io_import_iovec+0x1120/0x1120 [ 1881.327629] ? lock_downgrade+0x6d0/0x6d0 [ 1881.328653] ? do_raw_spin_lock+0x121/0x260 [ 1881.329719] ? rwlock_bug.part.0+0x90/0x90 [ 1881.330780] __io_uring_add_tctx_node+0x2c6/0x520 [ 1881.331973] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1881.333278] ? alloc_fd+0x2e7/0x670 [ 1881.334204] io_uring_setup+0x1fbb/0x2980 [ 1881.335244] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1881.336508] ? wait_for_completion_io+0x270/0x270 [ 1881.337744] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1881.339040] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1881.340334] do_syscall_64+0x33/0x40 [ 1881.341262] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1881.342522] RIP: 0033:0x7f00b63acb19 [ 1881.343444] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1881.347976] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1881.349861] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1881.351675] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1881.353447] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1881.355133] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1881.356855] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:39:09 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 95) 03:39:09 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 33) lseek(0xffffffffffffffff, 0x0, 0x0) 03:39:09 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc020660b, 0x0) 03:39:09 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:39:09 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0xfdfdffff, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) [ 1893.827600] FAULT_INJECTION: forcing a failure. [ 1893.827600] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1893.828997] CPU: 1 PID: 10078 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1893.829793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1893.830753] Call Trace: [ 1893.831061] dump_stack+0x107/0x167 [ 1893.831483] should_fail.cold+0x5/0xa [ 1893.831928] _copy_to_user+0x2e/0x180 [ 1893.832389] pagemap_read+0x333/0x590 [ 1893.832829] ? clear_refs_write+0x780/0x780 [ 1893.833329] ? iov_iter_advance+0x181/0xec0 [ 1893.833834] do_iter_read+0x4fa/0x760 [ 1893.834274] ? import_iovec+0x83/0xb0 [ 1893.834719] vfs_readv+0xe5/0x160 [ 1893.835122] ? vfs_iter_read+0xa0/0xa0 [ 1893.835569] ? __fdget_pos+0xf1/0x190 [ 1893.836011] ? lock_downgrade+0x6d0/0x6d0 [ 1893.836506] ? ksys_write+0x12d/0x260 [ 1893.836950] ? __fget_files+0x2f8/0x520 [ 1893.837420] do_readv+0x139/0x300 [ 1893.837821] ? vfs_readv+0x160/0x160 [ 1893.838253] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1893.838854] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1893.839445] do_syscall_64+0x33/0x40 [ 1893.839868] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1893.840466] RIP: 0033:0x7f65e567fb19 [ 1893.840892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1893.842991] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1893.843860] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1893.844693] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1893.845510] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1893.846327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1893.847138] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1893.859642] FAULT_INJECTION: forcing a failure. [ 1893.859642] name failslab, interval 1, probability 0, space 0, times 0 [ 1893.861021] CPU: 1 PID: 10084 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1893.861807] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1893.862747] Call Trace: [ 1893.863049] dump_stack+0x107/0x167 [ 1893.863460] should_fail.cold+0x5/0xa [ 1893.863896] ? io_wq_create+0xeb/0xc00 [ 1893.864353] should_failslab+0x5/0x20 [ 1893.864788] __kmalloc+0x72/0x390 [ 1893.865187] io_wq_create+0xeb/0xc00 [ 1893.865620] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1893.866205] ? io_import_iovec+0x1120/0x1120 [ 1893.866706] ? io_apoll_task_func+0x2d0/0x2d0 [ 1893.867220] ? __io_req_find_next+0x300/0x300 [ 1893.867729] ? do_raw_spin_lock+0x121/0x260 [ 1893.868240] ? rwlock_bug.part.0+0x90/0x90 [ 1893.868725] __io_uring_add_tctx_node+0x2c6/0x520 [ 1893.869280] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1893.869876] ? alloc_fd+0x2e7/0x670 [ 1893.870302] io_uring_setup+0x1fbb/0x2980 [ 1893.870778] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1893.871363] ? wait_for_completion_io+0x270/0x270 [ 1893.871927] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1893.872540] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1893.873132] do_syscall_64+0x33/0x40 [ 1893.873561] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1893.874147] RIP: 0033:0x7f00b63acb19 [ 1893.874574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1893.876694] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1893.877566] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1893.878379] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1893.879198] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1893.880022] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1893.880847] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:39:09 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0xfffffdfd, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1893.912447] tmpfs: Bad value for 'mpol' 03:39:09 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 96) 03:39:09 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:09 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 34) lseek(0xffffffffffffffff, 0x0, 0x0) 03:39:09 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:39:09 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0xc0481273, 0x0) [ 1893.976389] FAULT_INJECTION: forcing a failure. [ 1893.976389] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1893.977790] CPU: 1 PID: 10097 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1893.978579] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1893.979526] Call Trace: [ 1893.979832] dump_stack+0x107/0x167 [ 1893.980271] should_fail.cold+0x5/0xa [ 1893.980716] __alloc_pages_nodemask+0x182/0x600 [ 1893.981253] ? add_mm_counter_fast+0x220/0x220 [ 1893.981784] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1893.982491] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1893.983101] ? lock_downgrade+0x6d0/0x6d0 [ 1893.983582] ? mark_held_locks+0x9e/0xe0 [ 1893.984056] alloc_pages_vma+0xbb/0x410 [ 1893.984531] handle_mm_fault+0x152f/0x3500 [ 1893.985020] ? __pmd_alloc+0x5e0/0x5e0 [ 1893.985470] ? vmacache_find+0x55/0x2a0 [ 1893.985941] do_user_addr_fault+0x56e/0xc60 [ 1893.986448] exc_page_fault+0xa2/0x1a0 [ 1893.986891] asm_exc_page_fault+0x1e/0x30 [ 1893.987374] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1893.988003] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1893.990124] RSP: 0018:ffff888046c47b50 EFLAGS: 00050246 [ 1893.990737] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1893.991557] RDX: 0000000000000000 RSI: ffff8880468a0898 RDI: 000000002002e000 [ 1893.992387] RBP: 000000002002d768 R08: 0000000000000000 R09: ffff8880468a0fff [ 1893.993197] R10: ffffed1008d141ff R11: 0000000000000001 R12: 000000002002e768 [ 1893.994001] R13: ffff8880468a0000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1893.994838] _copy_to_user+0x13d/0x180 [ 1893.995291] pagemap_read+0x333/0x590 [ 1893.995735] ? clear_refs_write+0x780/0x780 [ 1893.996243] ? iov_iter_advance+0x181/0xec0 [ 1893.996744] do_iter_read+0x4fa/0x760 [ 1893.997187] ? import_iovec+0x83/0xb0 [ 1893.997631] vfs_readv+0xe5/0x160 [ 1893.998029] ? vfs_iter_read+0xa0/0xa0 [ 1893.998474] ? __fdget_pos+0xf1/0x190 [ 1893.998902] ? lock_downgrade+0x6d0/0x6d0 [ 1893.999376] ? ksys_write+0x12d/0x260 [ 1893.999819] ? __fget_files+0x2f8/0x520 [ 1894.000301] do_readv+0x139/0x300 [ 1894.000702] ? vfs_readv+0x160/0x160 [ 1894.001132] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1894.001730] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1894.002318] do_syscall_64+0x33/0x40 [ 1894.002741] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1894.003337] RIP: 0033:0x7f65e567fb19 [ 1894.003755] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1894.005861] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1894.006732] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1894.007549] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1894.008371] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1894.009198] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1894.010018] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1894.018816] FAULT_INJECTION: forcing a failure. [ 1894.018816] name failslab, interval 1, probability 0, space 0, times 0 [ 1894.020167] CPU: 1 PID: 10105 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1894.020959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1894.021903] Call Trace: [ 1894.022205] dump_stack+0x107/0x167 [ 1894.022618] should_fail.cold+0x5/0xa [ 1894.023053] ? create_object.isra.0+0x3a/0xa20 [ 1894.023573] should_failslab+0x5/0x20 [ 1894.024005] kmem_cache_alloc+0x5b/0x310 [ 1894.024488] create_object.isra.0+0x3a/0xa20 [ 1894.024984] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1894.025565] __kmalloc+0x16e/0x390 [ 1894.025975] io_wq_create+0xeb/0xc00 [ 1894.026402] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1894.026984] ? io_import_iovec+0x1120/0x1120 [ 1894.027486] ? io_apoll_task_func+0x2d0/0x2d0 [ 1894.027993] ? __io_req_find_next+0x300/0x300 [ 1894.028518] ? do_raw_spin_lock+0x121/0x260 [ 1894.029017] ? rwlock_bug.part.0+0x90/0x90 [ 1894.029501] __io_uring_add_tctx_node+0x2c6/0x520 [ 1894.030060] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1894.030658] ? alloc_fd+0x2e7/0x670 [ 1894.031083] io_uring_setup+0x1fbb/0x2980 [ 1894.031560] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1894.032163] ? wait_for_completion_io+0x270/0x270 [ 1894.032730] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1894.033337] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1894.033929] do_syscall_64+0x33/0x40 [ 1894.034350] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1894.034949] RIP: 0033:0x7f00b63acb19 [ 1894.035373] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1894.037516] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1894.038388] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1894.039215] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1894.040028] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1894.040860] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1894.041707] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:39:09 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1894.107699] tmpfs: Bad value for 'mpol' 03:39:22 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 97) 03:39:22 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:39:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:22 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 35) lseek(0xffffffffffffffff, 0x0, 0x0) 03:39:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000180)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r6, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}]}, 0x30}}, 0x0) ioctl$sock_SIOCGIFINDEX_802154(r1, 0x8933, &(0x7f0000000380)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_DEL_SEC_DEV(r3, &(0x7f00000004c0)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x58, r2, 0x8, 0x70bd2b, 0x25dfdbff, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x300000003}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc}}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_SEC_DEVICE={0x10, 0x23, 0x0, 0x1, {0xc, 0x4, {0xaaaaaaaaaaaa0302}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x4000000}, 0x40044) syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000500), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="789443839abf63a52ca0eeb90b236a131e5062cac83cdf14e6137242f1d73cd71032bc339f", @ANYRES16=r2, @ANYBLOB="07b88e37204d59e60060012f7700000000000500fb00000000"], 0x14}}, 0x0) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r9, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r10 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0) write$binfmt_aout(r10, &(0x7f00000006c0)=ANY=[@ANYRESDEC=r4, @ANYRESDEC, @ANYRESDEC], 0x120) getsockname$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000280)={'sit0\x00', &(0x7f0000000200)={'syztnl2\x00', r11, 0x29, 0xff, 0xfc, 0x7f800, 0x20, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @multicast1}, 0x40, 0x8, 0x2, 0xffffffff}}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:39:22 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r3 = epoll_create(0x3ff) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x20000001}) r5 = dup2(r4, r2) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r1, 0x4, r4, 0x2) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r6, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f00000000c0)=0xfff) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r6, &(0x7f0000000880)={0x1000001a}) waitid(0x0, r1, 0x0, 0x8, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000800)={&(0x7f0000000040)=ANY=[@ANYBLOB="980700002700000426bd7000fddbdf250500000055004d8092fc6562e60e4d2b688e623f73f4dafd92f71f708b86161b2a45a2e4aedc4ad1b74838db8bb18610b59d23caed55cb9531e3d065e231e80957f7abbabbe4a21823ed34d6a72e240000000400620008003d00"/116, @ANYRES32=r1, @ANYBLOB="95b49d8d38c6253014e1d5e2daf9977341ba04ba866bf604b7140d8ba8d35f7db8481e3236e47248617180bd9470ceeac03302da0667d9350ad2290069491b406d068a385c74c20d047c0cae6072bd647b7f2c647aa56946eadf5effda6f0dcaa92c3b85f0e89937b6c729059329ebbcbc98a351ae6d428241221057a174637f722827d06c016a0f5318a31fe4a08f53fe50196867f393c51bfe2622c10013723dd793ca89279c72b1cb16a8a90403f06c14eddd53ff0c5f53f2f123498210512aa33f6c44da828b0f731a6d1e1b379b263a423ea27195bb439b61854f85b7d6e29d8dea14a14905c631f8546398dc9a575d3eb26391e3feb713b3c49ad9023980b9110ac17fbeba11480a3a807303293919683d9b913c8e16b34e2133fe50cec5c761891befd085f68e5ccb37161217ef352491a75573937a69066f281aced4440aeb021a467660fb439f4ee7149da634244dcfbf1e046e0851418c98e45495671beb99ff745f35e4c8f100ea9857b93494b1e9df86bc86e9b9998fe97069a185f6a3c327d8770f6191958e49d01d837ccbef68461510de8fa4809727e16aff82b6fa405c4c73f2454f30c6c57cc1c2bea724bd2e7ff1bf7c05e54542150b7338529f0c000000010000800000000071004500a8ba0ef0e1f4a5d66624d9555dc913d9e3ae7d8295ed0c746337370c741f5da2b25cd3f114f93bab1e083c62ef9d3dca045fe8cda1c986a02145d799afbbdda3f85251f002a4ea047b1c892a7dbbccc5cdcd52804581f666ea3a14516c587f06c2d29ffa45d70460ecf3995755000000bb5900affa13ee3409c57efbf572880f1de44301d809298fbd379050f862210fef4a16b7bc7e681bac63484b09d876c9047fd4a0babe60f02172c5f34392a1ee3fbf0495de0247bd06589c4d4d0800800027f70000d50066001079eb1794112a7327c784371ccbd9c702cf7b9dd480d906a4872caf981273dbfc987e01c8704dd60fe89bc794cb7b0e0454317c6a30ad01f2d07adef08b58818585592161408a3719d3724f93d6a555016523deea8b4d17e47bacb1e4717d04043cf0c0e35fe8492f6afe79047ea1d6a7d986879265302b748282febe2131eb5ddfd954a49c9da6356b0f92b9876cf6902e0334ba17f6ea9e5e7e1702af210b756b495799cdf86e8a3982242e8cf14cb876808feebd77b0f036e11ebe2983990a39e73db20cc4e6e4795b63f90d9b5aac00000060498c93c8879d8cf15a057bf5da45e70bed6c3af4824e7facfdcbd1309e8e8596e2cd32a828e4eaf6247c6a3c5d77693723625535787f793cb1963571014eaab95c983125bd126e9deedb478bfe6516685075a5b02b6302dc2212a85d916df0e5fef0539a4900000023c2b96173c76e913c9d98b015b00477189d6725d07a2edfe588e675f55e7513d34befc6c5f07b709f401fdec284b5ebf8a6c6db0cc8f7d8a733136f83cb4dafedac6bbb8ef4875c65ac3ba3c7d86a543c8bdca811c5920dc2ef8d7880f0cbd9223df679e687dc288376ea7dc2d5fb0b6a9d7166a82a68dc7a777f7cf4f1a37bfbab78e7f46cbdfcafec10aac81b009fd177c65e313e637f1e359807e032b0363526ce80bb264f83826ad558e6f10a008ee40f4fac8ae861ad7d916b64f0fea4da592d4bbd2632c6f70170806c2dab4184f9105151f4d2f26f1c7f50dbc4c7ac522da183ba49d3bb6b6e049dc2cee208a1afa9e4a8e5a09bb6dac311b11d99a76fcec771c9789cf9f12b7143b27d04ef6ac08e9c1c0b29c8da4d98fe66fbb161ad78c4da13e75425f66a4d1c2b09b1b4fadb5a02b7b469f39debf572af2273d8fcc91a1d596cae5e6f664df105bd294c318bb57d1513c2e538e2a19895e379e614aac4ad8a0e5e61348d0df4f3ef81ffc6bcefca86ba961228e1e1f9195624ce782b0d61dba45c77efbbbad01efc07a8f554446e156d939c4ef639a5a28f980e35e5f04c1cb91e1a14008700ff01000000000000000000000000000104008700085184bf4dd2de6ef41aebf5695e0946dbd2653b479c30ce5985861c3953b9a913186361539dac331c79948fbac758da3f92441d62b49e7a7a144674263198a7f6b9da01849d944b32ae26ef0531148ec7792afd7d2b1b57c40e1e5ad38137e6c923230d1ffe9c530c66114d6a8d46dff2cc566cb3901cee035f49215ad99bdb48fe08b7386b8ec3a1208cd37fcd341df0ac03e6a21a6d2ec449291da3e58df0c51e6a870e8a42eefae7f5b4734ffed9d2d3cd2cd3b67437ebbf62b5a692838debd015f5689d22727e65d7791d6a99e3d45568f674e5d471fc31e02017273226aa10e5c61d237f64e85722e6c50341fa4328dc0c008000060000000000000000380c7fc54af9efb73e956915eddf0ec692b2549a9c6cc5fa08fe4327cee1048eac549df47a082c958339ba3a8fb734ab5da3df6752403cec0fd689c7a49c1f556e73bfe358cb6e8b8313d6b9ab71841b529e14d2b183faf5256b81763c6da8b8e010caf00188c18debd05f07002b002d40000014000100fc00"/1824], 0x798}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000005b280)={0x9, [], 0x7, "aa5ea1418fe1df"}) [ 1907.004427] tmpfs: Bad value for 'mpol' [ 1907.013786] FAULT_INJECTION: forcing a failure. [ 1907.013786] name failslab, interval 1, probability 0, space 0, times 0 [ 1907.016763] CPU: 1 PID: 10133 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1907.018524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1907.020653] Call Trace: [ 1907.021326] dump_stack+0x107/0x167 [ 1907.022256] should_fail.cold+0x5/0xa [ 1907.023223] ? io_wq_create+0x6ef/0xc00 [ 1907.024235] should_failslab+0x5/0x20 [ 1907.025186] kmem_cache_alloc_node_trace+0x59/0x340 [ 1907.026261] io_wq_create+0x6ef/0xc00 [ 1907.027098] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1907.028184] ? io_import_iovec+0x1120/0x1120 [ 1907.029135] ? io_apoll_task_func+0x2d0/0x2d0 [ 1907.030108] ? __io_req_find_next+0x300/0x300 [ 1907.031064] ? do_raw_spin_lock+0x121/0x260 [ 1907.031984] ? rwlock_bug.part.0+0x90/0x90 [ 1907.032904] __io_uring_add_tctx_node+0x2c6/0x520 [ 1907.033940] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1907.035070] ? alloc_fd+0x2e7/0x670 [ 1907.035861] io_uring_setup+0x1fbb/0x2980 [ 1907.036899] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1907.038176] ? wait_for_completion_io+0x270/0x270 [ 1907.039416] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1907.040745] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1907.042049] do_syscall_64+0x33/0x40 [ 1907.042987] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1907.044279] RIP: 0033:0x7f00b63acb19 [ 1907.045226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1907.049863] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1907.051776] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1907.053571] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1907.055365] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1907.057161] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1907.058949] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1907.070737] FAULT_INJECTION: forcing a failure. [ 1907.070737] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1907.073224] CPU: 1 PID: 10132 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1907.074664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1907.076409] Call Trace: [ 1907.076962] dump_stack+0x107/0x167 [ 1907.077723] should_fail.cold+0x5/0xa [ 1907.078521] _copy_to_user+0x2e/0x180 [ 1907.079320] pagemap_read+0x333/0x590 [ 1907.080120] ? clear_refs_write+0x780/0x780 [ 1907.081041] ? iov_iter_advance+0x181/0xec0 [ 1907.081953] do_iter_read+0x4fa/0x760 [ 1907.082751] ? import_iovec+0x83/0xb0 [ 1907.083558] vfs_readv+0xe5/0x160 [ 1907.084282] ? vfs_iter_read+0xa0/0xa0 [ 1907.085107] ? __fdget_pos+0xf1/0x190 [ 1907.085901] ? lock_downgrade+0x6d0/0x6d0 [ 1907.086774] ? ksys_write+0x12d/0x260 [ 1907.087586] ? __fget_files+0x2f8/0x520 [ 1907.088439] do_readv+0x139/0x300 [ 1907.089166] ? vfs_readv+0x160/0x160 [ 1907.089948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1907.091042] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1907.092119] do_syscall_64+0x33/0x40 [ 1907.092929] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1907.094023] RIP: 0033:0x7f65e567fb19 [ 1907.094817] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1907.098779] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1907.100423] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1907.101955] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1907.103489] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1907.105034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1907.106566] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:39:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 03:39:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0, 0x0}) 03:39:22 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:39:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0xffffffffffffffff, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) write$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000)='FREEZING\x00', 0x9) 03:39:22 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) clock_gettime(0x0, &(0x7f0000000100)) mq_timedsend(r0, &(0x7f0000000180)="02cfbd3c790f3e47af018a497d2753268a3e80960cdb66f4be72c2bb2b0f152e50e1c1290f913db6f51c8b15669486ee8dcd36b20792da3dfb2f1c4d958cbb46071d9cccefe5fd3c0db64bb0e3c69c40f6fe41cb200280f0126dc6ad9035cf40ea057b5bdd6411e5f914fe890410c58e897673c8f051a8a202289a3f567e9acdd79d8188629735c116229043d9e2d6d8c8d45b022cb0f46a4aefdbe79d1fcf1e65ee20adb36b229ac2daf4e098ad471e18dc29c74f9be3ca22f50764d891d93c8f2d9081270831c1958e062c5a98f7ab7dd07dd3a5fe55b63682d568dca57d29ed8e917789c1a9fb20080000000000000029a28a62cee2765d2132bee9d060bdee1fb63051671ec43c0f", 0xfffffffffffffe55, 0x8, &(0x7f0000000140)={0x0, 0x3938700}) openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/cgroups\x00', 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) syz_io_uring_setup(0x2866, &(0x7f0000000040)={0x0, 0xfffffffe, 0x2, 0x1, 0x1f5, 0x0, r2}, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000000c0), &(0x7f0000000000)) 03:39:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1907.208238] tmpfs: Bad value for 'mpol' 03:39:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:39:22 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 98) 03:39:22 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 36) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1907.314193] FAULT_INJECTION: forcing a failure. [ 1907.314193] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1907.316724] CPU: 1 PID: 10163 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1907.318173] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1907.319886] Call Trace: [ 1907.320448] dump_stack+0x107/0x167 [ 1907.321207] should_fail.cold+0x5/0xa [ 1907.322012] __alloc_pages_nodemask+0x182/0x600 [ 1907.322983] ? add_mm_counter_fast+0x220/0x220 [ 1907.323934] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1907.325190] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1907.326291] ? lock_downgrade+0x6d0/0x6d0 [ 1907.327152] ? mark_held_locks+0x9e/0xe0 [ 1907.328000] alloc_pages_vma+0xbb/0x410 [ 1907.328850] handle_mm_fault+0x152f/0x3500 [ 1907.329734] ? __pmd_alloc+0x5e0/0x5e0 [ 1907.330550] ? vmacache_find+0x55/0x2a0 [ 1907.331387] do_user_addr_fault+0x56e/0xc60 [ 1907.332311] exc_page_fault+0xa2/0x1a0 [ 1907.333125] asm_exc_page_fault+0x1e/0x30 [ 1907.333995] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1907.335137] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1907.338987] RSP: 0018:ffff8880351ffb50 EFLAGS: 00050246 [ 1907.340101] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1907.341595] RDX: 0000000000000000 RSI: ffff888009a76898 RDI: 000000002002f000 [ 1907.343080] RBP: 000000002002e768 R08: 0000000000000000 R09: ffff888009a76fff [ 1907.344565] R10: ffffed100134edff R11: 0000000000000001 R12: 000000002002f768 [ 1907.346048] R13: ffff888009a76000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1907.347559] _copy_to_user+0x13d/0x180 [ 1907.348384] pagemap_read+0x333/0x590 [ 1907.349173] ? clear_refs_write+0x780/0x780 [ 1907.350083] ? iov_iter_advance+0x181/0xec0 [ 1907.351008] do_iter_read+0x4fa/0x760 [ 1907.351809] ? import_iovec+0x83/0xb0 [ 1907.352619] vfs_readv+0xe5/0x160 [ 1907.353349] ? vfs_iter_read+0xa0/0xa0 [ 1907.354165] ? __fdget_pos+0xf1/0x190 [ 1907.354951] ? lock_downgrade+0x6d0/0x6d0 [ 1907.355817] ? ksys_write+0x12d/0x260 [ 1907.356632] ? __fget_files+0x2f8/0x520 [ 1907.357477] do_readv+0x139/0x300 [ 1907.358205] ? vfs_readv+0x160/0x160 [ 1907.358980] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1907.360061] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1907.361149] do_syscall_64+0x33/0x40 [ 1907.361917] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1907.362981] RIP: 0033:0x7f65e567fb19 [ 1907.363749] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1907.367605] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1907.369192] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1907.370678] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1907.372149] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1907.373632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1907.375109] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1907.434542] FAULT_INJECTION: forcing a failure. [ 1907.434542] name failslab, interval 1, probability 0, space 0, times 0 [ 1907.436965] CPU: 0 PID: 10166 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1907.438401] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1907.440119] Call Trace: [ 1907.440681] dump_stack+0x107/0x167 [ 1907.441440] should_fail.cold+0x5/0xa [ 1907.442237] ? io_wq_create+0x6ef/0xc00 [ 1907.443063] should_failslab+0x5/0x20 [ 1907.443858] kmem_cache_alloc_node_trace+0x59/0x340 [ 1907.444911] io_wq_create+0x6ef/0xc00 [ 1907.445709] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1907.446781] ? io_import_iovec+0x1120/0x1120 [ 1907.447692] ? io_apoll_task_func+0x2d0/0x2d0 [ 1907.448629] ? __io_req_find_next+0x300/0x300 [ 1907.449543] ? do_raw_spin_lock+0x121/0x260 [ 1907.450427] ? rwlock_bug.part.0+0x90/0x90 [ 1907.451311] __io_uring_add_tctx_node+0x2c6/0x520 [ 1907.452316] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1907.453403] ? alloc_fd+0x2e7/0x670 [ 1907.454160] io_uring_setup+0x1fbb/0x2980 [ 1907.455026] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1907.456071] ? wait_for_completion_io+0x270/0x270 [ 1907.457088] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1907.458153] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1907.459218] do_syscall_64+0x33/0x40 [ 1907.459975] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1907.461038] RIP: 0033:0x7f00b63acb19 [ 1907.461805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1907.465602] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1907.467186] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1907.468663] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1907.470128] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1907.471592] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1907.473095] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:39:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0, 0x0}) 03:39:39 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 37) lseek(0xffffffffffffffff, 0x0, 0x0) 03:39:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 99) 03:39:39 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f00000000c0)={0x0, 0x0}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$hiddev(&(0x7f0000000200), 0x8, 0x80080) r5 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r5, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r5, 0x40082404, &(0x7f00000000c0)=0xfff) read(r5, &(0x7f00000001c0)=""/44, 0x2c) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f00000000c0)=0xfff) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x4, 0x2, 0x40, 0x8, 0x0, 0xffffffffffffffff, 0x8, 0x9, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x100, 0x4, @perf_config_ext={0x6, 0xa20}, 0x1021, 0x9, 0x1, 0x1, 0x100000001, 0x10000, 0xffc0, 0x0, 0x0, 0x0, 0x6}, r1, 0xf, r4, 0x1) r6 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000006, 0x10, r3, 0x10000000) syz_io_uring_submit(0x0, r6, &(0x7f0000000180)=@IORING_OP_NOP={0x0, 0x4}, 0x7fff) getsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000240)={{{@in6=@private1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@loopback}}, &(0x7f0000000340)=0xe8) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {r7, 0xee01}}, './file0\x00'}) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r3) mq_notify(r0, 0x0) 03:39:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000380)={0x0, 0xffffffffffffffff, 0x42, 0x9, @scatter={0x2, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/129, 0x81}, {&(0x7f0000000140)=""/85, 0x55}]}, &(0x7f00000001c0)="f26949d59c93a950692a9f32991347a84c0a0c05d8df5dfcff10c2dc648ccdf036c9bdb3b812054272e232df496cc01ceda68aa7850d6ea084ab540bb424326fcf8c", &(0x7f0000000240)=""/248, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000340)}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:39:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1923.637275] FAULT_INJECTION: forcing a failure. [ 1923.637275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1923.639765] CPU: 1 PID: 10177 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1923.641231] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1923.642971] Call Trace: [ 1923.643528] dump_stack+0x107/0x167 [ 1923.644292] should_fail.cold+0x5/0xa [ 1923.645101] _copy_to_user+0x2e/0x180 [ 1923.645894] pagemap_read+0x333/0x590 [ 1923.646690] ? clear_refs_write+0x780/0x780 [ 1923.647593] ? iov_iter_advance+0x181/0xec0 [ 1923.648520] do_iter_read+0x4fa/0x760 [ 1923.649323] ? import_iovec+0x83/0xb0 [ 1923.650123] vfs_readv+0xe5/0x160 [ 1923.650842] ? vfs_iter_read+0xa0/0xa0 [ 1923.651658] ? __fdget_pos+0xf1/0x190 [ 1923.652449] ? lock_downgrade+0x6d0/0x6d0 [ 1923.653324] ? ksys_write+0x12d/0x260 [ 1923.654120] ? __fget_files+0x2f8/0x520 [ 1923.654965] do_readv+0x139/0x300 [ 1923.655682] ? vfs_readv+0x160/0x160 [ 1923.656467] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.657580] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1923.658653] do_syscall_64+0x33/0x40 [ 1923.659432] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1923.660497] RIP: 0033:0x7f65e567fb19 [ 1923.661267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1923.665097] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1923.666682] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1923.668174] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1923.669655] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1923.671147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1923.672630] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 [ 1923.699065] FAULT_INJECTION: forcing a failure. [ 1923.699065] name failslab, interval 1, probability 0, space 0, times 0 [ 1923.701605] CPU: 1 PID: 10195 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1923.702571] tmpfs: Bad value for 'mpol' [ 1923.703161] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1923.703172] Call Trace: [ 1923.703204] dump_stack+0x107/0x167 [ 1923.703226] should_fail.cold+0x5/0xa [ 1923.703250] ? create_object.isra.0+0x3a/0xa20 [ 1923.703273] should_failslab+0x5/0x20 [ 1923.703293] kmem_cache_alloc+0x5b/0x310 [ 1923.703316] ? io_wq_create+0x114/0xc00 [ 1923.703349] create_object.isra.0+0x3a/0xa20 [ 1923.712486] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1923.713616] kmem_cache_alloc_node_trace+0x16d/0x340 [ 1923.714676] io_wq_create+0x6ef/0xc00 [ 1923.715481] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1923.716548] ? io_import_iovec+0x1120/0x1120 [ 1923.717477] ? io_apoll_task_func+0x2d0/0x2d0 [ 1923.718401] ? __io_req_find_next+0x300/0x300 [ 1923.719333] ? do_raw_spin_lock+0x121/0x260 [ 1923.720236] ? rwlock_bug.part.0+0x90/0x90 [ 1923.721133] __io_uring_add_tctx_node+0x2c6/0x520 [ 1923.722135] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1923.723221] ? alloc_fd+0x2e7/0x670 [ 1923.723986] io_uring_setup+0x1fbb/0x2980 [ 1923.724912] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1923.725961] ? wait_for_completion_io+0x270/0x270 [ 1923.726978] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.728082] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1923.729166] do_syscall_64+0x33/0x40 [ 1923.729949] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1923.731008] RIP: 0033:0x7f00b63acb19 [ 1923.731789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1923.735611] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1923.737201] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1923.738673] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1923.740153] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1923.741636] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1923.743110] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:39:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 03:39:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:39:39 executing program 1: write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f00000001c0)={0x53, 0xfffffffffffffffd, 0xb0, 0x3, @buffer={0x0, 0x3e, &(0x7f0000000000)=""/62}, &(0x7f0000000080)="31b4720e62a884f768a3a1dd7d99cda3ff763c2a009afa09bd0e50394a8692f61aa0a1c2428d61076c6a93a4cc09413b065f8bfdf0deb4c5ad38ec4bff05dcd57ef9fb27218dbd9a6a36834bc08f312d902f7b7f22d22734042d728b14ce7e23a3400cb19f7373d308a9f49821067768414fc31f9e037a312ac34b519f9ee5d01a51ae3e32bc4494a64393c898a5da3a444b05e521a84988fdf8a46ee6c93a5a90df9b60af9a3fe61ba2a179c5529c15", &(0x7f0000000140)=""/15, 0x511, 0x4, 0x1, &(0x7f0000000180)}) ioctl$SG_IO(0xffffffffffffffff, 0x227c, 0x0) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x1}) dup2(0xffffffffffffffff, r0) 03:39:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0, 0x0}) 03:39:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:39:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) (fail_nth: 100) 03:39:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000280)={0x53, 0xfffffffffffffffc, 0xcd, 0x40, @scatter={0x2, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)=""/38, 0x26}, {&(0x7f0000000080)=""/28, 0x1c}]}, &(0x7f0000000100)="1f18ac462272ae11018a8a7525eafb2d35016bc7a1497a3c65e98e91220e5645360e553eead3d40a53632d93c41c5246a341084f43252dad1243f3160441743b72fbc9ce86b8dfbf03d648480c2ab737c8b8d91441040a99df16572b8dbd949a40b95bfb8ecd5c12d3b6b55079226ec35224d6be3f519d3bfc9f899df0701275263713bfd9dd3acd5b4a3288dad2899374c67075935b2ee34714f4013418bc1bc763ebd3dc27dc72c1699a976dacc9fd7ad13b2950a42a38f927dcd7e3d857949afe61a403f98b3fdaf9f7cedf", &(0x7f0000000200)=""/55, 0x8b8, 0x10032, 0x0, &(0x7f0000000240)}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r5 = epoll_create(0x3ff) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000200)={0x20000001}) dup2(r6, r4) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r3, 0x4, r6, 0x2) waitid(0x0, r3, 0x0, 0x8, 0x0) r7 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r7, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r7, 0x40082404, &(0x7f00000000c0)=0xfff) perf_event_open(&(0x7f0000000300)={0x3, 0x80, 0x1, 0x81, 0x16, 0x9, 0x0, 0x40, 0x1400, 0xa, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x4, @perf_config_ext={0x9, 0x5}, 0x400, 0x401, 0x6, 0x5, 0x34b0efbb, 0x1, 0x8, 0x0, 0xffff, 0x0, 0x8}, r3, 0x2, r7, 0x8) ioctl$SG_IO(r0, 0x227c, 0x0) [ 1923.940329] tmpfs: Bad value for 'mpol' [ 1923.953053] FAULT_INJECTION: forcing a failure. [ 1923.953053] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1923.955657] CPU: 1 PID: 10218 Comm: syz-executor.6 Not tainted 5.10.234 #1 [ 1923.957111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1923.958841] Call Trace: [ 1923.959394] dump_stack+0x107/0x167 [ 1923.960153] should_fail.cold+0x5/0xa [ 1923.960964] __alloc_pages_nodemask+0x182/0x600 [ 1923.961937] ? add_mm_counter_fast+0x220/0x220 [ 1923.962891] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 1923.964154] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 1923.965261] ? lock_downgrade+0x6d0/0x6d0 [ 1923.966114] ? mark_held_locks+0x9e/0xe0 [ 1923.966960] alloc_pages_vma+0xbb/0x410 [ 1923.967794] handle_mm_fault+0x152f/0x3500 [ 1923.968709] ? __pmd_alloc+0x5e0/0x5e0 [ 1923.969535] ? vmacache_find+0x55/0x2a0 [ 1923.970378] do_user_addr_fault+0x56e/0xc60 [ 1923.971287] exc_page_fault+0xa2/0x1a0 [ 1923.972102] asm_exc_page_fault+0x1e/0x30 [ 1923.972984] RIP: 0010:copy_user_generic_string+0x2c/0x40 [ 1923.974114] Code: cb 83 fa 08 72 27 89 f9 83 e1 07 74 15 83 e9 08 f7 d9 29 ca 8a 06 88 07 48 ff c6 48 ff c7 ff c9 75 f2 89 d1 c1 e9 03 83 e2 07 48 a5 89 d1 f3 a4 31 c0 0f 01 ca e9 33 a4 1d 02 0f 1f 00 0f 01 [ 1923.977935] RSP: 0018:ffff888035cffb50 EFLAGS: 00050246 [ 1923.979049] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 00000000000000ed [ 1923.980546] RDX: 0000000000000000 RSI: ffff8880464e0898 RDI: 0000000020030000 [ 1923.982036] RBP: 000000002002f768 R08: 0000000000000000 R09: ffff8880464e0fff [ 1923.983524] R10: ffffed1008c9c1ff R11: 0000000000000001 R12: 0000000020030768 [ 1923.985030] R13: ffff8880464e0000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1923.986540] _copy_to_user+0x13d/0x180 [ 1923.987352] pagemap_read+0x333/0x590 [ 1923.988144] ? clear_refs_write+0x780/0x780 [ 1923.989043] ? iov_iter_advance+0x181/0xec0 [ 1923.989951] do_iter_read+0x4fa/0x760 [ 1923.990756] ? import_iovec+0x83/0xb0 [ 1923.991541] vfs_readv+0xe5/0x160 [ 1923.992241] ? vfs_iter_read+0xa0/0xa0 [ 1923.993103] ? __fdget_pos+0xf1/0x190 [ 1923.994048] ? lock_downgrade+0x6d0/0x6d0 [ 1923.995110] ? ksys_write+0x12d/0x260 [ 1923.996048] ? __fget_files+0x2f8/0x520 [ 1923.997089] do_readv+0x139/0x300 [ 1923.997916] ? vfs_readv+0x160/0x160 [ 1923.998682] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.999783] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1924.000881] do_syscall_64+0x33/0x40 [ 1924.001663] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1924.002728] RIP: 0033:0x7f65e567fb19 [ 1924.003510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1924.007368] RSP: 002b:00007f65e2bf5188 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 1924.008969] RAX: ffffffffffffffda RBX: 00007f65e5792f60 RCX: 00007f65e567fb19 [ 1924.010446] RDX: 0000000000000002 RSI: 0000000020002a80 RDI: 0000000000000004 [ 1924.011927] RBP: 00007f65e2bf51d0 R08: 0000000000000000 R09: 0000000000000000 [ 1924.013422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 1924.014905] R13: 00007ffcf46a588f R14: 00007f65e2bf5300 R15: 0000000000022000 03:40:03 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:40:03 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) 03:40:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) setresuid(0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) setresuid(0x0, 0x0, r2) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r3, r4, 0x1000) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r5, r6, 0x1000) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={0x0, 0x0, 0x0}, &(0x7f00000000c0)=0xc) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r8, r9, 0x1000) statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r10, r11, 0x1000) r12 = getegid() statx(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchownat(0xffffffffffffff9c, &(0x7f00000003c0)='./file1\x00', r13, r14, 0x1000) fsetxattr$system_posix_acl(r0, &(0x7f0000000000)='system.posix_acl_access\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="02000000010006000000000002000200", @ANYRES32=0x0, @ANYBLOB="02000400", @ANYRES32=r2, @ANYBLOB="02000300", @ANYRES32=0xee00, @ANYBLOB="040003000000000008000000", @ANYRES32, @ANYBLOB="08000100", @ANYRES32=r6, @ANYRESDEC=r4, @ANYRES32=r7, @ANYBLOB="08000400", @ANYRES32=0x0, @ANYBLOB="08000600", @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00', @ANYRESHEX, @ANYBLOB="08000300", @ANYRES32=r12, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=r14, @ANYBLOB="10000000000000002000020000000000"], 0x84, 0x0) ioctl$SG_IO(r0, 0x227c, 0x0) 03:40:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:03 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 38) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0, 0x0}) 03:40:03 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:03 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000058a40)={0x3274, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0xff, "a99c54bc66ed8d"}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3, r6}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000059a40)={0x4, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}], 0x7, "b13de7dc6de9ae"}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r13}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9, r12}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f000005aa40)={0x5, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r2}, {0x0, r6}, {0x0, r8}, {r13}], 0x3f, "b77514ca3464fc"}) mq_open(&(0x7f0000000000)='-@\x00', 0xadbe54fa27f7faa7, 0x68, &(0x7f0000000040)={0x0, 0x7fffffff, 0x4, 0x8}) mq_notify(r0, 0x0) [ 1947.963276] tmpfs: Bad value for 'mpol' [ 1947.971667] FAULT_INJECTION: forcing a failure. [ 1947.971667] name failslab, interval 1, probability 0, space 0, times 0 [ 1947.974324] CPU: 1 PID: 10246 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1947.975861] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1947.977728] Call Trace: [ 1947.978335] dump_stack+0x107/0x167 [ 1947.979155] should_fail.cold+0x5/0xa [ 1947.980022] ? create_object.isra.0+0x3a/0xa20 [ 1947.981079] should_failslab+0x5/0x20 [ 1947.981932] kmem_cache_alloc+0x5b/0x310 [ 1947.982878] ? io_wq_create+0x114/0xc00 [ 1947.983782] create_object.isra.0+0x3a/0xa20 [ 1947.984775] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1947.985954] kmem_cache_alloc_node_trace+0x16d/0x340 [ 1947.987092] io_wq_create+0x6ef/0xc00 [ 1947.987939] io_uring_alloc_task_context+0x1f1/0x6a0 [ 1947.989083] ? io_import_iovec+0x1120/0x1120 [ 1947.990073] ? io_apoll_task_func+0x2d0/0x2d0 [ 1947.991073] ? __io_req_find_next+0x300/0x300 [ 1947.992070] ? do_raw_spin_lock+0x121/0x260 [ 1947.993049] ? rwlock_bug.part.0+0x90/0x90 [ 1947.993994] __io_uring_add_tctx_node+0x2c6/0x520 [ 1947.995057] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1947.996249] ? alloc_fd+0x2e7/0x670 [ 1947.997099] io_uring_setup+0x1fbb/0x2980 [ 1947.998041] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1947.999205] ? wait_for_completion_io+0x270/0x270 [ 1948.000313] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.001469] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.002627] do_syscall_64+0x33/0x40 [ 1948.003467] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.004627] RIP: 0033:0x7f00b63acb19 [ 1948.005473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.009573] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1948.011259] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1948.012889] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1948.014461] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1948.016045] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1948.017669] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:40:03 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x3, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) fcntl$setstatus(r1, 0x4, 0x42000) 03:40:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:03 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x6, 0x0, &(0x7f0000001400)=[{&(0x7f0000000000)=""/42, 0x2a}, {&(0x7f0000000080)=""/81, 0x51}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000100)=""/109, 0x6d}, {&(0x7f0000000180)=""/137, 0x89}, {&(0x7f0000001300)=""/200, 0xc8}]}, 0x0, 0x0, 0x8001, 0x0, 0x2, 0x0}) 03:40:03 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:03 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 39) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:03 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1948.119711] tmpfs: Bad value for 'mpol' 03:40:03 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff, 0x0}) [ 1948.212762] FAULT_INJECTION: forcing a failure. [ 1948.212762] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.214827] CPU: 0 PID: 10265 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1948.215932] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.217254] Call Trace: [ 1948.217683] dump_stack+0x107/0x167 [ 1948.218250] should_fail.cold+0x5/0xa [ 1948.218851] ? xas_alloc+0x336/0x440 [ 1948.219457] should_failslab+0x5/0x20 [ 1948.220054] kmem_cache_alloc+0x5b/0x310 [ 1948.220711] ? stack_trace_consume_entry+0x160/0x160 [ 1948.221524] xas_alloc+0x336/0x440 [ 1948.222101] xas_create+0x34a/0x10d0 [ 1948.222694] ? kernel_text_address+0xf2/0x120 [ 1948.223420] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1948.224234] xas_store+0x8c/0x1c40 [ 1948.224832] __xa_store+0x164/0x2d0 [ 1948.225415] ? xa_delete_node+0x280/0x280 [ 1948.226070] ? trace_hardirqs_on+0x5b/0x180 [ 1948.226774] xa_store+0x31/0x50 [ 1948.227302] __io_uring_add_tctx_node+0x1cf/0x520 [ 1948.228053] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1948.228909] ? alloc_fd+0x2e7/0x670 [ 1948.229487] io_uring_setup+0x1fbb/0x2980 [ 1948.230131] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1948.230920] ? wait_for_completion_io+0x270/0x270 [ 1948.231707] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.232559] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.233397] do_syscall_64+0x33/0x40 [ 1948.234134] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.235128] RIP: 0033:0x7f00b63acb19 [ 1948.235859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.239389] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1948.240859] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1948.242221] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1948.243576] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1948.244947] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1948.246354] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:40:21 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x20000818}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) 03:40:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x80, 0x420081) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:40:21 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 40) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:21 executing program 7: write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000080)=ANY=[], 0x120) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/nmi_backtrace', 0x4000, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f00000027c0)={0x53, 0xfffffffffffffffd, 0x1000, 0xaf, @scatter={0x100000f5, 0x0, &(0x7f0000001680)=[{&(0x7f00000000c0)=""/176, 0xb0}, {&(0x7f0000000180)=""/52, 0x34}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f00000001c0)=""/20, 0x14}, {&(0x7f0000001300)=""/141, 0x8d}, {&(0x7f0000000200)=""/99, 0x63}, {&(0x7f00000013c0)=""/133, 0x85}, {&(0x7f0000001480)=""/167, 0xa7}, {&(0x7f0000001540)=""/101, 0x65}, {&(0x7f00000015c0)=""/153, 0x99}]}, &(0x7f0000001740)="2a2d65559ef0d811f41c7294f910dfe997ac7accf45520c42d158984b9711d4db7e0295433c1bf0db69cefe386a42f6cffd7f3f7487cb247251adcd4913bec78e710080fecce623eb446de309a76ebbabf18b94d8d70ba81c0acfb951cda657d5c85eb3f8b781c37bed53bc1b3b9099841652f842cdae10fd3ce58531fd4417637203f74b604accc992d838c995e36f39bbae587bc59e04922b8f4ad8c58cf2b0d7d8c70df25108d1192d95828ef1878fa0f8aa51895ab3a7e7e12d20346abd574b0723531617622997d45442f36116bf21d4c46631560575248043f89b00bdba99a9460fef04607443ab95a015b475281feae531442d7c439d1e90413d6584c2cbf3bb1f031130d627a1edcedc8faf1d9ee8ba5aede6f078d94857b1050cec5db67cd3c7598947b91bbefdd23d29802e2692405b25b2055be5314138e48e79954da9e50e07a56ac197ec4c9b8480b0ef948c889113ce87a81fde2a4e4e95782a754729e5e4d7fd63f789ed3de7cffb037bba6940ef0beff6515feb3309df1a6bc75ab974fd4c47a5fb51602d1b95352eca1ab359de2f71d6e1048e8d79b50574668ca007a49258456d4b4fbf653f0ade66da3d232aad6a227c47735b668be604bfcff10a79dd075d5c5eb63609366835c11d85847b0df12b7f8739b188c77f6890da6e38058061340651ea51ec517907db1b40a69121524af2e06e50779081972bc2ddcb9cd086327b6cfa50f36de0e4a07f35ebe88af4af5d50a36fa7525b58deb0b91581cb4be6f1b841047421adc2bcde2ca9bde03f33b18b7da13137d06b3a891583daf86be96d37ac3a001924bb3b75f6b8c87cf90112f2f5d81e361353c5e9e6679e94ddd96f492dbb4c4d3ee2e212166f47f11acebc9fc5844fccab6906110da55cefd749c54f884585f0af07db06cf413011cea953b8aa73dbe323a63f4b19704ff20ac644c41e25fc255106f00b6577134cbe6315269d0d55bd04d33d1ad2e4a4ee2947863852aeebf0100c57b802cea89ada3432e190b37a20a9ea39b858e5cf47d79403b840cfa4e7f12b06f95633c60a128cb3412aafeedf1250d0a219330799f27b689872fd420f20329fc624572640787e13988d2ecbb0b52bebc3c25bf34ab48c73a1a3a6d0ce017d2d9316fa6b9730606745b0ec1531ec477bf2ee0bae1e6482ef472b9365b65ff0461fba69b1574c0907fd88e9af94ebe0bee694f9ca095320a2f0b1c267bd43a24c7034c44e8f1db711c70a32c8389ae56fb5e96fe88faa368daa6202bddffac20b466c2367623bbc7b06787cd40f95eca1b004c6f6aad3568590442ef48cc2b832b7ec2d3ed7aa2a946f126ccb744fc64e19e14a4f00b0b5ecf26474dd50c0708d966bc1f084e47a97716b5c8df66be767112d001ae030d595930eac48bf4f63f4ed022715411eb8a88235ca74aa6c67b7b6f10ad62e5f8fc802f09fdee9bd792b1dc533e071cc7eb2dbe3d9893803d00290c09e342dadd4dcc9ce966523e6863961584d69f4763403ad632c6e403692579bcb2c7acccb36b241979d4d9e39b762bca97f2d006957634d97a323f75d7bc313eb473a3789b765f25e8c5780899c6fe4d27d84cea8b07156606914c31622630585c68f8a760f6f62cb7e5475fb47c38c6f975027b36bb20b5ba33a9e4b254b10da472bc35b98f427308895f8bac162a878dd43efabf6498b78625507e088a2191f7ac21ca11963c22a5eaa0a6731e86489293b69cf6d45b286a44178c9c6818b4bb8a1c7dea9ba2fc6e15d2d0e36ee26525d11d989948e3016da8f6c558ebf0e6d52291007638cb6b831ffd5a15c631d2e0457848164a65500565ce3bcea940e026a2209b952a7158acfd9a9446b88155f79291e61e0b66d7d48b71f1e203e92572785418879ec547d18145f7b4d8bbdcf91369d598e87ecf1867c5fef1a597befb1192f7bc1efe64ae9a24439ed41e77b1197b2a5ad4ff3211a3d1cbc65603240c5b8394b2c6214fd3127163043c579fff15dcfeadd55205ee0b030cd674ab1980db5b4aa92a2dd9eb1598a9e9145058a8b9e67cc53967d10d01d71e969b7f79242d6a7105ef70b4dd02fa8ba2d08e6dd6e09dfc3c2d07df4e28734ffd6f7c1d471b8d5905d17a7b544843c3ac51cfdaea32add8459a022ac9ae0e319bff6f2fd48f7f5201f24d25f0b67521488369b3bac29d34aabc29f1373a64f9bff7654577d05083a7e670ad9ddb71d543a80ffcff2ff067450c4026208c64580ab7cb5156a6969e3f773b519b5f80673130d40c96c68a3fa210c221ee1b270b722f47cb895cf861d2191887cd06029d91a382ebfd022e59e3eadd3cfd411b6243c7e1275bf3f358772671e89964e2392f5d6b87faaca2e6d5ed9d5415b816db897df90a67ace2906ad2efcbd9c7ef9f82023e430b51e1f1c1de04a70c2b8a70651b5305cc4c3281f3255f4f96860a71e595e8a6517018f5781a5576462a345cb1d229ead6ce87fef3335abec5968828cc363576924996c314268634aefd2df6185e5e734da7686767880e0ab3293abb47c587fc04138a3eb799aad44a41347eac6915615fdb8daecbe6dfcfdcd8e1d7184640f7d92d6d4657020fdbf1b5670d3e5b5dcb861caddb02e708af3cf35d48c6ed1cf023743f2fe62279a9fa9224d8532217a92f28c700786e7b4540eb763dd2a401281002a40eac37691eec9b41d146d184a98d1d9ec38354438a3a97d5611bc41dd8baedda1163defe45730a55c43c1883de004ec52a849b346ed65aafcab4445af21dd1817b79e8a107339fc5e0451ac13a559e489d10bf43b242316e29458393041e47778c56f25870f36751d1c7e8b9f502d504cbbc9a692989b88d389809722800b2cd35d3453848cac9a35f9c774fb651ed9440ee4200724a47a6160a69b6072d33242ea1cf591c0c8b48d157c73fab2a6e848f2e274e88d645cdd74e3ad7eb42fcd8c9dbd2c62ef85027de469563871367877318d27e63243579145f0d3648fd34f4f2760412d25e4a24f848361cf180a2c6402234486a606fb46d5cbdd5d16ccc5c71bda260b380a5e5353537ea79f860854cf51de507fa5e70847a56cd84d87e84e3d0c47b64169eefdf19e615747e518b19899f309aa5f37287f410251aa58b8e683a46bc238afd6622f9fb10e44e15335394916f6e0d363c5784c706be3c83f72c88edfb40f45e94b1f026abeef8129fefb3c7daf2d4d5a0802e3370b4a2a5bbdab859ef7fe19f9317b59213dad4e3433707c211120fb9682661dbbb5b0732df551ff3ea0c9dd5b80c325d6e835360b51754001ef0a216fd2e663f6e911b4364fdaa839e94b20aa17fa97725aebac9fbccfc36918cc48078f3147c0bf5d1a92b9c999f062d60512b9173bd8183f0669b5b7a850fc5fc99056cbecf3221040ae17ed9cd0893ac94ed60d7711f35adf97a28579c713c8b617cfe7b752fc3a765a7dd4f04f8d7bc616cafe0d72154a0855a87cbd873b75774e6b6cd36d738e8bd81723c03492a2cc9ccc5a90cba54426c8c06d6b68cfd0e003b38c6fb2320e6f324df8bfeb05c0a4f078328087094dbdb477a81cb7735d7c9c0af760dfe66dcd22403cdb20d4efc2a99dd99b211700267d04075edc7c5da9169475c108430ab565fbc1fa9ca44b1d59aad40231510f950d0ef1562a52c3e0bfefd8fc5618dcacbed0b0aac711258f4e7c41620357066200e219714ad274d40433a891ca0266188fece11357e5b5567e0146b63335de365ea19df99115174076836fb2ac5afb614943d2ad4a11b51456a5c33fe7a5d9088990fa62855ded8796c3c9baf5d613286c256fa1ecb698cb33fc393dffd422a2ed9c0afcd671d0c3576cbbd16201f889478d08cddabd2027c6d2fece92757dbaffea4a6846da99ae13728837fdd26209fdd4aa9366a0ca2f4367070b0741c816b3f19fc7006aaba7bd382d9f68c491260bf173efd2f8ed4c7a9d9968b827db867ecaea2fe4db2426eb18eedbeccb7fb91cf0b87321052c341b363436cf4d346dfa9f44e8f18d77aee2c1e7447e15293f07d59dc10a39a8bd2bdee243bb4599f6abaa1d3e59e46e7f97416f786d5d71622fac77a86938fc6e057f9cc9df6740aa4c0069123478e14bd8d42ef26bf3a90c2bb090cc9a6af262d139a9369ad190f6b2ce83e49c544324e73d19ca18f96a0f486449344bc07e97af916b3c05d182a2d52bf8c8baa8fea04a7533f9fd4cfec55cb725fb6fac86e38c7e9893e99108524f0f3559ba3a76b08e92bfe1f0b2c61bd2dd871af17193e88410e99a2b48b1f9bc735e71a72f56d1ff2b2e69f741b8229498e1df547c20c262ab359fb4a2ccf6ce78af0b2b58702bb7e760f6dc46a3b39da28b1ec287a7c0e345b9aa7130f238898a5c113301f52fe7a795f678ddac76abe35f2ffec222682725526e5dbbd2dda6bfe2454467a634b8233fc22a1902cc46d8853e0339b7181d60ec809f7d83fe66270b4424c6d203028b40951cea2cb6961dfaf5b68f964ae6ace650536b88b61b1d06cb2f6e4bb242ba360f5f677e4fd773795af5b1e38191389f2d212f5b7af161d58406b0a482cb5833254e7bea029fc64f50be7fff7cb1913b772fcb835d66faa0b71076fd0d76ec2144eee502419611bc8f7b7f5ecd6651c2a797c9bb5fbccd300c68eef93aac4dcbdf703e611e2f1c253b284ffa9ade28691e3e19f4a5be9f85c851254f883f2e7ca7a1ad2c1473d73689b84b7046fea6a6036c5a01939dd81ad1e95c35bb336b8da78ce34ae01d241dc2b1fd313896fea2ad4840e460784bba6f8a9a69dfa044b4cb32eee1decf1a9fc54e21b420d2519bf7ea059f818721086a093760a220fc4cd94c0f2690ef1e9a2c5940faed4946c20fd251481755daf6fc833e2e890cddf154757caa908ba8ee10f4c81b778134fde144e96e19e9e4a1c34f54317ad2f0b10c7aa2917b17690a4ecd031eba026822029c8f163602f8d873c99fcbc850d093976ad8d7af0e07c73b1202d9de372022cc167febc51029f648d3be9445fa702beb90f1d903b405f17bdce77698cc0789d1a0f2e1464a27d4dfe416e035001222566b2cef515cd48ae564d818dc06c7b26648a9ff7b13a930f0b43f0bfed9be98a6b63275d47114e30c437d34b9cc2d05a8e04eecf7636b95b4f218df2063b55899ef006388f95a2b0edbbb6cdc8ae5e4696dffd5b0577e25cb1dce5d6c084348784e8db93d24124fcaf1a0f843e7eaa6ce0a3e47b01b4b3fcd3e4e70d294ef3d4aed8ec7f40aa50ae5bea5a655ae6f3c5f10485a41407dfe2288ab0cd3aab0f727fa47a5a4f26f12b50cf66c4eebbf714079fe9107a222bd3f05af16214542fd3eecb935ac440dfe9ef36fdab2753730e702f39ee2cc14d2f6996db51c887d2f722384cfb3488974ec0ab730357e99ad4d0afc7cda65898a083c716a41f10f3cc84d9b05710c8978835fe39391c64b995221ee8a564c0d9bab6c61d58fb8380ca15b4afb858cc038ac7002fc6250ac562070718232a1a1115beb4cb7d10797fc75e7516d0c0388a6be04eca3bd58ccd396b3d3b612188f127c342b339c0b078d86169a1459879df7de069e055c12be46b4d2402147053ee42927276c3baf758223a1552e54d4391df1ca6f8707c1378c758bc1ef304fb50485802885469a632a7f3df227296be0433c443ccbef2546b8e12d99c93cd60ad92bec6d989d4b2898cd5fa08f80263c5f0680009c5f680752df9034d08b873b0a71cd21e8e780769ba663ad842a8baa25d7ceb4e54641865e6", &(0x7f0000002740)=""/26, 0xfc, 0x8015, 0x0, &(0x7f0000002780)}) r2 = fcntl$dupfd(r0, 0x0, r0) accept4$bt_l2cap(r2, &(0x7f0000002880), &(0x7f00000028c0)=0xe, 0x80800) ioctl$AUTOFS_DEV_IOCTL_READY(r2, 0xc0189376, &(0x7f0000002840)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:21 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x0, 0x20010, 0xffffffffffffffff, 0x8000000) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000}, 0x0) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) syz_io_uring_setup(0x804ebb, &(0x7f0000001780)={0x0, 0x1b9b, 0x10, 0x0, 0x165}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x66e2, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r8, 0x0, 0x0}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r9}}, 0x8) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000700)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, r8, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@ax25={{0x3, @netrom}, [@bcast, @bcast, @bcast, @default, @netrom, @bcast, @bcast]}, 0x80, &(0x7f0000000640)=[{&(0x7f00000003c0)=""/12, 0xc}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000000540)=""/205, 0xcd}], 0x3, &(0x7f0000000680)=""/23, 0x17}, 0x0, 0x40, 0x0, {0x2, r9}}, 0x7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_POLL_REMOVE={0x7, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r9}}, 0x6) syz_io_uring_submit(r0, r2, &(0x7f0000000080)=@IORING_OP_OPENAT2={0x1c, 0x5, 0x0, r5, &(0x7f0000000000)={0x4000, 0x40, 0x10}, &(0x7f0000000040)='./file0\x00', 0x18, 0x0, 0x23456, {0x0, r9}}, 0x80000000) r10 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r10, 0x0) 03:40:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd, 0x0}) 03:40:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB, @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 1965.931329] FAULT_INJECTION: forcing a failure. [ 1965.931329] name failslab, interval 1, probability 0, space 0, times 0 [ 1965.933868] CPU: 0 PID: 10282 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1965.935322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1965.937143] Call Trace: [ 1965.937704] dump_stack+0x107/0x167 [ 1965.938484] should_fail.cold+0x5/0xa [ 1965.939302] ? create_object.isra.0+0x3a/0xa20 [ 1965.940283] should_failslab+0x5/0x20 [ 1965.941129] kmem_cache_alloc+0x5b/0x310 [ 1965.942006] create_object.isra.0+0x3a/0xa20 [ 1965.942945] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1965.944032] kmem_cache_alloc+0x159/0x310 [ 1965.944934] xas_alloc+0x336/0x440 [ 1965.945695] xas_create+0x34a/0x10d0 [ 1965.946320] tmpfs: Bad value for 'mpol' [ 1965.946515] ? kernel_text_address+0xf2/0x120 [ 1965.948327] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1965.949458] xas_store+0x8c/0x1c40 [ 1965.950236] __xa_store+0x164/0x2d0 [ 1965.951014] ? xa_delete_node+0x280/0x280 [ 1965.951942] ? trace_hardirqs_on+0x5b/0x180 [ 1965.952876] xa_store+0x31/0x50 [ 1965.953595] __io_uring_add_tctx_node+0x1cf/0x520 [ 1965.954635] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1965.955775] ? alloc_fd+0x2e7/0x670 [ 1965.956567] io_uring_setup+0x1fbb/0x2980 [ 1965.957468] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1965.958550] ? wait_for_completion_io+0x270/0x270 [ 1965.959622] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1965.960741] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1965.961848] do_syscall_64+0x33/0x40 [ 1965.962643] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1965.963748] RIP: 0033:0x7f00b63acb19 [ 1965.964556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1965.968479] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1965.970123] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1965.971646] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1965.973201] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1965.974742] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1965.976263] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:40:21 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:21 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$FS_IOC_READ_VERITY_METADATA(r1, 0xc0286687, &(0x7f0000000180)={0x3, 0x5, 0x82, &(0x7f00000000c0)=""/130}) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) openat(r2, &(0x7f0000000000)='./file0\x00', 0x0, 0x14) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:21 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(r0, 0x227c, 0x0) 03:40:21 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsro', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:21 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 41) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:21 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) [ 1966.154528] tmpfs: Bad value for 'mpol' [ 1966.205350] FAULT_INJECTION: forcing a failure. [ 1966.205350] name failslab, interval 1, probability 0, space 0, times 0 [ 1966.207622] CPU: 0 PID: 10321 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1966.208959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1966.210571] Call Trace: [ 1966.211091] dump_stack+0x107/0x167 [ 1966.211799] should_fail.cold+0x5/0xa [ 1966.212552] ? create_object.isra.0+0x3a/0xa20 [ 1966.213467] should_failslab+0x5/0x20 [ 1966.214216] kmem_cache_alloc+0x5b/0x310 [ 1966.215012] create_object.isra.0+0x3a/0xa20 [ 1966.215857] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1966.216837] kmem_cache_alloc+0x159/0x310 [ 1966.217653] xas_alloc+0x336/0x440 [ 1966.218338] xas_create+0x34a/0x10d0 [ 1966.219060] ? kernel_text_address+0xf2/0x120 [ 1966.219933] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1966.220974] xas_store+0x8c/0x1c40 [ 1966.221682] __xa_store+0x164/0x2d0 [ 1966.222394] ? xa_delete_node+0x280/0x280 [ 1966.223202] ? trace_hardirqs_on+0x5b/0x180 [ 1966.224033] xa_store+0x31/0x50 [ 1966.224675] __io_uring_add_tctx_node+0x1cf/0x520 [ 1966.225608] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1966.226626] ? alloc_fd+0x2e7/0x670 [ 1966.227331] io_uring_setup+0x1fbb/0x2980 [ 1966.228149] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1966.229143] ? wait_for_completion_io+0x270/0x270 [ 1966.230109] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1966.231121] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1966.232128] do_syscall_64+0x33/0x40 [ 1966.232847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1966.233852] RIP: 0033:0x7f00b63acb19 [ 1966.234576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1966.238153] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1966.239631] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1966.241030] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1966.242407] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1966.243777] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1966.245157] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:40:35 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7ffff000}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) 03:40:35 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:35 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = open_tree(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)={0x28, 0x10, 0x1, 0x0, 0x0, {}, [@typed={0x5, 0x0, 0x0, 0x0, @str='\x00'}, @nested={0xa, 0x0, 0x0, 0x1, [@generic="487fec864b24"]}]}, 0x28}}, 0x0) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0x2) r3 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), r2) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0x88, r3, 0x2, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x74, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x4}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xdf00}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}]}, @TIPC_NLA_SOCK_CON={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x393}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x40}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x2}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4f}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x1ff}]}]}, 0x88}, 0x1, 0x0, 0x0, 0x90}, 0x40090) sendmsg$TIPC_NL_MON_GET(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r3, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_NODE={0x8, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x4}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x4}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x800}]}, @TIPC_NLA_MON={0xc, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x9}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4080}, 0x8000) sendmsg$TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1d4, r3, 0x400, 0x70bd28, 0x25dfdbfc, {}, [@TIPC_NLA_MON={0x1c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xf2f}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x2}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x100}]}, @TIPC_NLA_LINK={0xb0, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x34, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x88}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x44, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x81}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xf}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80000000}]}]}, @TIPC_NLA_NET={0x18, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID={0xc, 0x3, 0x7}, @TIPC_NLA_NET_ID={0x8}]}, @TIPC_NLA_PUBL={0x24, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x282}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xffff}]}, @TIPC_NLA_NET={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x820}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x2847}]}, @TIPC_NLA_LINK={0x70, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1000}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}]}]}]}, 0x1d4}, 0x1, 0x0, 0x0, 0x4000041}, 0x10) [ 1980.391410] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 1980.417376] tmpfs: Bad value for 'mpol' 03:40:35 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:40:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000300)={0x0, 0xffffffff, 0x1, [0x16, 0xffff, 0x5, 0x80, 0x20], [0x2, 0x1f, 0x0, 0x6, 0x7fff, 0x0, 0x8, 0x81, 0x5, 0xb6, 0xfffffffffffffff7, 0x6, 0x101, 0x200, 0x7, 0x9, 0x101, 0x8, 0x1, 0x7f, 0x5, 0x4, 0x69, 0xfffffffffffff6b1, 0x800, 0x2, 0x1, 0x5, 0x0, 0x3, 0x101, 0x39, 0x80000000, 0x2, 0xaefe, 0x1ff, 0x1, 0x5, 0x80000000, 0x81, 0x10000, 0x3, 0x5, 0x2, 0x0, 0x7, 0x37f3, 0x3, 0x9e29, 0x0, 0xfffffffffffffffc, 0x7, 0x2, 0x9, 0x2bb8, 0xfff, 0x5, 0x9, 0x1, 0x7ff, 0xffff, 0x8, 0x3, 0x3f, 0x101, 0x7, 0x81, 0x7, 0x80, 0x9, 0xfffffffffffffffb, 0x80, 0x40000000000, 0x2467, 0x7, 0x8, 0x8001, 0x2, 0x9, 0x3ff, 0x6, 0x7, 0x8, 0x80000000, 0xfffffffffffffffe, 0x1, 0x1, 0x7ff, 0x1, 0x9, 0xff, 0x80000001, 0x1, 0x6f0c7c80, 0x80, 0xffffffffffffe36d, 0x566, 0xffff, 0x787, 0x40, 0x5e43, 0xfffffffffffffffb, 0x4, 0x7, 0x8, 0x5, 0x0, 0x5, 0x0, 0xce4, 0x1, 0x0, 0x3, 0x3, 0xfff, 0x5, 0x3ff, 0x3ac, 0x2f, 0x9, 0x7]}) r3 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x401) sendmsg$TIPC_CMD_RESET_LINK_STATS(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, [""]}, 0x30}}, 0x1) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'geneve0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r4, 0x1, 0x6, @local}, 0x10) bind$packet(r1, &(0x7f0000000080)={0x11, 0xf5, r4, 0x1, 0x7f, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000000)="b47d49d0ec9715850d60aa93629b2a93b956b7d06bf112f81f", 0x19, r1}, 0x68) 03:40:35 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsro', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:35 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 42) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:35 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_EMULATED_HOST(r0, 0x2203, &(0x7f0000000000)) 03:40:35 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:35 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x2, 0x0, 0x0, 0x0}) 03:40:35 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000080), 0x80000000, 0x80402) kcmp$KCMP_EPOLL_TFD(r1, 0x0, 0x7, r0, &(0x7f00000000c0)={r2, r0, 0x80}) ioctl$SG_IO(r0, 0x227c, 0x0) r3 = fsopen(&(0x7f0000000100)='nfs\x00', 0x1) ioctl$BTRFS_IOC_INO_LOOKUP(r3, 0xd0009412, &(0x7f0000000140)={0x0, 0x63}) 03:40:35 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsro', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:35 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x3, 0x0, 0x0, 0x0}) [ 1980.573385] FAULT_INJECTION: forcing a failure. [ 1980.573385] name failslab, interval 1, probability 0, space 0, times 0 [ 1980.574911] CPU: 0 PID: 10350 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1980.575790] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1980.576853] Call Trace: [ 1980.577219] dump_stack+0x107/0x167 [ 1980.577695] should_fail.cold+0x5/0xa [ 1980.578239] ? create_object.isra.0+0x3a/0xa20 [ 1980.578900] should_failslab+0x5/0x20 [ 1980.579394] kmem_cache_alloc+0x5b/0x310 [ 1980.579998] ? mark_held_locks+0x9e/0xe0 03:40:36 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @private}, &(0x7f0000000040)=0x10) getsockopt$IPT_SO_GET_REVISION_MATCH(r0, 0x0, 0x42, &(0x7f0000000080)={'ah\x00'}, &(0x7f00000000c0)=0x1e) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) [ 1980.580582] create_object.isra.0+0x3a/0xa20 [ 1980.581410] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1980.582158] kmem_cache_alloc+0x159/0x310 [ 1980.582784] xas_alloc+0x336/0x440 [ 1980.583290] xas_create+0x34a/0x10d0 [ 1980.583879] ? kernel_text_address+0xf2/0x120 [ 1980.584589] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1980.585412] xas_store+0x8c/0x1c40 [ 1980.585977] __xa_store+0x164/0x2d0 [ 1980.586531] ? xa_delete_node+0x280/0x280 [ 1980.587182] ? trace_hardirqs_on+0x5b/0x180 [ 1980.587851] xa_store+0x31/0x50 [ 1980.588341] __io_uring_add_tctx_node+0x1cf/0x520 [ 1980.589062] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1980.589881] ? alloc_fd+0x2e7/0x670 [ 1980.590460] io_uring_setup+0x1fbb/0x2980 [ 1980.591107] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1980.591905] ? wait_for_completion_io+0x270/0x270 [ 1980.592693] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1980.593521] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1980.594321] do_syscall_64+0x33/0x40 [ 1980.594895] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1980.595736] RIP: 0033:0x7f00b63acb19 [ 1980.596356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1980.599415] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1980.600691] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1980.601905] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1980.603110] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1980.604311] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1980.605532] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 1980.651437] sg_write: data in/out 1935898123/246 bytes for SCSI command 0x0-- guessing data in; [ 1980.651437] program syz-executor.1 not setting count and/or reply_len properly [ 1980.674243] tmpfs: Bad value for 'mpol' 03:40:52 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0x7fffffffffffff}, {&(0x7f0000000840)=""/4096, 0x200000}], 0x2) 03:40:52 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 03:40:52 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:52 executing program 7: ioctl$FICLONERANGE(0xffffffffffffffff, 0x4020940d, &(0x7f00000000c0)={{}, 0x7fff, 0x5b, 0x5}) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x1, 'caif0\x00', {}, 0x7}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r2, 0xd8499488957a772f}, 0x14}}, 0x0) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000440)={&(0x7f0000000100), 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r3, 0x10, 0x70bd2a, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) write$binfmt_aout(r0, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0], 0x120) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r5, 0x2286, &(0x7f0000000280)={0x53, 0xfffffffffffffffb, 0x0, 0x0, @buffer={0x0, 0x9b, &(0x7f0000000380)=""/155}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:52 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x8, 0x0, 0x0, 0x0}) 03:40:52 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) fstat(r0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0}) r3 = getegid() fsetxattr$system_posix_acl(r1, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)={{}, {0x1, 0x1}, [{0x2, 0x7, 0xee01}, {0x2, 0x4, r2}], {}, [{0x8, 0x1, r3}], {}, {0x20, 0x6}}, 0x3c, 0x3) 03:40:52 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000300)={0x53, 0xfffffffffffffffc, 0xc5, 0x1, @buffer={0x0, 0x5a, &(0x7f0000000080)=""/90}, &(0x7f0000000100)="be68f072c5960e87616efd79c49ff63cfedc454e641c387653444e6c01fdeaacaccb2b816e96c8cb0e61e209673c247e6da149a85e56afbc97b72c60534a79ce4f51041cbeb1d7bfd93f80984b4436b53c500b0ab298ba56124c6f973bd7d39fabdf895e7c8a0772dd57fb432e4b65cf486e336d93420a43fb7f0e13fc5c4d5a7c2ccf300c1737e5bc79e24ecacecfc88129f8ee1159a70b78fcf77ff827565f39c20b4bbd9a6ddfcf88f80402bd63c30cae437c4f7685d899851440bb98a9a0ca6d7e88d3", &(0x7f0000000200)=""/136, 0x5, 0x22, 0xffffffffffffffff, &(0x7f00000002c0)}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:40:53 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 43) lseek(0xffffffffffffffff, 0x0, 0x0) [ 1997.599315] tmpfs: Bad value for 'mpol' [ 1997.615215] FAULT_INJECTION: forcing a failure. [ 1997.615215] name failslab, interval 1, probability 0, space 0, times 0 [ 1997.617734] CPU: 1 PID: 10399 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1997.619220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1997.621003] Call Trace: [ 1997.621593] dump_stack+0x107/0x167 [ 1997.622467] should_fail.cold+0x5/0xa [ 1997.623425] ? xas_alloc+0x336/0x440 [ 1997.624328] should_failslab+0x5/0x20 [ 1997.625239] kmem_cache_alloc+0x5b/0x310 [ 1997.626343] xas_alloc+0x336/0x440 [ 1997.627262] xas_create+0x34a/0x10d0 [ 1997.629514] ? kernel_text_address+0xf2/0x120 [ 1997.630694] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1997.633713] xas_store+0x8c/0x1c40 [ 1997.634707] __xa_store+0x164/0x2d0 [ 1997.635680] ? xa_delete_node+0x280/0x280 [ 1997.636677] ? trace_hardirqs_on+0x5b/0x180 [ 1997.637828] xa_store+0x31/0x50 [ 1997.638616] __io_uring_add_tctx_node+0x1cf/0x520 [ 1997.639751] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1997.642066] ? alloc_fd+0x2e7/0x670 [ 1997.643033] io_uring_setup+0x1fbb/0x2980 [ 1997.644110] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1997.645391] ? wait_for_completion_io+0x270/0x270 [ 1997.646654] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1997.647988] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1997.649306] do_syscall_64+0x33/0x40 [ 1997.650249] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1997.651511] RIP: 0033:0x7f00b63acb19 [ 1997.652289] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1997.657170] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1997.659125] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1997.660947] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1997.662786] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1997.664614] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1997.666445] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:40:53 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x9, 0x0, 0x0, 0x0}) 03:40:53 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x2000}], 0x2) 03:40:53 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:40:53 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 44) lseek(0xffffffffffffffff, 0x0, 0x0) 03:40:53 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:40:53 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_GET_PACK_ID(r2, 0x227c, &(0x7f0000000180)) ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000000)) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x6, 0x0, &(0x7f0000000580)=[{&(0x7f0000000080)=""/205, 0xcd}, {&(0x7f0000000240)=""/64, 0x40}, {&(0x7f00000001c0)=""/69, 0x45}, {&(0x7f0000000300)=""/234, 0xea}, {&(0x7f0000000400)=""/144, 0x90}, {&(0x7f00000004c0)=""/134, 0x86}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:40:53 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) timer_create(0x3, 0x0, &(0x7f0000000040)=0x0) timer_settime(r1, 0x0, &(0x7f0000000400)={{}, {0x77359400}}, 0x0) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYRESOCT=r0, @ANYRES64, @ANYRES64, @ANYRESDEC=r0, @ANYRES16], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) [ 1997.831413] tmpfs: Bad value for 'mpol' [ 1997.861429] sg_write: data in/out 808464396/242 bytes for SCSI command 0xff-- guessing data in; [ 1997.861429] program syz-executor.1 not setting count and/or reply_len properly [ 1997.872476] sg_write: data in/out 808464396/242 bytes for SCSI command 0xff-- guessing data in; [ 1997.872476] program syz-executor.1 not setting count and/or reply_len properly [ 1997.947763] FAULT_INJECTION: forcing a failure. [ 1997.947763] name failslab, interval 1, probability 0, space 0, times 0 [ 1997.950243] CPU: 0 PID: 10414 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 1997.951690] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1997.953455] Call Trace: [ 1997.954017] dump_stack+0x107/0x167 [ 1997.954793] should_fail.cold+0x5/0xa [ 1997.955607] ? ___slab_alloc+0x155/0x700 [ 1997.956472] ? create_object.isra.0+0x3a/0xa20 [ 1997.957458] should_failslab+0x5/0x20 [ 1997.958263] kmem_cache_alloc+0x5b/0x310 [ 1997.959140] create_object.isra.0+0x3a/0xa20 [ 1997.960070] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1997.961153] kmem_cache_alloc+0x159/0x310 [ 1997.962045] xas_alloc+0x336/0x440 [ 1997.962794] xas_create+0x34a/0x10d0 [ 1997.963602] ? kernel_text_address+0xf2/0x120 [ 1997.964556] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1997.965685] xas_store+0x8c/0x1c40 [ 1997.966451] __xa_store+0x164/0x2d0 [ 1997.967223] ? xa_delete_node+0x280/0x280 [ 1997.968108] ? trace_hardirqs_on+0x5b/0x180 [ 1997.969028] xa_store+0x31/0x50 [ 1997.969741] __io_uring_add_tctx_node+0x1cf/0x520 [ 1997.970762] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 1997.971847] ? alloc_fd+0x2e7/0x670 [ 1997.972626] io_uring_setup+0x1fbb/0x2980 [ 1997.973525] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 1997.974605] ? wait_for_completion_io+0x270/0x270 [ 1997.975647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1997.976759] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1997.977867] do_syscall_64+0x33/0x40 [ 1997.978657] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1997.979743] RIP: 0033:0x7f00b63acb19 [ 1997.980530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1997.984440] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 1997.986059] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 1997.987568] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 1997.989089] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 1997.990592] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 1997.992089] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:41:06 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 45) lseek(0xffffffffffffffff, 0x0, 0x0) 03:41:06 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:06 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x3000}], 0x2) 03:41:06 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xd, 0x0, 0x0, 0x0}) 03:41:06 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:06 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_INO_PATHS(r0, 0xc0389423, &(0x7f0000000080)={0x0, 0x10, [0x1, 0x0, 0x2, 0x7], &(0x7f0000000000)=[0x0, 0x0]}) 03:41:06 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_open_dev$mouse(&(0x7f0000000000), 0x163, 0x80000) ioctl$BLKTRACESETUP(r1, 0xc0481273, &(0x7f0000000080)={'\x00', 0x643, 0x53, 0x10001, 0x0, 0x82b}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:41:06 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000000), 0x2, 0xf8, 0x0) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r1, r4}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6, r9}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f0000053d80)={0x0, 0x0, "12dae2f90a0fcda3e09dcb19ce1580944c7efb40014f5b81c131c03b28bbb0f6a52f36b4f908f6fc59add0d7c469d9ce827b2e1774961acaf2e8623670bdbda4f8cd990fc909014e0b890f40ea6da349d2bb14780b7963ac3da1cf485e0543096691197af3e82f80040f82d1ae7ff0e05cb3fb84a3c41ecf9f92d3f5ddabd0b2a38ea50424dc6e75f6bee1084aa3d8a6cece1f4bdef2cde15cb4da228b54d66df9421bf0568f6a106850e7927167f624ee4495a927cb98b8cdf608308f82c771d5d067f177c20b488d4450e02fef8a40eabe83429d8579cd2066dce74663d1c9ebf878fc38d7ae48bbc6ff390e45058cf80461213ee6ac872d191d2849c13a82", "dcc446a7a93abc62c0e9e16183c57ec9104c00b5b59efd3dead0450bc2593f3c6c6062fd5828d1f6f69e072766db41aa38b9246ce4f62307d165a881a815eb17fd7d6a09617ec9b2d6149953cac261094026eb3a56bc59ef594b72303b506ae6fe00966211a59c8ad554146d810d00a3a50cdad8820ba8123ab3577a34484be7b45edce3f62f771a426e2660a2272fb1d0332dd1685fc61bdc81fa840f27ee992f643bd9c08943383e05077c0a9d015ff295451e5436b1c588ff959c5c05fe8fed3bb8ffa8513f1e52abde8e2199f298f1c8ffb56217724338a190ae44d2e378a6cf93cd6df65870cc03a010d32d9e71e65381f31392d57a3d8e287d304eff053ddcaac2dff2eeb3b43e80ff6f2203f44887960d94b176ee69805494b89db9faee84f81024840dd8b1e0496bfd58dace8ba21248e6d10be5d7adaccff0c4e10c799a04deaf2f0c39ad898ad401d3a34412a55df9e882d585c8fbc53665a4a45b1450f48f1af48873be6fcb077cba4cabe74e5c17234266d7b290050a13b043b49cae02d73130dc80d6a48c26fdb077635c4a79a6d6de91ae8aff2bca596fc13f7bda357bdcf26f070649244357cb3b67a5a9c8e81762588c96444810e29bb77b53dac5c52363b8827407ef75f90f018232b25a889e3a2535fcfd7b9131af3ef6bdce3774ab21f97a8ddb79367d13f12f57989d742a22d17afc21da0e0a15488ec876bd915b637967eba5844c6b74e3a92c0875628fd6fb1e433605f1d43f89f56c0a93de9bd901561d580a947f7621fc9773fdc6318a60f51f14b21357f6d0d70663515b03acd044f31cb338c7f526034b5f478b0cc94d35826ec40c5fac658009584d0734a4e5966ea95d48fce36db5a81405aa2d18327243047a8e60bcf6b80b494bb43ff5385d75bab76be6555b7b6dc11ae7cd5438ade67f25353be8c875e1c654da259f9167c32452f68cbb79016567148b3836e1c95379796093c2b13a673b0bd98eb3ec2de0abb1ca1de33f5c872db348d1cb76f335cb8224bd45f6b6e10e9650b7165568a3225e1db961610f2aea9f9fd4723dd5fb8760895e6cad219492725dfe6d5a0f7f049de4ab0b753b240d9411c80d2901678042e0526a03d1e5e5071db4cff54dc921c4278bc7d87bbe6bbff6f60d1c39f7ae074f6762efc7cb2b416bbc89fb2df8bf258540f567b72a875664edd8270ed21c99e486c7fa63dff522277efa7d0173026d332f62a1ae089f66e2b8aa934f16c33e16e5b6de5c3aa125292e3af1e3538d6f78e63b8a825a1e9132854bda100a2189a830c761d51672a0ca16da8de53770542708de2dda1a3ec03c5dfa245a63885ab89a31178e5159f62f80c0a9a0391e81f61adf6e9888c3532f1cf48a9ebee6b6c57a6197dc0b8a05e478ad4c4d97c2f17fd535a853005ab56c2f48c5df67cfecb78d7aa0dde95f667c914479431f20cab85499d452ca5c7b89bf56f9f153c81480806287c816e9d3b775818f9d0957f53bef53ec36833f6da658da04f14a45b3f6d7cabd9549f5df6b17ef87aa1571e485625892466069a06b8d8d04f74ed3cd309b8883302ee819b2c8674012b3576905586a71266b5458b1fe7918c03779f44273b9580db99b7e01bbba01b0a82158bd8c06b276d0376756b48f2f10f805a0c66eb71291e5ac7995df568fce2cbe5a519d56caad355dfeac94640f1053fb7db3d46e5e36336746f5e143919204c0d1569c08e6bfa357032348b232eda4b4ade1b2119879e2d47793245551005875519c1bd6dc059d2571d239b05b32ccbcf82c689eaa891a5535da0bc1b08804bac57972077b0545feeb9eb2730dccbd99815e7b05d43b8ed636093cab84da9d05923263bfbe0ff6c931a583ec74c5688c7bb381e609ce45199024bdad42a713a8636c5739dae780e894b4dd54c4833176fa43f10f7a26d9d3c69fd8e89d84fcebb7793c11c4a83dc3fae2bff269a792f638bb6f5c3b560c73720c81f3c7e2e2fca07f094b3416787891740ed7f4f85faf70bf207cce7ea211a324e0afbc28d01e8be0bbd66e3d193c10676d066462eac6a2e01998b9aaa257857da711668312c12fad16751c66d69a4aff9f7493a75642d6b70c7a652060c880325e3996857a142c931d3d93f3987406fddeff655c21e21e81647dacf2773ef088adc79693a320e4000b9579c4c8db9193d52f1b13115e7260ab8a96cd5e3b2d6b5e5c1447eb3e909b3de99e5cffe20552fdc74a42c053cb0d94fb9bc999fbaeaa52d0390b88590c51e9293a0a29fa85c06d828daa770060f1e7f716c347e66526f85698e4a3fc2f4edcc5624483545d86f6d2daf04d116c37dbc3d9da91117b70634f8f73fe8832270e5c93be95791acae785e5112796f2784ac7e17d0b58e4a96496820a694435d318b3c32fe7437c31b1e5a70bfb9e4e26693f069d2633efd9ceae1818ba53cbfb4b8abf25fffa0983f7bfd29dfc0703a2666e82d502549c05b9a1253bc8ae0063bdbff13558c81f34c18d498e8a1bdb9b4a2fcf799f1109e5536dcd911a7b34bcd72f2ae15076eb85ecbdd7ea8e20d4b86f69cbac2c0ed073d766c220d3e2b50e6992493924615f751e9149b9fb982043add663813077752aa74ec7a2b811efe6e4700039ef0bcee75bae0205c8808674ef93b3545f5fd490811d0b91643c79d3f862fc5bc23284179a0523557d255aaa54b001f01ab95e9a327aac77f5e043cff699d3d0a3c3b6ff5cd715f8ff7a3cb30e172ad8d8259ed7772a2df9ba8b034ab124af6166a00cc1fd2919b380648726e292d99d02aee2551a4e69a3f7b2178b372de744602015afcb3855ab0ef20e3a5786e0cb9971078a77bea1b49a9d870dee9b85fb4e94c9aaddae9984eb396d20df8c3d9347fcecffe37eb619ac16fb9772b96de8b6af7877ecb7d0b757bc5c4d5491dacd39d5f392965241eaabbdceea2d8cd0a247760e70e76a0d1863aa99c289ceb3aa02a593bdafb416c4cd282c3d8041c9fbf5377453290caae985d793546490637878e0947caef141a626ac81910968587b30f1f2a9c09d301df0d79c245d8f305b97ef9de373ae4c0f940ec09893f30d00d2200c5b617cbd6ccac1edd7cb92636dcb516e09cf95e39d520bcc25dd482153d35ee60c5904d4a4f91a7cea41c7e8f648cbc60518960dbdb0afb363eb44d65df25f34d828f43fb7b463eaf24e11077955dc9178fe5aab5434411a1c96eb457645b33cef105cd0c94b8d15d1d4d0189153323d2d415fb803c8200c85d3a2bc24d7c32d9ee48b89b1b7fb3c65d67957931ba688472504d08a0a23b8a7d813b7d9c74259ea5269f03df2af603459af62d2f7e37cc8110da5d6c6630d57827b040c7221d9554bf843a1dfa8c3776d50bb680dff1dc7c1f69ec565b9936b838e71b3ee6365813986dcd0c7fa64f1fbd515858a0064c90f82bd04ffa6e606b7a6c855bdf665bc74bd6748a8b4516e6ef6743d77484ab3aa281f767ebaa7d248cccb53789938c9b7d29bab1ed97fbbb9909d81b2a7ee6729659539e173ee754c3e23aa28cde3610b3ceb8be20a5a0714ed35f11650f96653d46c3597f833e18c22e1ab3d0bdbed501353abcf70f42834c1c31d9ce48bb3193e558a554ed7c6f684327f3260f43b565a1339674f47ef17ad3fbed3b91948ec4e2e8064cf867492bebdb8b43055547f7bb0df7c195d102eb9de504bcfcdd0a8f41e8bdb79bd4ecfdeaab167c08e5976ab92900f3484ece4bf0f4b085e21bdd30112f0b7db3f3630da3871188676097f92aef682c106e7fc5d5bab89e2f6fcd37b71878d95e5917dcc775cfc98704c341d9b20ae99686fd46a50cbfa50b414708a813470d4f2d2af38f26a75ec9c74c05512a44d110e0c62ab4444340c16e7bbf978c257a06a8924110bcd72a551af05598286107e984b047d9aba9ac6b0560f574b8099a3a3edfb21ed081122ab5be3114136f685d0fe73f08fadfcab15ab8333b1a5b69b96d2715614967b82f0e5b8eee24fa5d138198ede7a7a4bf9660cd16417c3e91ab33234ed0b311e0792413c2c05e3e44ec1d5869a38129445a954af2bd0e4209635f4fb742f240487bede2c78be6918f04b921fe870fee4a4eecfb92fae5ab11cb9588fa0e4e60f36fc06495cb3caebf44016af876d5318a1ce9c0e501cb9193a69dffab33723ede2cc4965c4b96337eec93e41e09f6e4078608259d9f46284bbf1ebebd976c3edd4a6ff0db42c61dd344b5f226aa0ff6992b45d6b5f1a775de07d929ad45e33a7998d506d97c940bdbb91665e399695ced66f6132c35d822cf6844ff2cdd357b1ff83241476a0f335eb1112e4705f65505cd656840288bff19e5718cb3f4308473575cc7e1fdfd07f36574f620ed7c73e6aea194a4e27c3c293468558b288a3472e5a7148bdf0face4322c72069df2182186ee616a8619cdb172f4df76845761e7033fa6702d69f5515bf6ab5bf91cb088f3bd81c820313b7efb741165168a25fd8df4529cc6816aaf80bd106cf5fb7a0287ee95478dd17997268d3d46c4021846df54e17be2f99d2774a9798d90482f3bbb2753d844f94dcf43d991deb91062fced1d72deb6a049608a8d6aafa247e210e92790120a4e33c1c6a7c395adcb985e09b34f019559c3864c879f0f67fe8159e9661cbdf1f57d5a24d0f33d596922e3e22a37fcde40c1c956659b94398cda86514f3af96ab10c827bdc14ad6dad452ecd097ab96a7d5d100aabac40f8378155d1d30c6f7e23770e9bf7b616edc496c901aef73cdd438425adf4a02f26d226af88569c9933d8a9d71301ee90d71f0442e7351f857df5722ac16a33d87154222331bb72e19a88d3bece730c0ca560d4ef875f3c6ffd1a9e5f009461f91ccb39bc5e4b1aa418f51315d2b3fbf11017ebf336abb15595bc2665a48ef6e0d7fd4672ec1a479e8a34f2f086c460bc7fd0809b299dfeefced688527865c828dea75aa1d9d8a06dc461c20506038778fe033b51e14dbd6b4ea90d87d321904a6aef45a537caa840cd26fd7a243c22d271a6dcae2e7fc26844256459fe18eefd243d60a8fc17c7c732f68c70e8051322f0685a24e6522a8dcf788441386e02bebd64466064a3cf6c60d04b64e92448f23432b11a2ad8ac890379ff302501db5f704aa1fdbf14cb3d14f002ec6a9d117d6491e22ed1d9adf69877375af84158e4873c24c1b84f7548017d1f579c5e1e2818f5c77970099d70de927c3923c493f979295783812bf41eec3933d2b7561f8a73414e2f5362d6e9a3b5d9454254ba99e3283962d19806476f637da96a83f57b3839e449b2829a75088f964ef7222059d930698448ab662f20fa5583d689daeeb304a4d8a63c7576ef3f0142c216607d646805c33076953b4cc83024150078644c833"}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r16}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r12, r15}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000054d80)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r4}, {r7}, {r11, r15}], 0x3f, "bef096d7635761"}) mq_notify(r0, 0x0) [ 2011.234453] FAULT_INJECTION: forcing a failure. [ 2011.234453] name failslab, interval 1, probability 0, space 0, times 0 [ 2011.237000] CPU: 1 PID: 10436 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2011.238485] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2011.240239] Call Trace: [ 2011.240810] dump_stack+0x107/0x167 [ 2011.241607] should_fail.cold+0x5/0xa [ 2011.242410] ? xas_alloc+0x336/0x440 [ 2011.243207] should_failslab+0x5/0x20 [ 2011.244011] kmem_cache_alloc+0x5b/0x310 [ 2011.244859] xas_alloc+0x336/0x440 [ 2011.245633] xas_create+0x34a/0x10d0 [ 2011.246425] ? kernel_text_address+0xf2/0x120 [ 2011.247372] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2011.248476] xas_store+0x8c/0x1c40 [ 2011.249243] __xa_store+0x164/0x2d0 [ 2011.250011] ? xa_delete_node+0x280/0x280 [ 2011.250896] ? trace_hardirqs_on+0x5b/0x180 [ 2011.251370] tmpfs: Bad value for 'mpol' [ 2011.251804] xa_store+0x31/0x50 [ 2011.253318] __io_uring_add_tctx_node+0x1cf/0x520 [ 2011.254344] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2011.255443] ? alloc_fd+0x2e7/0x670 [ 2011.256238] io_uring_setup+0x1fbb/0x2980 [ 2011.257127] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2011.258211] ? wait_for_completion_io+0x270/0x270 [ 2011.259243] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2011.260352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2011.261453] do_syscall_64+0x33/0x40 [ 2011.262237] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2011.263307] RIP: 0033:0x7f00b63acb19 [ 2011.264090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2011.267969] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2011.269580] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2011.271079] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2011.272563] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2011.274070] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2011.275574] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:41:06 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x80001, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = accept4(0xffffffffffffffff, 0x0, &(0x7f0000000380), 0x80800) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) fcntl$dupfd(r1, 0x0, r2) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$INCFS_IOC_FILL_BLOCKS(r0, 0x80106720, &(0x7f0000000140)={0x1, &(0x7f0000000000)=[{0x3ff, 0x91, &(0x7f0000000080)="3c4ddd599179c811f0b74c5ccf977d80dbc54d01367d9175d6493a849e2e005d777ed10956fd11ddf1da2f4795f8852a4cc80ac70f1766cf2d0d032d6a20159be15d4a1ed3fa92e7fde7d8db72e5baf677d68710f4698df8ff102b272dad9a2a01bdff63a1f73747f48c9b76441d38cbac4439a2e0d46f50448bb90484e9faee2093223ea36848a9c1f15662369b3fb041", 0x1, 0x1}]}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000300)={0x0, 0xfffffffffffffffe, 0xb8, 0x8, @buffer={0x0, 0x22, &(0x7f0000000180)=""/34}, &(0x7f00000001c0)="cd5a21c4c2c658e47aa2850713c0ed5264064d6d0a8456433cea90f674d070aa89c9624f11d2d83e626323e0b619c9bb88d44d84813f241b110a874aee0f8e4856462d50c00962b89f8daef580d3676ee582bc604adda4f5bcb48b80d15d633bc1f25b5bd263a8266eb9440aaee7feec43f0f1026ca2391bff9ce9a06f8286d1d9dc4d6010bc0f1868cb7584d66ce25373cf0e6d050c5927243973288bc4988faee8a3b75e1a43424fb332c333af66f8c7464a9bd0fedfdf", &(0x7f0000000280)=""/44, 0x1, 0x1, 0x2, &(0x7f00000002c0)}) 03:41:06 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfdfdffff}) 03:41:06 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xe, 0x0, 0x0, 0x0}) 03:41:06 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x00000000000', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:06 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mq_open(&(0x7f0000000000)='W0\xa6\x9e\xc8\x12\f\x1f\xc8FRZW\xc2h\x03I\xea$\xcc\x04\xdf\xfc~\xbdW\x8b\x00\x00\x81\x1aIV\xaa=\xf0\xa9H\x16\xc4\xcb\xbc\xa2\x19\x0f8g\x16\x10j\x1c\x00\xcc\x1e\xab\xdf\xcf\xf9\xe1\xf8\x8d\xc5F?\xf9\xcf\xedV\xe9\x99\x8b7<\xd2\xcc\xf2\x84\"y\xb3\xc1\x0f\x9c\x0f\x82\x9c\xde\xaa0\xb0\x04\x00\x00\x00\x06+S@\xe19\x1b\xe99\xd5#\x16\xaf|\xf4\x81\x19\xff\x13:\xdeG\xc6\xbbB/W\xf5#\xfaz\xb0\xd3\xc7\xc1m\x885r\xa8\xb2\x8b\x043r\xb5\xfc\x1bw\xacI', 0x0, 0x0, 0x0) 03:41:06 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000000)=""/34, 0x22}, {&(0x7f0000000080)}, {&(0x7f00000000c0)=""/211, 0xd3}, {&(0x7f00000001c0)=""/109, 0x6d}], 0x4, 0x9, 0xefce) 03:41:06 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x4000}], 0x2) 03:41:06 executing program 2: prctl$PR_SET_KEEPCAPS(0x8, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000540)={{{@in6=@remote, @in6=@ipv4={""/10, ""/2, @multicast1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@empty}, 0x0, @in=@loopback}}, &(0x7f0000000140)=0xe8) statx(r0, &(0x7f0000000180)='./file0\x00', 0x6000, 0x20, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) openat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x82902, 0x44) setsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000002c0)={0x0, r1, r2}, 0xc) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r3, 0x0) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000500), 0x200000, 0x0) lseek(r4, 0xfff, 0x0) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$dupfd(r5, 0x0, r5) ioctl$sock_inet_SIOCGIFDSTADDR(r5, 0x8917, &(0x7f0000000080)={'ip6gretap0\x00', {0x2, 0x0, @broadcast}}) openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) r6 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000300)='syz1\x00', 0x200002, 0x0) ioctl$BTRFS_IOC_GET_FEATURES(r6, 0x80189439, &(0x7f00000000c0)) r7 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000340), 0x101000, 0x0) getsockopt$inet_IP_XFRM_POLICY(r7, 0x0, 0x11, &(0x7f0000000380)={{{@in6=@mcast2, @in6=@dev}}, {{@in6=@private1}, 0x0, @in6=@mcast1}}, &(0x7f0000000480)=0xe8) [ 2011.504233] tmpfs: Bad value for 'mpol' 03:41:22 executing program 1: rt_sigreturn() r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000001c0)={0x0, 0xfffffffffffffffb, 0x80, 0x69, @buffer={0x0, 0xff, &(0x7f0000000240)=""/255}, &(0x7f00000000c0)="5f9c81e4d7ea57a4b0b3974264424da74e6d47fa0dea1f8803b344886c2877606ef15d6549950ae7e68cd5b51cdc5f6e3dbd459d7d0e967b39530b92dbd72470ceaaadf97fb14a7b9d3f853f58179dce4a4004ecf65772c63a864fb4eb5b3eb285de270d4aad8199a85718398ca05e2d18c51c28e58fc5179f3156264926c77c", &(0x7f0000000140)=""/53, 0x877, 0x12, 0xffffffff, &(0x7f0000000180)}) 03:41:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffdfd}) 03:41:22 executing program 7: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000240)={'gre0\x00', &(0x7f0000000300)={'syztnl0\x00', 0x0, 0x700, 0x80, 0x6, 0x3ff, {{0x5, 0x4, 0x0, 0xf, 0x14, 0x66, 0x0, 0x7, 0x747ac28751db7e33, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}, @remote}}}}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'caif0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000440)={'syztnl2\x00', &(0x7f00000003c0)={'ip6_vti0\x00', 0x0, 0x29, 0x8f, 0x8, 0x7, 0x28, @mcast1, @mcast1, 0x1, 0x10, 0x7, 0x1}}) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000800)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000480)={0x324, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [{{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r2}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}]}}, {{0x8, 0x1, r3}, {0xa4, 0x2, 0x0, 0x1, [{0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x101, 0x0, 0x81, 0x81}, {0x2, 0x1, 0x0, 0xe52d}, {0x1, 0x3, 0x1b, 0x5a0}, {0x9, 0x8, 0x4, 0x4}, {0x7, 0x9, 0x0, 0x1}, {0x4, 0x4, 0x3, 0xc56c}]}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8}, {0x150, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0xd486, 0x5, 0x4, 0x2}, {0x6, 0x3f, 0x2, 0x1}, {0x2, 0xd8, 0xdc, 0x3}, {0x46db, 0x5, 0x2, 0x2}]}}}]}}, {{0x8, 0x1, r4}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}]}, 0x324}, 0x1, 0x0, 0x0, 0x80}, 0x0) r5 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r5, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r5, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) write$binfmt_elf64(r5, &(0x7f0000000080)={{0x7f, 0x45, 0x4c, 0x46, 0x81, 0xee, 0xdd, 0x80, 0x0, 0x3, 0x3, 0x80, 0x13a, 0x40, 0x314, 0x7fffffff, 0x6, 0x38, 0x1, 0x6, 0x180c, 0x101}, [{0x1, 0x9, 0x37b, 0x61f, 0x2, 0xcac, 0xff, 0x2a7}, {0x6, 0x0, 0x1, 0x6, 0xca, 0x9, 0x4, 0x1}], "6994400f6ced4b9bd4c0bf75f490f69756f7adc9d56011fabbb41583a7dc39a216405ab723474b5a138a46da1618c63dec26039749bfa6ca601c3b65566359b54352281152e57124610c3c4aeb7e54afb5267dfabc611edfe9dc8f7653d9f2da647e6b514c0ef5687a6b758ab3c2186a3d40e512b7ebfac8538a4c23f9046e37b04e5c4052a53d1ba6e12c2770eb2fc31a72029b91bd309fbb4776bac7c213b998dbfc7ff6a430ecf9a4a42b7b752f64b4ea5b1bdc4824beda5fbc630231d22342a297cbf2e86b1821321a05c0ccd8492c3e8766f1"}, 0x185) 03:41:22 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 46) lseek(0xffffffffffffffff, 0x0, 0x0) 03:41:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x10, 0x0, 0x0, 0x0}) 03:41:22 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x00000000000', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:22 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x5000}], 0x2) 03:41:22 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4, 0x10, r1, 0xec979000) 03:41:22 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) dup2(r1, r2) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2027.324788] tmpfs: Bad value for 'mpol' 03:41:22 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0x7, &(0x7f0000000000)={0x105, 0x7fff, 0x0, 0x20}, 0x10) 03:41:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x14401) ioctl$SCSI_IOCTL_DOORLOCK(r0, 0x5380) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="04000b2a8033057f2bd966696c653000"]) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001400)={0xa6, 0xfffffffffffffffd, 0x5b, 0x0, @scatter={0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000080)=""/255, 0xff}, {&(0x7f0000000180)}, {&(0x7f00000001c0)=""/66, 0x42}]}, &(0x7f0000001480)="f4b0d41260d173b4db3beb6e9e89557accb729abc906b3adffb0cc06f45ba667b031a0f956b90c269c0500cc8583a4cd4222e4bed2087de897e7f6afd661689eb4c7bdafdec68caca65f5b9fc261205e75127545d670183780743c", &(0x7f0000001340)=""/73, 0x1, 0x2, 0x3, &(0x7f00000013c0)}) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:22 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x300, 0x0, 0x0, 0x0}) 03:41:22 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x6000}], 0x2) 03:41:22 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r1, 0xf504, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r4 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r4, 0xc0189371, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2027.404469] FAULT_INJECTION: forcing a failure. [ 2027.404469] name failslab, interval 1, probability 0, space 0, times 0 [ 2027.406848] CPU: 1 PID: 10500 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2027.408281] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2027.410019] Call Trace: [ 2027.410566] dump_stack+0x107/0x167 [ 2027.411313] should_fail.cold+0x5/0xa [ 2027.412094] ? ___slab_alloc+0x155/0x700 [ 2027.412931] ? create_object.isra.0+0x3a/0xa20 [ 2027.413878] should_failslab+0x5/0x20 [ 2027.414666] kmem_cache_alloc+0x5b/0x310 [ 2027.415518] create_object.isra.0+0x3a/0xa20 [ 2027.416451] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2027.417506] kmem_cache_alloc+0x159/0x310 [ 2027.418383] xas_alloc+0x336/0x440 [ 2027.419125] xas_create+0x34a/0x10d0 [ 2027.419917] ? kernel_text_address+0xf2/0x120 [ 2027.420850] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2027.421949] xas_store+0x8c/0x1c40 [ 2027.422702] __xa_store+0x164/0x2d0 [ 2027.423464] ? xa_delete_node+0x280/0x280 [ 2027.424332] ? trace_hardirqs_on+0x5b/0x180 [ 2027.425245] xa_store+0x31/0x50 [ 2027.425950] __io_uring_add_tctx_node+0x1cf/0x520 [ 2027.426951] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2027.428039] ? alloc_fd+0x2e7/0x670 [ 2027.428804] io_uring_setup+0x1fbb/0x2980 [ 2027.429689] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2027.430747] ? wait_for_completion_io+0x270/0x270 [ 2027.431769] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2027.432854] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2027.433938] do_syscall_64+0x33/0x40 [ 2027.434713] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2027.435771] RIP: 0033:0x7f00b63acb19 [ 2027.436552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2027.440380] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2027.441963] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2027.443455] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2027.444933] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2027.446421] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2027.447896] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:41:22 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x00000000000', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:22 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1008401, &(0x7f0000000080)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@posixacl}, {@version_L}, {}, {@cachetag}, {@cache_mmap}, {@cache_fscache}], [{@uid_lt={'uid<', 0xee00}}]}}) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x1}) recvfrom(0xffffffffffffffff, &(0x7f0000000200)=""/243, 0xf3, 0x20, &(0x7f0000000300)=@can, 0x80) write$binfmt_script(r0, &(0x7f0000000140)={'#! ', './file0/file0', [{0x20, '%\x92(-\'-'}, {0x20, ']\x1b+'}, {0x20, 'cache=fscache'}, {0x20, '!\x00\x10'}, {0x20, 'kac\xf6f\xad\xf8\r>@\xa5he=mmap'}, {0x20, 'cache=mmap'}, {0x20, '9p\x00'}], 0xa, "d26ec24900e0959fa50f04dca29f7ea00f40b16dbcc07d1ee1620935c65ea518af2b162820b49ee69e04f1a33f4660caa810a9acb70bda8538ada4c272b3eadc2375fad9820acb5b642409b5ffe8ee66ac1bce15351d5ad9010369fc"}, 0xac) mq_timedsend(r0, &(0x7f0000000380), 0x0, 0xfffffffffffffffc, &(0x7f00000003c0)={0x0, 0x3938700}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) [ 2027.509668] tmpfs: Bad value for 'mpol' 03:41:22 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$EXT4_IOC_SWAP_BOOT(r0, 0x6611) pipe(&(0x7f0000000000)) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000080)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0}) 03:41:38 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x900, 0x0, 0x0, 0x0}) 03:41:38 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$PIO_CMAP(r1, 0x4b71, &(0x7f0000000000)={0xe0c, 0x7f, 0x400, 0x7fffffff, 0xfffffffffffffffa, 0xfff}) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r2, 0x0) 03:41:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000080)={0xd4, ""/212}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:38 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x7000}], 0x2) 03:41:38 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 47) lseek(0xffffffffffffffff, 0x0, 0x0) 03:41:38 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000880)={0x53, 0xfffffffffffffffc, 0x3c, 0x4, @scatter={0x7, 0x0, &(0x7f0000000700)=[{&(0x7f0000000080)=""/223, 0xdf}, {&(0x7f0000000180)=""/137, 0x89}, {&(0x7f0000000300)=""/234, 0xea}, {&(0x7f0000000400)=""/80, 0x50}, {&(0x7f0000000480)=""/238, 0xee}, {&(0x7f0000000580)=""/95, 0x5f}, {&(0x7f0000000600)=""/205, 0xcd}]}, &(0x7f0000000000)="5b125e0051b6aeaf64ab18b2030aedfa9ed0232210fb34225b77b58cb4dada143c08936b999101b309d73ec9aadfd43e09751718e18fe89bb9142e43", &(0x7f0000000780)=""/202, 0x5, 0x10000, 0x1000, &(0x7f0000000240)}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:38 executing program 1: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = dup(r0) getsockname(r0, &(0x7f0000001480)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @private0}}}, &(0x7f00000003c0)=0x80) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000001540), r1) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000001580)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r2, &(0x7f0000002680)={&(0x7f0000001500)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000002640)={&(0x7f00000015c0)={0x1054, r3, 0x4, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x10}}}}, [@NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x8}, @NL80211_ATTR_FRAME_MATCH={0x1004, 0x5b, "84a6ecb210ac45968068c2d01a2371a6cc43da5e58c0ec1f8e2490834dffbbf2f5afd49a7a35e2d69a44b13d0c21908246b31d6e316c409582c44322a3373af26da628776173031742f0bb7bf25cdd4f3646b60dcb01921623b62da3a0a2482231d2351e4a2a2ff11f5cb4ff05a473750ac00bcd61ef390c6a8b0aeec98c48f1e576875e18bc6324a7cccb8caaac44ea8db9bc6e5749457967c44d5df1df0c878782936e299420267d03ae27b2a49861434de0d562f7179282217e3d0e0f8ef19ca687f195a35500255ec7417fac7d971ec55225756e3f9fefbc6c0663b9ce4267bff9319878f6457e8ef345275c629668770dd4e7107366deb39203bccfa5c1a0563ff7e218aab65eedd7a03454eb5eb710df45df60734c938722284f77aeecae12eea6f158db6dc25120b559bdd3bdb754c9eedd4715158cf5d29c85ee079413804e5debbf9db67917b22c64048a3d42e42dc0926283db9f2f65e6979cc99c116a3c9fbad3d0b405ac70f3fab357914d1a79c4dd15cee3a1e3571254f6f4f4abbc05594dc8c5d750a5c7523fa04545b31589b18cfeccdeddd54a7c8eac87fccd306c3a4e8170c09cbc0503856619982e841eaa9e2a2ff5c3f0745855fe9b7ff6b2de7e744c9d1d538ce41b9287b1020e6c76c83c4ed2e8402e361a4c541b1a85070c43d39ae02aa25413d7209d69a67b2a0a6e84e92d98525bc33cf866b757acff35d8974eca0c8845ae76bccb2cb352dcdae6d0d46c8502de88b196c57513d870b9d4120a0b71294df75dd2bf8626e199f07ca3b57859ad5419887cb1cb323a7bb3f472f5bb367e09fc0015d3d33a7d22d05edafa250982765781fe990c0ee32e973d6cd8f9034362ff7f09084295dfebc9955fa6f25fd99530bef2b6a64d4121b5f3f9bfec682853206333e4793ba7c92a37c58e5e479b94c86b8a7a92b2ebdb8deb258f160ece99513cd96cfbbd43843d383be1979376ca5fa6a5cd894a6b63a268d5ce1c4e5178f07afdc873a540027f3f6dae5808a95e7aada7da79967895ca8e85a07379b50cbbe0c6913fa8d34275638d191347eff0b205b62c25f0290f983302a50faa9b008376e090c8fba48dd597d0aee04c2d0682bd854abdc85ad9ce708926d491e3c920085e145d94d82a952f4251a9fb2e95535a17a101ede5daca88f499faf7e7a19941e4de4733a947509b05e65b9aea100cb9cfbb957490bd1ab37684b184f759168cd6e9f8c41fc373769edf248d8b658a4ef7b8f4f1a8cd92baee3a13b5b0f94a8a7bc6735da10a10923a0ed5785dfaf0a5523b788dbbf52716f66344d75f4ec02c6f14b7d497189c1f4da86bb53d3380e8d9a2080c288023f80b0c969d40e7bd5a59fc5fd765e4277f7ea3b1be31a88a4471f1bc1f62455bcd083285a9ae71b1ba4eed202cab0147578c517e514fff88498d4d8e0cd9407cc4e4fdd9af03f5f3386cd0c4537547b9375e319ad39b1059d8747c10bfad830b49e46ecc34d812221444374ccb34d0a20abf5c0f14c019e36c5c792ee29ce46e69c9237c4b50426d74f880477d18f0494f7121314c53abdd92a89c36f433de20e7eacff2e4e09887c884fb6fe7506ba3ea87e309b3627f0bad514cfdd034d8988680aa514dda82c35d0e7eded68b9849356f6693c109c981c63b46f8aed955ff8388f64453825afa05792676f6af8c5401111b6dc74db7cfbfc67c229b032f5609f847acaf183db389f01c37e7f8f116829efe6b6f3271a5b0110049a0f81bd7213f6b0cd911520cbe29ea2c64e98d7d215b667a203d77dc3b35e0a00c0839ec6de7a35f4ceba03c61b5880bd1901778b8a67c91507a639b9905f61b2fb717b08f057b80ec4b8b8a56a1e82250c12dc279f73c76769253c0c9efbdcec561ff5e28ab32d6c4207bfaaafe9b2202251248fb82dc6b6c3c034723a01d71718cb1244bf581cbcd4dd622be237097db820876f096ca1c1fea63550c1341c4c9c11edb2d105b75ec7c838769c1aee0d6fac908dbd829a57fe32edddafe0f6cc4b056203ecf695e7b62a20b66a58279a1f529f10469e4902e648e14c9c10e9a06b3c93fcb85c2a064206443a6a8be40415f77a5f4e91dd43815a38bab42e50edfb58aac04bdb2b31b687dfb2176845eebab09ae113015e36ad401f85efaa278e85910a47385a03eda6efea44c4fedb53725a4583a1652589d806b881603bd953352b40f84c53c19d23837bef59665cd8013de972e32b739b295d6d0fb485e0785961dfbcbac7de525e7430d0eb710ea7ac6a956eb79298425c4a8c488f78ca8fb42a1d62cf95b8c6f61303bb4f36571e6b846e9827d8f5467dda6af973b3330455e8d515a5e63fef5320c789a44600df89964299b892070350660efe4e3ef917dbb6932d1fe5575f6c250a2d55a468d85b5f9a5915f01b6b1264034b303dc77ac801511dbd45bc971c7eb5698c530f6eb7257b4c6ae8f7502e42b1195f2a68e751af8fd269e3b6aafbad8009a2921bb9978ffc01b6b5173bde5ea4436676e323740aa8c3708756965c5cf07718570982775ae12b58ff2678c913ebd6ac97289b8667cae5181c20170da34f578333ba58e256837ad8330ab4b43dee7cff5e005c69ceb00d7993f914a04a294f9e675c2f012133e5632269d239cc37e43ee571cf2b3b3163d8fd9766fc5010a7911035d3912ba5a7da88bac06d2fcc941aa0e9528fe69d5effefe7c9ff268fd517f5d83f27221074997d5d99048f2d6675712256ef8f88cd5cd5fe490b0010bee7f05f2b68f0364b5ae69c1b1fa097443f3ccb71936d9459a132bce038849ff57249ab8f9b4f706a8a5f07bb3d41df86ada89fab80a4e85c422237cf2866c95d343d37c893e22d3d64f44bb4edd98b3ffaa96e56cef983d8f85c9ccd55ff051eab9e010286132aff61b99a4cef4d999c88020774cf1b47998772f5688f0d5e466280ab3e82f0c70976e56fa161466e0375e411b5a19d16cf45f374c14c93eff5d5353cbb1cf4afd30ec7da9654cfd018e9b5f5e1c01b687c3f770000c21400fcd30a48e41970ced2c90e776f7db4d170d37a737b0ed213e1fb9c15de43d91f260a6788fa907959808a637b11275c26445af86e21a0f6dedb3c67dfac0d356008d77428deb174ee405fe5285a8397489037a27003458662f5d103ad922e135be67a965b270601f5cc32a6793abaa38e03a8b54df16870552640ba4e5adc04cb73ccae782941c34e90ee492598253765078c3d55038f271f4d22bc53b7d9f806e0e46371b9a6694299d903b7bf31694a354c6308c913e720d8352e50a6bba4a725ef9770be9a4a57a2827ed323ab3026ad70cb67fcde02d320fd2d905b5ef140009581ada935ad9edd745d3f432fe0d7566cc868b0c5b5c8105a555e36e34546f86ff3486d3ca136c17b65efc924bdeaad93fb95df5bd455d6fee9258512bd0c64b48dc355c1824cfc250640da1c22560e740ac3e2b94086c32473882b6b40abc4bba7177f52e4ec41fda64a097845299efe59434409f2d8c73df75c14aa944ee9a06d86013efb2e3d7e8bd41ac1fab7669763f8eb0da350f5ac1a7078514a8895f970f4652388e4fe939e5352ea097b40f4fef557a8da909b76ec92209845e64d07db58cdf3b5627a23cec77358713c361dafe515174ab2f3cc95f3f033c15ecc8ee7e2a4188441ab374cd98de89b2b54ce8f32f1638296a9d4ca3dfb8a748d5aeaa893fbef0b30382548d27e24da214aaa03e86c92b986972a112a953234ff82e47ddafec3e0b539d9e4923d747cd1cefa67681788744abe3470ce6ed683045d3e3f3a28d022edcccc5e9a96cb80b08248d63374f2e84192ff99d79d6dfc183b43b0b5d0e76923859aff09dcfb3b59958aa188e78abb612bb90db71c1d8941fca9373d5cc4c8d591c5b556d9c97c15125413e884e352ed29c9946a17f3d110b1de205e89646723db59272b97c4878ed38e67a2956c02541156634a50884a0252c51dcdb6dc971ae0809f3715c7e0e61def77eeae4466bb438dd150e596b457b6dc78c6fb171d06f5aa45c0be93b1d4f771cce95b147daa826575a7b592b40ef7f346a884c4a21384f2fa526332ef7c19884fac13230e4852f488f0ac762bcb05ae2bbd9ec5e5536faae1c06bfe8c7a4be5fd46fed5e4b8ea582a8b5de22b92c1667b260251d026cd2d17a479aefd307528962c182ba343eafa5ca9f9881b915613e67f792291b5c5f02edcf77e455284f3ac617b96bf897deaf935fd223223b988c31ec588c18cdc81a8d6dbda0836d5f83f0699311aafc48aeb4a7996d5d0d9a02779aa07204f02301a6e763a49df94bc920317d9eb3a484ed15286e8705c3a8aa5d6f57a485441b7a06cc295a1e900ac0861d7a9a55e58e7dcb3e1ba06da868b65892d99729439df51ec12e04e1aff1ac553d49e7812b3002abe21f92c47ce6866321cd3f96c4e20b8c881bf1df4f3f6e8ae515f553d9a71852afaa9192c73f4e10dafc895787c21bbfc591da261e8a59340d4e988e920059ed1f43d4d48f933d8915f73279fe03731b873e90d706140a96c8984f879fb976b133efe3c482b2dbc921b136beb7923ccdaded3b9664b6a0c531222a928efd71ab41f3c7dc836f2deab255c4be963527d36aa7a04012e20f0ea9739d37fc15d5007ad6ede5565053257d6bc2ee76c23258215fa576829afe39c6c9258c33e9c07a7dc72527513457262fa80fd60c54758be4dc23205d6dc138d61b0eb640d4f7ebc8a4be7ae8247e96526a08f47241e4eb67d5dcf293eaa63fa7c7086ac6dce3969efe3f10ff91f795eb83bb2436bea3bb282b977ffd6261b0b9e2f281ac2a17b0950dbc160ba11b4af7ae87a45be29b8aae2eb8f371bfbe38f520673d8f64d72a1830d75693e517c8e57f1e07e9365d64d75b60234cac61d23a5cd2db9f565dee75b27f80563a7f92e212ba87d7ce5f9ce462e6a45d06ac9dfc5196bceeff22479410a9ebf1467179b29077608d3c1a786a29ba6b9be2439cd711a1526419deddb18d60cd5679947034c6760a0acd8f1d9b6aa9f537e0b314a838a0009d1c8dd1f0a319bbd7c102f5cbefe482eb35d790f2611c4d778cfb6edf9aa1a7b4bbe7d45e08fe5fb9ea9ead916233db7f5b6264a968282bda6c15e8296414043d21f58b84d533e98c956241e01acbf88dc883cafa429c385cc8b229138a375fa924d3cc2aaf315a28a7c0d0085e67369d2731e4daf02c4c21cb2739c592046c32d9aed9a54f9b615c281850128d4aabda848398581d128748403b5511cc004a38ebe13f846920dc0ad20f839f79f396bdaae3e60a6691cfbfc5c564a8d865932fef200e4776f5aee3ab17869a85a91e7e09bee8d96f36c7764a7a7fc74a1f0960e62a3abb3ffd49fed86b5994098aa056d735651c426467e161105c08834e15c3817ec20c7e2e2ba713aad4c6def75793dae93abf2b397d7177863418f68272805de11883ba3e9fbda476adc4a45937dcdc8f527cff481041c8f947212e9a2ff1555cdd3b964e7f7c2d929353eb528bc7707917eb294bb6848bcf280a05a6ffe24e430092206aee6db3efe1d2236143b41eb0b8a84ed08ec7e9e096ec1614a80b9412f989996b14719f627aa3cd8776ad16c415af82422e4c0367c0171af71187bd1b2297982e111840d527d9ccf13708dba70a6b1be91d3f6b83c96592fb9fc1d55b79f4c77c9c70db10bd122f7cc176ca79cf3c0069666ea1e40ca702c238825534d718b1c6caad8e1260fee652093fbd4b02951b6249f560aba5b666"}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x5}, @NL80211_ATTR_FRAME_TYPE={0x6}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x50}]}, 0x1054}, 0x1, 0x0, 0x0, 0x4044000}, 0x400c4) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_GET_WIPHY(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="2503001e8bfc00005a6e1f"], 0x24}}, 0x0) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000004c00)=ANY=[@ANYBLOB="94000000", @ANYRES16=r5, @ANYBLOB="010025bd7000ffdbdf25250000000c009900ff0f00002a0000000a0006007c55f93140df000008003500040000000a003400020202020202000005001801390000000800a000ff7f0000080022010400000008002201f901000008009f00040000000a000600505000040000000000000600ffffffffffff000008030000040000000a00340002020202d4da9ad010a86a828167c49bcbd402020000"], 0x94}, 0x1, 0x0, 0x0, 0x10}, 0xc000) r6 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r7 = open(&(0x7f00000001c0)='./file0\x00', 0x20280, 0x14) sendmsg$nl_generic(r7, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000240)=ANY=[@ANYBLOB="fc0000002d0010002bbd7000ffdbdf250800000058480445baeafa815f11b2b35ff49c3f5a188f1188e5ef4d6a922a86b4a12d72bb5a9aac77870c78d8810ba3f4841a2aae8c39592cb31606fc07b9657e5d8b7b0845aacc93001b81a3c2fc24d670d401c55e191a42ccdf33b55a8eeb48e2e60490399b3f7d8d3076e494eee941605202507787981a0010d887ec752a1baa6cbec133f6e8ac08cf22ee89bac55713b4492ae9a68ebecba3b4afc3fa5d55f1508136b2444e8067d59d443b3c4851d7b9fdc130132a2ee6107ab92e7eb00102dab85441b527753a8ba6fc0800940001bc0000c29d5478a2731cd0d00400640000"], 0xfc}, 0x1, 0x0, 0x0, 0x14000000}, 0x800) ioctl$SCSI_IOCTL_SEND_COMMAND(r6, 0x1, &(0x7f0000000440)={0x1000, 0x4, 0x6, "ffe463bef316a6334b480a05fcd04a876f94a222e00522b2cb5894993971ba1c62c170488820aa7d0f83a7a23c7fc3c4a7af21f0c8ee21e979a97434ffbd7e366a35fb410275b184441012e176942412091e8aea28b3ed516d01c0b8285eab80c68a4ec8f74f9e56b0fdc8e5da4911fd2e1a83910dc3451b3750d97905bc3bc4192c00ac7b3d4e1fdc90310031d9ecbdefdaa46aefcd2ebd80d1d16621b5671acb43a8129480859cfee7c2a8063c37a14be7afb06826f86260f65135b536cc87e8fe17acc579b91beaab0fdf7c0f6d8a674ed444328fca932d93327ab907f1feb309c51fb8772629d6aaa5e3f261aee079a20252b8e2bbd5842af1ee38b80289633dcd8354049bd0765ece615ab24a61b562eec4bcfb5cf7ac65a195a6e4502fdb204ec2ced1205a8fbbedd4a677ddba753c796039f6f845cc779f09f3995b7a7d28a83b55748d17222f569aa26198db634101d34c43b7757d7384109d2a9ff9c8a19948838eeedc15fb07c697314675d565886d5227645e224e1e395943b76d29cb8e8c50fbe8676d0f4b0b123b519bc8087cd5cccea498ce794c99a3a02a104d8b2fae24eaf135f06e690988f930203f1024d4c242b6de2bf471c469ce73debe5d1d8853dc95e2554bd147d5e9b321811a3ef61fd739a289d100d34c283d90b3d66183eda002483c2c7142166610f9c9d73120c8bff69835dd64ed26b32559e70d1d765bbe0a694bb5b983567b4461ce72bdc84f713f60899bf4cc02f11a0edf7c1d7e3c5e70ddbb6bb12776d7a0430373cfeba099a4c621d60145b42cb00b953ffed207ee8e7908462e9f44f1bf73d5bb89b5090093692773aba9f3de5b98c0c600f4e9f27702be887981e1e8b20e8e6bc47a4da640b935aa944037514da83746ae108efca573e2c9f05bb91c075f1c4abc567b71e56210e1444ac99171bcd1c3497e4a7e52e9a9e05bc32ec8b3332fd8755761113c5f36b0279267347af7ab8dd81c24619967dbf3da4b0e7bcba2f941ef2a4c99f8cc322ec5d60410aecc4e82c7b9346ef61632bbd132ad39e62d6b584151501c5d82190d9292f77d81dc3c71eac5a04e5cf57ff7866b2a5e55714196be859c53216a609deb6fb923022d5fe51e8341098d2a0c997a71dc707b815cb4c14f0e06f29d71eee66a2e67d5544cc9938762c7c37a71c7b9f3a6630c29ae9891b6b5c2c412a3fa356757477b23b0a23edebaa4d00ac8f5d5055c3e3f10fbae8bbcf046ea24685f1d206532188e2fdc2d924b6e01cf75227e3bb8150cc3e5b1a6e707874272eb81d3e4f415968588c48611ca09890791667be6ac616cd5fdd29796c201f4d05d2df1f8eecdc17bd4c820f8e550ed515a3d76bec3aea94f5d33fb2b4488bfbcb5fa2d338fc6e8f56e87ce4026340165dc7e3ad71256ac76d4ca579388d907c5907e5575d3d74a33b89a06653c42514ef183161b8c289ec0ec6146ac08562d87eaf1bcef3a9e3d13cf5f1f1262313676b631e4c0586d4584479edc3e5a7bab16fb0c6dc79a1a012f58be37aef0104f2ecae230fcd13e609e2b7ee95c475960f858d5b5e0a7ccbdf437cc0eed75bf2c0fc75d7d8be29ca849956e6a8e50f9055aa6bcc2d8f7764c1e8d182dc71b6024a58f198794f705751b02fec8ce2cef3423a6766833676821a102e483add595004bb81a2117d5b4886b40127a90125e73b17b3d0f6fc407fa2c9cfec780893a04b259d6aed2e0a0db50e699436e9f260a22fcef7eae101057e0960b448927e9fca185a655e750972505402add4ab20b96114720c9036883127d3a1e49a112dbc3b1a5eb41833d860b7a0b2ef2687778a188fe18167e4f061f494ec57d6a0da2bd087bc43cca6b05403755be896bab5afe69a57b08e9d1063993060e5810ad5191ddd1cc3e1b0180486c879a1087cb4e92693c5c75277a531b9d1015448aaba34ee0f0de41df3ffc3dfe8af551aa4096298dacb2cc37aee5c9082fb3f2ac97dd2311f4212e9e4972f8a9d24e683cce0dfe95937584b5fbcc59c2e595862b96ef6aa5ea60690f967492cf39949b38709aa7a345ed81795e51d7390e7ff03435e2683ba750426bae0318f5db27bab7c6735e6c1277f61304f82e0b2d142b8edca0f57f457a2a36c31cd33d913cf24b106a5be823588a4afde61dadcac63ca7543c132878c3077565d5591050d2b50ca306ac20df97e42f51ff01e0432c27d8b864cafbc674d6d92df8567c7d49f0c1f3cd5e7303a9f8cc9053fbafbe24feafa0adc0dae7df531a3f7e7d0e5e5da2e1eab416215c264211f34bb400068d004dc91c9c83ec52780150181307fe56c24ce0d82b38d1acce7b7e7d100c5daa08b4dc770ce0bf917324a4f46910a70bf24d2742f41f1d62e9c8b94aa1506809fd584c1d3bc877c37155f45c6a8540cff1cd84f6e8c27ba04111db5368c99b478110f89daa6f00c2796415079a6da8780d402e3a3d0ff8692939e2fb22a50e09eed618eb19ed86990bed197a143009f5e3587e10c39cf5adad919ee5bdd62115eac8e111b51402447060ff85525dc045574e05c7ed8f658833cb7d6002f50e17523e46a7b805f68d69c5d02d4fe879869ac6fec287c6ea4423e6ea84d9ec88c1d317aaef6fe31958914863b5593bd99b6eb1bb36be08fbb1e2bb9e52fcb82da8ffb4bcad65bc0d9eaa7f97fec5c02ff9f577c56aa59a9c03d1c7086f6262cc7cc1d0ee9ee1a6fd0e773981beb466cbe716b40edae0b15bc87b452bdd876f1f001c9f9fb920c5ec5c7dea4901b729ea7991c8a6df867724ecebeba80ff97a9a84599c70d2d6d9a1bc80810d1952f3bfedf2c2a6212b5722ccfa2849de10c9219a25a41e524c3230260872acdaa4f4f37645bde31680ac620a4e06ba733cf9c68f207948e8b6aefc5fbc430631b4f66abc4e5b6389b4fa0184bdceb1d6bf60dcb07a8d316e0394e0a8f4e1cf9555dd1cc9cf19b2a514cb7ceda16ebeff387cfda5147767f442cc41157be702bdc16b297b0de48206d8923ca3a38e2e806323011643c3edcf5e36cb02264891f8634c8ae2b4a2ba68cd4453f2cefb7f99de08ec56d1aedc90666b0f72dcfec05fece0abbc3eb49d4c11e450f5da078d7c6e738aca97b661cfb5c891aee3bbc3a9ece6cdc1e10654b5db7cec2e6e7136fd02bdb6eac65ae4426373ca9dee3b04bc17f8d15dd139759b0ba7866f37fefe1e26af9dc7a1ce39b301eae996f19e1cb2efb8d413e84de6127169941aefc1bd4e2b0dfef0ce91da1edef870d360426225f87cc9b75ca46f30ab314e3d7098976efa503eeccc46f80df9b4bd7be8d2d64b4367d9eaf1a8c76e7efbfe09e2d6dcf13b63e70b9fe704cb929a6488dbbbe8d3304172e0fd92882a90387aefa71accc094e3801344eff5371adad7ac03a21381de23685964498bda5ec3befecea3a893ed7164dd21fb4a736ec4d2bdb79e28cf82588f871ccf71635651af3259c683994c75a17fd4e9a30d302a3de13d3dbde6b7470ff97b53ed1fd7b079746a820ec061198ecc769db3b972e91a97ad066ffbbd31b6ab628cc589ddff769c64f7ab661fe374922dc0d8564208b6fda9b8bcb384f297b37bb0a81a655db264db1d7ca4220fb8f1b2870606d85dc6120438c2747715868fb97571609603e55cbf08525ca093012254cd7745094cedcebe7eb2e961ba3d30ae736823641b81b7a332b1e6156402fe8e0ffa14a1ae22067c8eb081e62eda2cc882fd8578f4a5b38e952e24cdf6d19259457b3ed98c983633ad4b81b7fe9fce6ea778a9321c5f957bb479d2e2bbd4e2e695b88e6f3e6cb2e09d39fd710a3b33f7d3a05f3eebb2742b759e604c7ffda3ff84c4b33098662b1a5c84440476f0af6357ef7ca06dcde06f6cbe210ab95d52bc68224c56a3b3a0bcfc7a710cecfb436f310681fec5dbe9922da04e04aa87885a3e1c2bf5ec72529a24579847caa0b246cb0de93a92fe900537352b260ebc2e6adc7f5ee3f60c96209fc6688aefd099f7063de283c58b34833a35c4322e004de99eb8d4d460a0d498c3c5695471f1d25cc96983ed90bc25ccbd9cd899ff82dffee8276a0e4db27355c0e5a19fea78ea4c74216c7e35c911c839dddc8ee41fa8bea3a1db7de8c805f6f1bb27a196ae2e37c976267028c909cfca1c46d1f5eb6c1567b4725eef97486851ffbc3abba5c58bae04368a6e474e89bc8f74615816db1afb9e33f9a3738d301449cea2be60fb3687af54ecaa870d45e61d18288589349e598e0956781ad08283ee9c457312c29c4843801015a28144648f67e370c91c3fb9a47445d1839287bbfc22a69332a457cba2737da41ecc191dbea30de84a759bead83d1477743ccec31eec723507388157fc570f5c6b77182e5f278119bc4737aac0afcb9e5c393bf336f3f6e9d962d9af2795d44afd04cb442ae44dc9031e923420ab8ca38d65de897020ca30b2fe8fa7028dc7c1b28e90d26407b057db2b71527bf9ca4448cd498aad55f11573d81e2f0438de6345880d484d5bbba3b803fbaf0e80735ef7888781b37d000f2699e07d8b198ee0a73b7a193815213cba33d486c2a5e5ac75c4dc3a3e75a33b85de5e188116289e5602235e3916c47451b941b1c688e084e1baba9067d417c754f8db1703c026b60d9685fb56d0571a55f95854d6b3be7cc8821f7e6201721ea3c0f0e018e35ff746ae08261c49a1a43731281b7ed20be3cf38289e62c319fd98adcc8b6679abe158e3a98ce428a5d088c4a1a4a353fbc2fd2773929f6c137d5c2b783e2bbf75a687ef67db423b9e7e7133a1f6db1c81469d982923dc71afee7c4ae9a01d5a3e8a34939c13b4972f875f1ddb0f06e584d457d32d563aeef781f1d231af35febf5679cc087f4fe083f2625d76d603d8987f37dd4bd3b2a2ccac7614cc6432fc102f83c34524594c7d82ef258108e799674053fdfb60bbd7ff9a2606a8f6f240dbaebe3dfdba16cd59c3e4438100f3fffff1a34df3de86daac72a28982b7d736b0aa8db084d6d639ca03346960908961b0bdfe75e885b8908cfddfe0a75c8b612106ca513faef3c45a88fabebc8e131287d28576c351f4be07029f6db9d8706b7d92f1151f45b68a48a33237075b95bdf1c6b2db6697292a9bb893240ce424b3689d43418c03fa83dcdd9a9ce51db27190f8380faa63fde9ced022c9ff436958c1a012b6b5e7c7ea5af9641835c2dd31d2b2c60356baff27cd36bfe174d7671542ef4b6f018d7ebc08b3c8287df25e009c1b8fb5bf3e7345c95d553b0c9e6bd7229683032276b7006cd0ca0948ed10bea09e95624db644247d30817ecd8495af5a19cee4cf5f676b2fdac5985923f0bd85237c08c8ab1008e2cd9c02728638d2624479b196413a417d64759e3891374b94a73215313754d649f09c15e7eba9184257f9798f209adacc4630b4676a02700e97caa78b7d249600df6658d63da53bb1ded4a9d5fc67b93359bbe01e7f6051ef5e4caca5871ace529d9c0d4f0a1cbb73fe5c38d6bc678144f1b1eb79e398e330301f62bfee056ca1809d8a7cfe011269d6a74135c7ac9f8d05024be57e15753c91d93b5418abe1e8f2a731a49b3b89132b9570903be3a5f856fb6085182a62d73f16bf02a1f9923964df4166a9b1d4a6230bf690027911c33a91f631e7bbec1ebf2ead26fee767eee91bb4a966474e49d4313275024d73acdc4d5c8ed36a1983b2ecfc3b094e5fec20adf7478e22af13ffef8487178b93fa452a13d9765ed1519a22c48448e406eef37942026b8e487a186b78398b84d15939"}) r8 = syz_open_dev$hiddev(&(0x7f00000026c0), 0x6, 0x2482) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000080), 0xc, &(0x7f0000004fc0)={&(0x7f0000004cc0)={0x2f0, 0x31, 0x400, 0x70bd2d, 0x25dfdbfe, {0x13}, [@generic="33990a030818c34c7fca918f0196f482", @nested={0x2cc, 0x52, 0x0, 0x1, [@generic="d162efa14e2b86f016e773d5aba6f38eed6f0e08b7", @typed={0xed, 0x32, 0x0, 0x0, @binary="5f4b3452b03040731319db773143993412bb8d723699f05a94d74f4d80e2f5d31c0b1a36cf223f3ec9ac3c0c1254e0b80c94501f892b3dfca59629a23c75d52dd9eb42cfd434853dca12b8a2d68d4ac45f3a53a16106aec9f64709119103345bd9288626243d514fe010bdf11e363a669c2b69eb55d337d9a0ce49dd1b49be782f538e978d45da5e9124d7cb4795ce048fd56d65428010a81c56824cef07fd6f23edb6acb34cdd1c889f60a0d6eed97642dc69aced887d855d93113b3c73fd015a30367145ffe60ff48ea005bc83921e44de6872980242874ab12a65b4a8a335ec0fda69ad1f46388c"}, @typed={0xc, 0x63, 0x0, 0x0, @u64=0x7fff}, @typed={0x8, 0x95, 0x0, 0x0, @fd=r2}, @generic="18df36906fb54de5cf6422ebee767c7692575a1176db2fef3ed51217afb2526dc9a4b19ca7619929b0d628547cac1b54f6cd13a5a39317904995d0794326954df4931ab50bc456f170759b25ed66a826360d30cb5c0e3e21ed2416dc3fe4ef8dbaf7af171cb9c9c1cd1db892160e6de50661679937162cf616a6b40fb13266bdaeab2aae73736674ed67f530f3a8aef545c7", @typed={0x8, 0x9, 0x0, 0x0, @uid}, @typed={0x4, 0x6a}, @generic="144d7100d4ab95d279a3ad97a27cf1d96047890bbc098764aa29f55290ded601e0a7def0ce7f8793090b73dcc7a35adb98526915111a562204cf680d97af91", @generic="6e75f01589ada70eda234bfcfe36288c87f99d98f95a0acfa07a2dbcd87afdd626693da33f53f10bc3af759dd353be13c4d3b5f6e19597110017eca0117c3e3839d9ff43029f7ba75dee1b167bc2b1f6ae65ae283caf9404bfd817362cbb20b36c7627db4fa325239fd5446c9546ece3bdfc990462dd4223225674ca28cbe2f37000704c6527d95436b9e31b12676dd6787d0f6000a6c9c3da2a66016763f33b327b129413a7673740b457e9e122c5201259ead94c482fa1cf9bbddbab5f6f239e6ed8c5a78deb9c17814f79e1ced2c26d30"]}]}, 0x2f0}, 0x1, 0x0, 0x0, 0x4008840}, 0x4) recvmmsg$unix(r7, &(0x7f0000004a40)=[{{&(0x7f0000002700), 0x6e, &(0x7f0000002840)=[{&(0x7f0000002780)=""/192, 0xc0}], 0x1, &(0x7f0000002880)=[@cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0x0}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000002900), 0x6e, &(0x7f0000002ec0)=[{&(0x7f0000002980)=""/188, 0xbc}, {&(0x7f0000002a40)=""/196, 0xc4}, {&(0x7f0000002b40)=""/134, 0x86}, {&(0x7f0000002c00)=""/222, 0xde}, {&(0x7f0000002d00)=""/196, 0xc4}, {&(0x7f0000002e00)=""/161, 0xa1}], 0x6, &(0x7f0000002f40)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xc8}}, {{&(0x7f0000003040), 0x6e, &(0x7f00000032c0)=[{&(0x7f00000030c0)=""/138, 0x8a}, {&(0x7f0000003180)=""/106, 0x6a}, {&(0x7f0000003200)=""/16, 0x10}, {&(0x7f0000003240)=""/91, 0x5b}], 0x4}}, {{&(0x7f0000003300)=@abs, 0x6e, &(0x7f0000003480)=[{&(0x7f0000003380)=""/255, 0xff}], 0x1, &(0x7f00000034c0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}, {{&(0x7f0000003580), 0x6e, &(0x7f0000004980)=[{&(0x7f0000003600)=""/20, 0x14}, {&(0x7f0000003640)=""/22, 0x16}, {&(0x7f0000003680)=""/154, 0x9a}, {&(0x7f0000003740)=""/31, 0x1f}, {&(0x7f0000003780)=""/97, 0x61}, {&(0x7f0000003800)=""/4096, 0x1000}, {&(0x7f0000004800)=""/153, 0x99}, {&(0x7f00000048c0)=""/157, 0x9d}], 0x8, &(0x7f0000004a00)=[@cred={{0x1c}}], 0x20}}], 0x5, 0x0, &(0x7f0000004b80)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000004bc0)={{0x1, 0x1, 0x18, r8, {0x0, r9}}, './file0\x00'}) write$binfmt_aout(r6, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r6, 0x227c, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) [ 2043.470648] tmpfs: Bad value for 'mpol' [ 2043.487811] FAULT_INJECTION: forcing a failure. [ 2043.487811] name failslab, interval 1, probability 0, space 0, times 0 [ 2043.490424] CPU: 1 PID: 10563 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2043.491908] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2043.493598] Call Trace: [ 2043.494283] dump_stack+0x107/0x167 [ 2043.495084] should_fail.cold+0x5/0xa [ 2043.495905] ? xas_alloc+0x336/0x440 [ 2043.496697] should_failslab+0x5/0x20 [ 2043.497500] kmem_cache_alloc+0x5b/0x310 [ 2043.498384] xas_alloc+0x336/0x440 [ 2043.499140] xas_create+0x34a/0x10d0 [ 2043.499922] ? queued_spin_lock_slowpath+0xcc/0x8c0 [ 2043.500972] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2043.502096] xas_store+0x8c/0x1c40 [ 2043.502873] __xa_store+0x164/0x2d0 [ 2043.503663] ? xa_delete_node+0x280/0x280 [ 2043.504622] ? trace_hardirqs_on+0x5b/0x180 [ 2043.505547] xa_store+0x31/0x50 [ 2043.506401] __io_uring_add_tctx_node+0x1cf/0x520 [ 2043.507567] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2043.508691] ? alloc_fd+0x2e7/0x670 [ 2043.509648] io_uring_setup+0x1fbb/0x2980 [ 2043.510568] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2043.511651] ? wait_for_completion_io+0x270/0x270 [ 2043.512761] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2043.513896] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2043.515019] do_syscall_64+0x33/0x40 [ 2043.515806] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2043.516893] RIP: 0033:0x7f00b63acb19 [ 2043.517722] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2043.522146] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2043.524028] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2043.525577] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2043.527115] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2043.528729] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2043.530589] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:41:38 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f00000026c0)={0x53, 0xfffffffffffffffc, 0x84, 0x5, @scatter={0x7, 0x0, &(0x7f0000002540)=[{&(0x7f0000000080)=""/254, 0xfe}, {&(0x7f0000000180)=""/199, 0xc7}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/228, 0xe4}, {&(0x7f0000001400)=""/4096, 0x1000}, {&(0x7f0000002400)=""/107, 0x6b}, {&(0x7f0000002480)=""/165, 0xa5}]}, &(0x7f00000025c0)="c9ae383080e2638cdb1207ee20044041c8b4a576c80e1a3a22c5cdfc44fe66613474c84a93ffa954a531965aac1a31858fa62cc9dd2f482c227eef53a94100125e3f57605366dd5d48873736e70cabe7005103e56f02aa93785d3dc82f0d808994e903cdd1d397684e445b8527975c71fc84d6a9e71dfdee9bb1951fc57fee77b2aefeea", &(0x7f0000000000)=""/63, 0x3, 0x2, 0x3, &(0x7f0000002680)}) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:38 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x9000}], 0x2) 03:41:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xd00, 0x0, 0x0, 0x0}) 03:41:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f0000000000)=0x1) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000380)={0x0, 0xfffffffffffffffd, 0xb4, 0x3f, @scatter={0x2, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/22, 0x16}, {&(0x7f0000000080)=""/243, 0xf3}]}, &(0x7f00000001c0)="abc145a21c631f4807a8f581bfe5538e57dca85b3c4e1872b4ad253cf571fa08437c3814bba3821c3c05f921358ed4ef8d0833cb61e46e5bfea69a6c0da2971a2d854177e14a5474b5c388df2e56feda0c04d036593544eeb33d12b3859828c2696da5c2880999ac699708ef16ace378016a60504fec52e55ff8ca4610b18ab37182e0e01d87875fa6dff80f4819a0a24c22f2c7c27907cc4bee604a277428cc0e15d1eb9d0b0ed41e37956e0c565103caa90d3e", &(0x7f0000000280)=""/27, 0x7, 0x10, 0x2, &(0x7f00000002c0)}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:41:39 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x2}) ioctl$BTRFS_IOC_QUOTA_CTL(r0, 0xc0109428, &(0x7f0000000000)={0x0, 0x200}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = socket$packet(0x11, 0x3, 0x300) dup2(r2, r3) r4 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SCSI_IOCTL_SYNC(r4, 0x4) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) statx(r6, &(0x7f00000000c0)='./file0\x00', 0x1000, 0x191, &(0x7f0000000140)) mq_notify(r1, 0x0) [ 2043.681483] tmpfs: Bad value for 'mpol' 03:41:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_open_procfs(0x0, &(0x7f0000000000)='io\x00') ioctl$SG_IO(r1, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x4, 0x0, &(0x7f0000000400)=[{&(0x7f0000000440)=""/91, 0x5b}, {&(0x7f0000000140)=""/99, 0x63}, {&(0x7f0000000300)=""/214, 0xd6}, {&(0x7f00000004c0)=""/160, 0xa0}]}, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0}) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) r3 = socket$inet6_udp(0xa, 0x2, 0x0) dup3(r2, r3, 0x80000) 03:41:57 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xe00, 0x0, 0x0, 0x0}) 03:41:57 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x113040) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) syz_open_dev$sg(&(0x7f0000000000), 0x7, 0x40140) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:41:57 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xa000}], 0x2) 03:41:57 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 48) lseek(0xffffffffffffffff, 0x0, 0x0) 03:41:57 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)={0x1000, 0x4, 0x0, "999aef196a40ce41bef64f59ebc87d1f9b68e488475a385e73680c74eb4c2f529ebdaa5e8ff2d2458912e437184c1cb4f853664656ce6aa0c89927727862f12e1b9ddf5653dfd5b128002179bbc22c26d19aff7231a8ef2335b77ba316c60dd142780427e939902ddfb0f6227b9249009108e8c2ae8e7883431a25b339c8b4537396456ca7d71cf629989249b58b924e074650cee1ccb02ebc6bcacc2012f71fa80fca2e970ebbb52263f616ba2e91600de27efdf375fa176ebc55c0919b0abc6d278d5c06487e7b088dd220da1a43cd9107642edc86f6b89110db1daa9165e9eaa0af9c39520aa4713f2614138f273637b16654bdbd4fc9d64e9cb56bfc0f58759c3df1bcf2419daa14e7965e452236e6be15e3cc88a06601870aeac2f9b98d710438a2ce67047c837ef9d82b8380f236df5be36892b10c6d7cdfae1b82ab2d64fe9fa47fca2d8d9c91c50ef2da1be8671d7fdcd358adf1e6cd4567c0701cb90989b700f660bf7e9429b85957c18852735edb2470f1e185ae9f964ab0d26ef15cce570135623b9dbf388b1fbc7c45ec672f39c888e3dd16175e2666394393c619692bbf2adf734a9bc90d61e74e9738978a5a1ea34cd1449551b9f5f1c73361976718c3eba7b30dcbf4547d83fb09af7ef631260870df866b1e3ab598db84a41ee1f4b6133b7ec1fea2c165d11c1346ca072736fcdf3203b3ba58c7b760b119fefa2b6d2109abb014fdc2c5827911e04412a74bc5db29d60bb66a399a29ef2f754c4831f28e788a40d3105328e61c9e66bc2e3a02f9394665323e44b4b3050915115d51be2e4f414edac7a3c883cc5b0a76ae2a0404813259da4adf4cbfbfb5825636e91da1996ce8352630303e8fb821ee12fe5b2ebe32e7a09da4a5861426101ebd6b1642376b9893d6ae96cd876745c215add09f020337e6aa0482aeab608a47858da75e94061738d7e1286569656019db5c681902a802176c2428f41fd9b19bb143573379b1f48c7434873ac7c56a802ac651632af628f0a88d46374e7d46c363d8fe2566081ffd67ef402b2a8cea6fb0d582c3693a2cc86ee278c83cbb559435bf44b7955566aad113f648c1bffc7df71ee31b201a6c69bd54618c357f08d16fae9343563164ddd64553def78137d97a25b7e846099a1cf0bae48ed0073e1559688c0c9dab858b4752d3dcea3cba7b661b0e0ef7258feb8f329fd7dc42f747676a1c45a22b474170a9256ff6a674983a0372bd089bf3f220e92ae9cc00bd5a91e0655faa42b0e079c82725784a056b0125fdc74fa4e77742f13141fbeb65e4679478fe2d9f95fdf59dde9d97127e092459e5554f7bd35ca09851451e73ef181ad1bc279896d1ba70c3e6b14793388cbf213539b828508bd62407f62c2394c1815f288d01e92eb410640a8b24b6ac7f8cebbcdb3b7e674563a132d4f144f5152edab5f50e0403392a56300f01d345afb2d90c16fb2ba61f9fc2da2aaa59261440e3c69629eb0ec1e7414f6b3cb47639f8781e73cac2509e926f21d78215632b908e6035aa45ac5c82c1d7f8d59a0e654c5647be0f5166de53ffb385f6e936e5e98724babe0c2352b011acb1b820559f932d45451baee2b17a0bd3149f6cf2bcca2d91ea48486e034549cf478732bdec9493da9fa50f75ef252e7c2c2f8e5c63bdc0544d089e7eaf1b0a75fe9c0561130f6b99f9308679e0dc425c9e521a69b5f341fb7ec137b1fa8dd1d7e1fd4062011675007a597f376e5f154afbd857b1f5f8d5646ca450bc263a6df28e5d72e6a96e51ff2b9138d0d9b89212b5ecaefd320c334a51e152b73f268c079c39525dd17196f3b89e101b6f5e524a50e9b26ff7f30a0c85c7f0b71a5427fda2ef14da50da9246f08d51dcb64e2d789ee88278d912f79d857ce9bfb88dd39b4b636c8413011351ca70d60e1a3efa8a13b32a2f4425910ddd1476fc37f149477544f2662e04cca345d52a75e0a7129ee230c1f2c44d27709c777f8bb9f7cde9ca96d7456de28216d8f4e2655fbe2ad8a04ec648175420a0784a2a9bbc42f90a6669ea09c37eccce4c7398890ee1bae25141944dc97e2bb13b2577c8ea8a01b15344c6b2a4b965ff031ab429d1e3b7baa3e1bb9af3e17cd4abbd0a60b137863bc246dec3b31bf69db3118cc8fe186caeed7ac3564d3ee64f2cca2735c6769730aac86bb8218cf28899ccb5ae58d878d22610286a77a32dbe8b4f6fca8c33440391e3213f2f192943c5ae177b8d3f5c1d29c684d55bb0032047d9bc05ed1a59b99d54950104c4ced2d803e32f2359c0a78d8f5982b3eeb7095fcf730f38706f098be7f9dae21d31a70908bb969bf9cc74f1cf6a06a711ca63cc30e3eb5d22f77dda96a6fbeb3c6b9a3b5ec71e1e2818a56bdff903d6fb42b8c01ea03fe7219623ad3b5d2c956d9bdfb0c9b008eebbf57e0050a0d0f34aa3878c5896eb3a208d6b9b729633e0f6c371cce9072942f55d1651bf37837dd14b50474c88b86f1bb3ff42d59fa72f86bc1b79bb32fa85dfb3b36a50a24180736f43a5518f3be3088e6a4bf2dcd766b8d7e080b343081208d33583c43120ab62877149d17db03c29af59d066722a81eda3a8170b87de2aa17d3fdce9951637057d96e8156a3eb5fa31eb7b9cac2d44acaf2eb180aa95bd802d0ea64b52c80e370f20b42bbb2355b0605ce1dfed2af349e16fa76febe36e8bbbbff33e57f1ceec29b76ffabfd5eac2f76e6305a9bbe13a58baf01d0d993a8b9b95655c0f7f0de2d9f016251e80abf1c46409d8630d04e94d0d28972cbb7de1aba9d7d86aa151267b79f326c6e7fa38036bc3f3b6cfd4bfeee85cb7cd77924cbe6f9c5c655a80086760e94c75c02110de27ad2805a56500e823442ab1e7769af3534e081eb6fb4f263466a456ef3c7eea1a1d555a65c04c41bbb73edb9e1c9eebe0abe03fa555916a1305f77c2e9214ba267a4a77d5d910628b8bfefb4f94f4e4523b8b01650bfdc14e66226b3815b0dc4085baac49322da231a774de685621a91f653ff3f96b2bfcdcf9d9b6700c54b0d7d61103735400c0a8ec6ada13fbcd82866c0a4a65cd21076dbe173a7716b28f4da2157d860af730ee6586764d1547e02134e8db046be55aa094ad23fab4934438eafb5e1344dcb5b2f4fa5442d96c9951f4625a16fbbbf3addc9ca6652ceceb3791d0b24cbe82ce8581aebc62e1c7acf53a2efa5ee09f23ba193fa22b9989c9980643575097eca2a2bfb16b94e939b54907a72bdba1a8b8a942e56998090dbda08fab34b324972fd6fe16ad45aa32fdeb6abd254db063d3ce134d2915beaa0a86524213209b190337fd0c21be23f02a0be6b1cef4a72461a9d714b66b6a47f32728da3230ebc7193b09981cf118c864479128fb2cbda171488337b0c171e48cf511411659b2430b7c903de1c879df8a349c0831afd6dc720a7a6a1a163caa2653edde34cb5271ca1f7945f6641894f16b36382cb58b888d1904d0c42b4847325bbde1151fb11b140c203f42e07ae2a2ea843cc36c4b53fd69ddaf1eaaf23ac97a31e18d4e60dd2b9b1dc87f15f1e7acdf75e8c18139e8393d7f4184a725d83510fae3e9dc98395a14d826d9ddb6341e2ff515c3653270ddb9c8dd311786ad9ebe226bb430c5eeb6e1406ea0e77ab4b69478f94c86da9f1023fdc4fea87ead9dc0de208cf90d9e4c3085e1c5bb627d1aa6e3b89d94290379ec8373cd42cf0118d734eb5734f48f48a5d389fc2d065e9b413047912e8012fc7fe06087586f02e2819cec8ebc79ff5d28865ed5cd605dc538d551e66bea1c5611740c6b74dc3406047f13dd0bc03967fd0876baae0a21fd62deef4440c913c03041e47e0b15f5d47725e3815ee22eb9358de2391b4df266979ab0da814baef80de5d6b04f352bba78fc87b0186d0bfce9d4b7c3197775c135847b465a6f684be9b2573f96c780354ff4f36fcc786ad79fc3f58e9aee05f96af8d6e855c1f2d9efc1fb218e70fa6d092a53290842e723d2b41c200b831fff92217c82b0ebb89b937ee7d4ccd466ec48652b460b08a82492d1b926df6f2ba2d7efd97f6d993159656f280c5e442b1620ea3a083481cba6389def07b67c854b207f5fc7f8ddad388a8a3d22053ac3fe2aed65fbb6c5afe9fa968da6328a6ded4c3fc1393e204dcd7075af7494776ae3177be9728285ed53541e96cb8e650740ecb64d07843021e23f11bfe125f6fd48253d11202f08e34fcac95ed596d47a3d659f21103e0053763c6c3ea4aa00dae778d8b1098dc5562a894bc79f292ebf6056802d3787f4df167754efcd00c49ec8af14b84798cc3988c42fa8bc582ab9ec6c8720a8fa540683db6f8821d7e12060b64b0ef69a71d5fef92e04dc9b7112e5f145edc0745c3f510081d2c712464c9a3073aecae28d1753b85bfefcc5b48045623027ac80f442e6a4d356604bb8a43b9dbbd8b517a6f346328c4905c293635b0b35ada03ba55e856e16ce068e641a446d8b33908ce6938f78f92b249cbaf158772439ebd555d6d3e6be943624e0282ecc6dccbb47dd6c7d52523a6bd6119111c6cf187e9b86fedad7c7ebd89b907edf74d70d82fc1479c6b5c80dede783923f796dce3fa04204622f2a50b64598b7fbd9512dde893d5d7cfd9b420b0508c513bdcabf1cf3aa1c689f95b63c7c5e35c4df695e39f7c05bdd1eed0f9dd721c200a79e58f810ac8c6acaa9adb4d24eff30124f097e8b280e3b11bea8a36fc948b7fb66269041486ae3e4d0df5311c72c8be179f6062e80592926b745ec3e8807821eacba093a4bd90006109b94c346e9cf39559ff425eacbe1a99a62f04e50b10f3474a32e76097fe2072dadd875bd006d855e5eb6e223c8313a8b36da89ae63ac65ea0de47c4582260d5fcef7f802a639bea36a45f37e7a69a49fe574a55083ff1da5ec39547937d2ed7b5f99b00128b2fc01d84cff672c3777c7cfa25520dc9e5ed49e065faa4c0451f3ea1228ab82bd2cde688405502bfef9bdd18341b386043a9b8b6cfed70bcdf2ad0fd6836febdd8ea73c42a1e1fe7086356145a2839e217b2d71e36a18a39aeedece3494d56ae83db8be8800f3fb5633287e44894c8b65d0345f487edf9f4ba84f6353a34ab1c190ac70b4559773f32eac700982d127820c0fb07efa0d96d07d158545b0dd50b797d7f352d574d39d30afcdf3bf7d33555759fe9a482b6ea75132bb39d26fb1685a426a3d9f4c0879100c0a494988a3f2b3731fd3122274c9b20c524920d648942014b4f07193993b810c5b93ab7948086ae64fea3936641f3cfb00302c4a8b21bbf65b04e048bf695e3680222d145d33e7aaa213f15eed9a4d46cd5d076f644a2992642bedf239c5fe7c1786cc1a04f9e166c93edadc2311bc8df3f66369e153720757d34a6b545e202c18e6e81481b2ada625d8c8a0bbd637720efcd6206212f989af6df7e4df5863fccbb6b72614e3550cf85fca04562b8184dfc4dc404865b7fe12e986db5b9ce7ea5b685b695d6e8b4fc9635e71001288e4e8ec67b79606ec6a49a73e56ebb5bd8cb35c6672def855efcf03ff62de9d46de64a042bfad45a560d889c357677f66fad52b021b26adcf81d2ab85092fec4af05f1b107513846ba9794d546b4b9a80f7f891d128586740da1dee3b4b93a04c1ca11fda9448815e0ada74d504170eb99fec4f81dd59c0955e24d20e602ac6960c0ff6df2e81e29246608536ba8f27258320570c6b1cca343776e07070184725cc740f897353c29c4cabbdbc5545c8b0a2019946e669fff95f40ac"}) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYRES16], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:41:57 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:41:57 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000580)='ns/net\x00') read(r0, &(0x7f00000005c0)=""/75, 0x4b) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) sendmsg$OSF_MSG_ADD(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000500)={&(0x7f0000000040)={0x4bc, 0x0, 0x5, 0x201, 0x0, 0x0, {0x3, 0x0, 0x2}, [{{0x254, 0x1, {{0x3, 0x5}, 0x20, 0x6, 0x947, 0x4, 0x5, 'syz1\x00', "006bf674d2ed62acdf2813c213c13d359609df0490681cb62c951d17e00d38dd", "e169c8156a73cd690a6c70dcb49f18579977b198f0c5481b4252b8e87e137a22", [{0x17, 0x666, {0x0, 0x2}}, {0x1, 0x20, {0x0, 0x101}}, {0x8, 0x20, {0x1, 0x81}}, {0x3ff, 0x7218, {0x2, 0x4e74}}, {0x8, 0x1, {0x0, 0x3}}, {0x9, 0x400, {0x2, 0x3}}, {0x7, 0x8d, {0x3, 0x3}}, {0x8, 0x8000, {0x0, 0xea57}}, {0x4, 0x880, {0x0, 0x4}}, {0x9, 0x1f, {0x1, 0x8}}, {0x3f, 0xaaf1, {0x0, 0x8000}}, {0x1000, 0x2, {0x1, 0x73}}, {0x5, 0x40, {0x3, 0xa3c7}}, {0xf801, 0x81, {0x2, 0x101}}, {0xbc, 0x74, {0x1, 0x2}}, {0xfe00, 0xfffc, {0x3, 0x80000001}}, {0x3, 0x3f, {0x1, 0x4}}, {0x74, 0x8, {0x1, 0x838e}}, {0x5, 0x8, {0x0, 0x81}}, {0x8, 0x5, {0x2, 0x3f}}, {0x0, 0xfff8, {0x0, 0x5}}, {0x8, 0x0, {0x1, 0x1}}, {0x2, 0x400, {0x0, 0x20}}, {0x8, 0x7, {0x2}}, {0x6, 0x1, {0x3, 0xab37}}, {0x2f, 0x0, {0x0, 0x1}}, {0x1, 0x1, {0x0, 0x3}}, {0x9, 0x400, {0x2, 0x7}}, {0xfff, 0x6dc, {0x1, 0xffffffff}}, {0x9, 0x7, {0x0, 0x5781294}}, {0x1, 0x1f, {0x0, 0xbf06}}, {0x8, 0x7fff, {0x0, 0x1000}}, {0x800, 0x7ff, {0x1, 0x3}}, {0x0, 0x401, {0x1}}, {0xa8b, 0x1, {0x2, 0x80}}, {0x5, 0x4, {0x0, 0x3f}}, {0x0, 0x8, {0x1, 0x7}}, {0x7f1, 0xc62, {0x1, 0x6}}, {0x0, 0xffff, {0x1, 0x3ff}}, {0x9, 0x2, {0x2, 0xffffffff}}]}}}, {{0x254, 0x1, {{0x0, 0x9}, 0x80, 0x0, 0x4, 0x13f, 0x1f, 'syz1\x00', "0cd004afc968f41b9214c52d360a1b0b3201e17fb94a0af602411342afb5f2b5", "b5189050b508a92772e54999c72af84c65cba09bf7423228a7e74197406cbce7", [{0x0, 0x6498, {0x2, 0x2}}, {0x9, 0xfffd, {0x0, 0x660}}, {0xc00, 0x800, {0x1, 0x2}}, {0xf623, 0x1, {0x3, 0x9}}, {0x5, 0x9, {0x0, 0xed}}, {0x3ff, 0xfffe, {0x3, 0x3}}, {0x1, 0xff80, {0x2, 0x80000000}}, {0xfff, 0x1, {0x3, 0x8ca2}}, {0x1, 0xd2, {0x2, 0x75e7fa17}}, {0x1f, 0x3, {0x1, 0x1}}, {0x9, 0x200, {0x1, 0x800}}, {0x7fff, 0x3ff, {0x1, 0x8}}, {0x8, 0x9, {0x1, 0xfffeffff}}, {0x8000, 0x0, {0x0, 0xfffffffa}}, {0x7fff, 0x2, {0x2}}, {0x3ff, 0x401, {0x1}}, {0xffff, 0x81, {0x2}}, {0xff, 0x5ea0, {0x0, 0x7}}, {0x6, 0x3, {0x0, 0x1}}, {0x1ff, 0x7, {0x0, 0x8}}, {0x8001, 0x3f, {0x0, 0x1}}, {0x200, 0xdad, {0x1, 0x7}}, {0x0, 0x80, {0x1, 0x3f}}, {0x1, 0x1, {0x3, 0x100}}, {0x1, 0x1, {0x3, 0x800}}, {0x7, 0x5, {0x3}}, {0x400, 0x8000, {0x3, 0x5}}, {0xfffe, 0xffff, {0x2}}, {0xe5b1, 0xfff, {0x2, 0x9}}, {0x6f54, 0xe88, {0x2, 0x8000}}, {0x1, 0x100, {0x0, 0x5}}, {0xff, 0xc7, {0x1, 0x1}}, {0x2, 0xfffc, {0x1, 0x9}}, {0x8, 0xda3, {0x2, 0x8}}, {0x9, 0x1, {0x0, 0x5}}, {0x5, 0x70, {0x0, 0x8}}, {0x5f, 0x7, {0x2, 0x8}}, {0x2497, 0x0, {0x2, 0x5}}, {0x0, 0x4, {0x0, 0x240000}}, {0xff, 0x6, {0x0, 0x81}}]}}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x1}, 0x24048004) mq_timedsend(r1, &(0x7f0000000640), 0x0, 0x101, &(0x7f0000000680)) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) r3 = fork() sendmsg$DEVLINK_CMD_RELOAD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0xac, r2, 0x20, 0x70bd26, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_ID={0x8}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_PID={0x8}}]}, 0xac}}, 0x1) sendmsg$DEVLINK_CMD_PORT_GET(0xffffffffffffffff, &(0x7f0000000800)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000007c0)={&(0x7f00000006c0)={0xf8, r2, 0x400, 0x70bd2d, 0x25dfdbfb, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x1}}}]}, 0xf8}, 0x1, 0x0, 0x0, 0x4040004}, 0x0) mq_notify(r1, 0x0) [ 2062.145203] tmpfs: Bad value for 'mpol' 03:41:57 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x1000000, 0x0, 0x0, 0x0}) 03:41:57 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='map_files\x00') getsockopt$inet_udp_int(r1, 0x11, 0x66, &(0x7f00000000c0), &(0x7f0000000100)=0x4) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, @scatter={0x3, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000200)=""/53, 0x35}, {&(0x7f0000000000)=""/37, 0x25}, {&(0x7f0000000140)=""/85, 0x55}]}, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0}) 03:41:57 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0xfffffffffffffffd, 0x101000) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2062.219136] FAULT_INJECTION: forcing a failure. [ 2062.219136] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.221548] CPU: 0 PID: 10614 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2062.222923] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.224547] Call Trace: [ 2062.225073] dump_stack+0x107/0x167 [ 2062.225794] should_fail.cold+0x5/0xa [ 2062.226573] ? create_object.isra.0+0x3a/0xa20 [ 2062.227482] should_failslab+0x5/0x20 [ 2062.228239] kmem_cache_alloc+0x5b/0x310 [ 2062.229047] ? mark_held_locks+0x9e/0xe0 [ 2062.229866] create_object.isra.0+0x3a/0xa20 [ 2062.230742] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.231760] kmem_cache_alloc+0x159/0x310 [ 2062.232612] xas_alloc+0x336/0x440 [ 2062.233319] xas_create+0x34a/0x10d0 [ 2062.234072] ? kernel_text_address+0xf2/0x120 [ 2062.234958] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2062.235987] xas_store+0x8c/0x1c40 [ 2062.236699] __xa_store+0x164/0x2d0 [ 2062.237425] ? xa_delete_node+0x280/0x280 [ 2062.238256] ? trace_hardirqs_on+0x5b/0x180 [ 2062.239120] xa_store+0x31/0x50 [ 2062.239772] __io_uring_add_tctx_node+0x1cf/0x520 [ 2062.240720] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2062.241759] ? alloc_fd+0x2e7/0x670 [ 2062.242502] io_uring_setup+0x1fbb/0x2980 [ 2062.243325] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2062.244322] ? wait_for_completion_io+0x270/0x270 [ 2062.245298] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.246342] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.247370] do_syscall_64+0x33/0x40 [ 2062.248100] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.249113] RIP: 0033:0x7f00b63acb19 [ 2062.249851] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.253522] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2062.255048] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2062.256467] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2062.257891] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2062.259315] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2062.260738] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:41:57 executing program 4: ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="04000000000000002e2f66696c6531003645326c374e330fa071973eee6fb77d6aaabde61bd3d189ce67ac1eea0607861220f352132f58e55b639266dede6e9fe8c2267d3cdba17b840f34b96df476aa4d084a3d19418a0ee1150c6b"]) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000140)={'\x00', 0x1, 0x0, 0x3ff, 0x6, 0x6, 0xffffffffffffffff}) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) creat(&(0x7f0000000000)='./file1\x00', 0x0) mount$9p_fd(0x20100000, &(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB]) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x5c042) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2062.295698] sg_write: data in/out 1701603650/246 bytes for SCSI command 0x0-- guessing data in; [ 2062.295698] program syz-executor.7 not setting count and/or reply_len properly 03:41:57 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,ui', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2062.322835] 9pnet_virtio: no channels available for device [ 2062.381433] tmpfs: Bad value for 'mpol' 03:42:12 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 49) lseek(0xffffffffffffffff, 0x0, 0x0) 03:42:12 executing program 4: fsync(0xffffffffffffffff) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xb000}], 0x2) 03:42:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x488002, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffc, 0x14d, 0x20, @buffer={0x0, 0x33, &(0x7f0000000400)=""/51}, &(0x7f0000000600)="938cc04732d15b1cb11478d0f7fab812c5c522ededcd247e7905a8566862a20fcfc94e7975b3dcb6593f352843f9fd5d98bbf9e19737f820941b28745bea3cc9b0063da96e22dfef3e332df3620fe9c44f1a10609c0dea9fdb5da522a043ac694075d8bebe3346b402ff9cc41e16d9b11a73a7ab83423378cc402d54ff3cdee927e8740aab9a5380601f89d27cbea8ec36e5f3e67582c3b1d22de3d10825f5546321f40bea9c785aa1f3dd4544ae275699e4832c8f24786a641cd381fce8524cc47c015109e6ad63d4db0d6532c5a78b8539c8761315bb9b71f0caa00b419e1d7730202a7ddf5a100c0b474b0a4ee295ca634ec5008b520c8521a385ce348f0ebd62ead972ff2e38d1e4bf53e3694c769241a9478b0e7f405c6c4ace1dac02a507ae6aaadb558598187297c2bd7db53e92974c78640939d428f94d4b6905f80b8200201ae7dedb485301d1c8a8", &(0x7f0000000500)=""/213, 0x0, 0x7, 0x0, &(0x7f0000000340)}) io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}, 0x0, 0x0, 0x0, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000004c0)={0x7, 0x8, 0x4, 0x8000, 0x7fffffff}) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$FIONCLEX(r2, 0x5450) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000140)=0x0) kcmp(r5, 0xffffffffffffffff, 0x4, r0, r4) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x40c20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r6, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f00000000c0)=0xfff) lseek(r6, 0x8, 0x1) 03:42:12 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) 03:42:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x2000000, 0x0, 0x0, 0x0}) 03:42:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = fsmount(0xffffffffffffffff, 0x0, 0xf6) write$binfmt_elf64(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="7f454c46090091010300000000000000030006000800000095000000000000004000000000000000180200000000000000000080090038000100f3060200070002000000fbffffff010000800000000000000000000000000200000000000000070000000000000090000000000000000400000000000000eb3658e734000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200"/893], 0x37d) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:12 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,ui', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2077.154341] tmpfs: Bad value for 'mpol' 03:42:12 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000001340)={0x60, 0x40, 0x3, "0dfbd903e373bdd66f217b9fec924289d9611844ae6fb0e2344ad5880ed0bac426b3b3e6ecd464fcf0544a2a5e9685aa065acb7c46fa9192c354789b37be5bae74584452b00de31218d777ec1b71577981dfa0a0186d7062e11b81e4c82db971"}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x6, 0x0, &(0x7f0000000200)=[{&(0x7f0000000080)=""/144, 0x90}, {&(0x7f0000001300)=""/16, 0x10}, {&(0x7f0000000140)=""/34, 0x22}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000180)=""/7, 0x7}, {&(0x7f00000001c0)=""/50, 0x32}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:12 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000200)={0x0, 0x0}, &(0x7f0000000240)=0xc) setresuid(0x0, 0x0, r3) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000340)={{0x1, 0x1, 0x18, r1, {r3, 0xee01}}, './file0\x00'}) write$sndseq(0xffffffffffffffff, &(0x7f0000000240)=[{0x3f, 0xa0, 0x1, 0xbf, @tick=0x1, {0x4}, {0x2, 0x8}, @addr={0x1f, 0x40}}, {0x1f, 0x6, 0xe0, 0x7f, @time={0xf60, 0x4}, {0x20}, {0x80, 0x9}, @quote={{0x1, 0x8}, 0x7, &(0x7f0000000000)={0x40, 0x7f, 0x3, 0x0, @time={0xbe3, 0x5d240969}, {0x4b, 0x8}, {0x0, 0x81}, @raw8={"6db60483b98589ed03e02d07"}}}}, {0x20, 0x15, 0x3, 0x2, @tick=0xff, {0x1, 0x80}, {0x0, 0x29}, @note={0x8, 0x7f, 0x2, 0x0, 0x9}}, {0x80, 0x1, 0x6, 0x3, @time={0x5}, {0x2c, 0x7}, {0x40, 0x40}, @time=@time={0x90, 0x100}}, {0x3, 0x6, 0x0, 0x1f, @tick, {0x5}, {0x8, 0x4}, @note={0x1, 0x35, 0x1, 0x1f, 0x40}}, {0x5, 0x5, 0x68, 0x67, @time={0x20, 0xb458}, {0xff}, {0x40, 0x3}, @ext={0xfb, &(0x7f0000000040)="f29a0fe1c457eaa1a055b9b17318fb3b35503faa118a49b5a2d3e94bc67bdd46afc8661e2e9f1060b415c18c6f3c18fe637a570236258620d2921847ef712572f68c1d15856e0e0e19f4dbb18cf32ab3dc70cc3f6cd30aa185d27efc508ff3dc533987d7507587f90748690f9666de2d61beb34f1b77011edff7a08edb49739f13773b52721cda45e80f967000ccb476ef4d7937cd89106d6766822043b83a2e8d2cb875f182d011d43dbf9df9def705959a071d6e65f3afc8d94a5e00da640332c0f64d62d73e0ab8933d615e2c586e15656da92507c7e0683bc28673a0155b42fea06e3b9c352d7e2ed4cfbcaf1fcd80477e07e6c6c9eead98bc"}}, {0x3, 0x6, 0x1, 0x5, @tick=0x80, {0xc3, 0xff}, {0xff, 0x8}, @note={0xff, 0x3, 0x0, 0x1, 0xca}}, {0x23, 0x0, 0x2, 0x94, @tick=0x89, {0x0, 0x20}, {0x4, 0xfd}, @ext={0xd1, &(0x7f0000000140)="163c133383be18c09170014594c6a301b2a6418be473bf54fd14eb4d8ea9841927380e3105976bf0e8c24805c058a8614368324911ec50f9f851912b3b9ba66525384d1e0b61a8ff5b8b7dbaa5eb940212688f146ec31bcd13a3cd7e2a50107a2f059098042b88f0f0aad6cf554aa7ad8cdb57c58ca46f7b3772a70481ae44ddc328de632a6ecf5c4b31eef6f5af0da13485a2ea837c09e51104286e952f0db2b4da5b10ff98ab298abb176950ff2587aa48c7de0abb4943f33b30a02bf343699165d7f2dc9cea4ae24bddd536509a94b3"}}], 0xe0) 03:42:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x3000000, 0x0, 0x0, 0x0}) 03:42:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_IO(r0, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffffffffffe, 0xb4, 0x3, @scatter={0x4, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/180, 0xb4}, {&(0x7f0000000140)=""/166, 0xa6}, {&(0x7f0000000300)=""/180, 0xb4}, {&(0x7f00000003c0)=""/216, 0xd8}]}, &(0x7f00000004c0)="57d113571aa1cc79e839673c93bc459e78257b9b4c11f5e96ef726c1bf2568d8ac2ef36a18ca202a9eea2276522f43b8eba9cb898c7ad50b2589b7b8283431b5d1c29c6cff571cf30291899a307d39980de82ccb2afac566db184f720633de5136a2abd088fa61b0aa6155fc69de1664a8a3f9b032bfca46e10d08a79090e5ae25f8b791f0b1dc55ef2909d3a4886efa380165a66382a11e3be52b519465a07af621110f3faf28a10c3cdfd824542ec33521a326", &(0x7f0000000200)=""/98, 0xfc, 0x34, 0x2, &(0x7f0000000580)}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000800)=0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r3 = epoll_create1(0x0) r4 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r4, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r4, 0x0, 0x0, 0x9, 0x0) mq_notify(r4, &(0x7f0000000100)={0x0, 0x41, 0x1}) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r4, &(0x7f0000000900)) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r5 = epoll_create(0x3ff) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r3, &(0x7f0000000200)={0x20000001}) dup2(r6, r3) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r2, 0x4, r6, 0x2) waitid(0x0, r2, 0x0, 0x8, 0x0) clone3(&(0x7f0000000880)={0x80000000, &(0x7f0000000640), &(0x7f0000000680), &(0x7f00000006c0), {0x1a}, &(0x7f0000000700)=""/62, 0x3e, &(0x7f0000000740)=""/183, &(0x7f0000000840)=[r1, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, r2], 0x6}, 0x58) 03:42:12 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,ui', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:42:12 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1, @thr={&(0x7f0000000080)="bacffab588462c368722da28c333b18fe83fdb123d8e13306a196db6d467dacc0457e076c57e60758aed9b650a13443647486f33a3762946ce858406ab6efe20ef6873075f1f21b34147ab994442fe4326", &(0x7f0000000140)="7b977a8086411d8a62f275166bd441fa77298d501295c26b0b0e5e544e3dc6f53ddb3cebc52131945be695e055bf62d5c2b6cf4d9c23bc5639cce37ccf1b9e60e2a91e29fb7ed6ce4db12b4d6fc688426a83cc8ae6115fea2ac57432f7bdfb7aecf4734f544201ba7e91b12f0c89a98aa768c127439c78952949c957330ccbd65c3b419353e3d627efce6618807cfeb82e04d1de82cb7bee89ab37"}}) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) mq_notify(r3, 0x0) 03:42:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000000)) 03:42:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xc000}], 0x2) [ 2077.330329] FAULT_INJECTION: forcing a failure. [ 2077.330329] name failslab, interval 1, probability 0, space 0, times 0 [ 2077.332738] CPU: 0 PID: 10652 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2077.334284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2077.336130] Call Trace: [ 2077.336724] dump_stack+0x107/0x167 [ 2077.337538] should_fail.cold+0x5/0xa [ 2077.338402] ? xas_alloc+0x336/0x440 [ 2077.339238] should_failslab+0x5/0x20 [ 2077.340101] kmem_cache_alloc+0x5b/0x310 [ 2077.341009] xas_alloc+0x336/0x440 [ 2077.341802] xas_create+0x34a/0x10d0 [ 2077.342654] ? kernel_text_address+0xf2/0x120 [ 2077.343665] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2077.344844] xas_store+0x8c/0x1c40 [ 2077.345656] __xa_store+0x164/0x2d0 [ 2077.346499] ? xa_delete_node+0x280/0x280 [ 2077.347454] ? trace_hardirqs_on+0x5b/0x180 [ 2077.348440] xa_store+0x31/0x50 [ 2077.349188] __io_uring_add_tctx_node+0x1cf/0x520 [ 2077.350326] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2077.351506] ? alloc_fd+0x2e7/0x670 [ 2077.352352] io_uring_setup+0x1fbb/0x2980 [ 2077.353306] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2077.354473] ? wait_for_completion_io+0x270/0x270 [ 2077.355587] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2077.356762] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2077.357929] do_syscall_64+0x33/0x40 [ 2077.358796] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2077.360004] RIP: 0033:0x7f00b63acb19 [ 2077.360870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2077.365273] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2077.367357] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2077.369334] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2077.371326] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2077.373302] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2077.375206] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2077.422861] tmpfs: Bad value for 'mpol' 03:42:32 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000040)='-@\x00\x7f\x0f\xadj$\x83Qi\xabfR\b\x82\xc9\xf4\x9e\xd0\x11O\xce\xd1JQ\xd3\xd17\xc7\x17d\x0e\xcd\xec\xedg9\xce.\x89/4\xdd}F\xa6\xd1\x86\x1df\x99', 0x80, 0x18b, 0x0) mq_notify(r0, 0x0) 03:42:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x9, 0x109002) ioctl$SG_IO(r0, 0x227c, 0x0) 03:42:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @scatter={0x5, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000000000)=""/32, 0x20}, {&(0x7f0000001300)=""/81, 0x51}, {&(0x7f0000000100)=""/10, 0x50}, {&(0x7f0000000140)=""/120, 0x78}]}, 0x0, 0x0, 0x0, 0x10024, 0x0, 0x0}) 03:42:32 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 50) lseek(0xffffffffffffffff, 0x0, 0x0) 03:42:32 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xd000}], 0x2) 03:42:32 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:42:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_SYNC(r0, 0x4) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)='./file0\x00', 0x6, 0x400, 0x12345}, 0x9) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0x9, 0x0, 0x9055, 0x3ff, 0x40}) syz_open_dev$sg(&(0x7f0000000100), 0x1, 0x10000) 03:42:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x8000000, 0x0, 0x0, 0x0}) [ 2096.661505] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2096.697423] program syz-executor.4 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2096.700244] tmpfs: Bad value for 'mpol' [ 2096.703716] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2096.703716] program syz-executor.4 not setting count and/or reply_len properly 03:42:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x9000000, 0x0, 0x0, 0x0}) 03:42:32 executing program 1: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_ADD_NAN_FUNCTION(0xffffffffffffffff, &(0x7f0000000740)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000c00)={&(0x7f00000000c0)={0x684, r0, 0x200, 0x70bd28, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_NAN_FUNC={0x2bc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TYPE={0x0, 0x1, 0x1}, @NL80211_NAN_FUNC_SERVICE_ID={0xffffffffffffff1d, 0x2, "7332d7c27b5d"}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_TX_MATCH_FILTER={0x1d8, 0xe, 0x0, 0x1, [{0xf6, 0x0, "d246e647333b8d6f7031b3d730e1d0e2e4df070a0f8e0f8dc538fd6af98a44554c200e35de174032088a173a2259f38d65a094128ec2aab5e89a9f5f32b878876d535bfabd87c03a806a1c262e577e573434d40696ac3b32b147a3a10aca890f86fbcf4f8272298de4788b57f76e082ce80661ee02cbf5e1e8c47d2468aa1f33365221a832d6bc38492bbe1219234114e9e69f9e119a2c6e04596da18959a31fa6b1814139c2930a4cd374c93c4479f71ec4c5915e112caa80724b93516a9f3c4fb9d2efbb6aa25e307bc2610a50b88f56be5a6a80e7b7223a619e9dc6a98749516f970472ce2f7aedea83dce3fc3abd32ac"}, {0x6f, 0x0, "fda9a37238353f8ec2d2503ffe0a3abee20efd93b139b1a5e9214fcb038d8665deaf4b7a3f9152f1e17038da6612aff7cf2ea7c3932b39783992ec1eaf4b244ba223c770ef95108841b68648430ba4a1cbaa779ff7ca690656e120312b52e8be847fe3226e3efaecf2862a"}, {0x6a, 0x0, "24912ef24d15a34d358a11dc30fcd813bc1b8b33a96114daed9e859338bab337a42a5e848d971331c46d755e7d77cdb4cc0abb90856428f3eb8c8c0cab4a795d978646b80df800abdc87c27b071b6075535cdadbb937c3baf999ae51c045b4c8feace96d0528"}]}]}, @NL80211_ATTR_NAN_FUNC={0x1d8, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_TTL={0x8, 0xa, 0x3}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_INSTANCE_ID={0x5, 0xf, 0x40}, @NL80211_NAN_FUNC_SERVICE_ID={0x0, 0x2, "66685fe4469b"}, @NL80211_NAN_FUNC_PUBLISH_BCAST={0x4}, @NL80211_NAN_FUNC_SRF={0x118, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_INCLUDE={0x4}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x9}, @NL80211_NAN_SRF_BF={0x103, 0x2, "6dce16699bcc00c0c2c286a774286677171c144d5e6defff1a7c0e740109ef2f720168881879f4ad399b5bec1dafd712a2f7bcaa0597d000637b77ec468908df3d1c3fba439cb6c6441d5571d7fab0af691e0b570c3f9d3a31d50a2afc0d868420c123413d2d807e581bda5c55b15e70e4ebb49e8114b28f2ab58e23f8fc2cf22bf7da98edbb65e4658b67470772d17e48d52a3a3ba1259ebcff15a4a6e0bcd0203fcd03154f06b37775c6e049bb561212babf91ab19719660771741822cf69a27ec507063c4a985ea1ff6df8e0eca25be98c92e9cc7b4198856124d23f3836bcbc68df3f60a5c7fc2bacf71faaf55e1be193db3b5611f6758a844b770554d"}, @NL80211_NAN_SRF_INCLUDE={0x4}]}]}, @NL80211_ATTR_NAN_FUNC={0x1dc, 0xf0, 0x0, 0x1, [@NL80211_NAN_FUNC_SERVICE_INFO={0x6e, 0xb, "a4cf1412240f49016462835b794dd86d1824a4c9e58f7018cc5d109489a1aa8834e0d2d38e26908091f75428b085145b592b19a2c29a1d56e9908780850a18b3bd457695e183d885cdfe60002115ce1762328cb6369acdb62854c31ea8ec6f29a8d2e3871911b74994ee"}, @NL80211_NAN_FUNC_SRF={0xc, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x41}]}, @NL80211_NAN_FUNC_SUBSCRIBE_ACTIVE={0x4}, @NL80211_NAN_FUNC_SERVICE_ID={0xa, 0x2, "70712be8ce98"}, @NL80211_NAN_FUNC_SRF={0x138, 0xc, 0x0, 0x1, [@NL80211_NAN_SRF_MAC_ADDRS={0x28, 0x4, 0x0, 0x1, [{0xa, 0x6, @broadcast}, {0xa, 0x6, @device_b}, {0xa, 0x6, @broadcast}]}, @NL80211_NAN_SRF_BF={0x103, 0x2, "2a859c55551aebe5525ae9a9b8230bae84a40a2e532352336e793873f81d90b0fdbe1cfba1da1f44aa805877039086f4a86b064ad63af7d3f10d2580d58a0f6b487ccf1457ed4dc785f264b827ec8d8213f443f011190082c5a5d97eca2fad9c7a0ad1a6c05e0762030247e5908c33f2c71859948fce1d14ed5879e2551cf8799eb442277401e3402c424acc2806176e3b9a6dbc45cd95b73d951a47296fd0fe5697efa6e5b37e08391b89f800ec45167c156e733b07614c09c4ab9bd6a657c6c5873005e81d550b7fe3062e6721a791061c972190534ec759f746a140bcc69a2173fe8a035e1e3dfccab3f8968badda8f3740dbd7e0d75531786d06be9d0e"}, @NL80211_NAN_SRF_BF_IDX={0x5, 0x3, 0x6}]}, @NL80211_NAN_FUNC_PUBLISH_TYPE={0x5, 0x3, 0x7f}, @NL80211_NAN_FUNC_FOLLOW_UP_DEST={0xa, 0x8, @broadcast}]}]}, 0x684}, 0x1, 0x0, 0x0, 0x4000000}, 0x24004081) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000980)={0x0, 0xfffffffffffffffc, 0xc7, 0x97, @buffer={0x0, 0x3a, &(0x7f0000000780)=""/58}, &(0x7f00000007c0)="a7c15c629519add6082847ec0af0cb0b597993b9ca07ef0d63db2e7c841c46522a513fdb488cb92110108d54fa5f08a069bfa0e28a95c040eef53d9ffea116463362f0bfe5d75bed2e4d2921a7aff915df21f48f05576b374dde5ab2decf582b36c34562b85117cc94742ef6178f5638b9e85e7daba9749883ac7b8ae061ad56a0928ea6ba1d0a1c6be5719c8cd7ccb06bae4876c01072ab86a43a3e0c5bce9add0fd27165c6510ecfa978a2260bab68c36a17415f9f57765138671cca86d926b3bf518d07446d", &(0x7f00000008c0)=""/127, 0x4, 0x10, 0x1, &(0x7f0000000940)}) ioctl$SG_IO(0xffffffffffffffff, 0x2285, &(0x7f0000000b80)={0x0, 0xfffffffffffffffb, 0x2e, 0x8, @buffer={0x0, 0x60, &(0x7f0000000a00)=""/96}, &(0x7f0000000a80)="d89604bea7e9846735b20085f557716e0f75f2c9a7cbdfc56b402f47b7870aedd12027716a96717d72d3bfaee323", &(0x7f0000000ac0)=""/70, 0x2, 0x22, 0xffffffffffffffff, &(0x7f0000000b40)}) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, 0x0) 03:42:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0xfffffffffffffffb, 0xfd7f, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0}) r1 = socket$unix(0x1, 0x5, 0x0) dup3(r0, r1, 0x80000) 03:42:32 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000180)='-@\xa1\xf5\xfbt\x9c$\x1a\x1d\x0fP\xc7\x00', 0x1, 0x10, 0x0) syz_open_dev$mouse(&(0x7f0000000580), 0xfffffffffffffffa, 0x101000) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) clock_gettime(0x0, &(0x7f0000000140)={0x0, 0x0}) mq_timedsend(r1, &(0x7f00000001c0)="55bfdb235a523c7728a035888125a0675c80158559474d971a01dab67c1ccdef768bfd9fc101098abb2095f1c5d8579cc1c827cdb701944acd2101db02109cc4b22033bc6a6f801ffeb27e7a555bd165371427cb21c7dc87d77d00713419b1297b9bec8ff824eca288a848a2c3ef13cd656e30335068032ac47e69412c558cebf53054bcca46e59218fb3c7c7de7b9bbbe1408100ba7118bd133c065350276d11ba2ce63187cd85a8c688891754851e9a6e6d2917c2af3de1c18b9b276072f75257c8cc2d814a89a8a680e0a4a06", 0xce, 0x8, &(0x7f00000002c0)={r2, r3+10000000}) mq_notify(r0, 0x0) r4 = accept4(0xffffffffffffffff, &(0x7f0000000300)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000380)=0x80, 0x800) r5 = syz_open_dev$vcsa(&(0x7f0000000100), 0x0, 0x401) sendmsg$TIPC_CMD_RESET_LINK_STATS(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)={0x30, 0x0, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}, [""]}, 0x30}}, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'geneve0\x00', 0x0}) setsockopt$packet_add_memb(0xffffffffffffffff, 0x107, 0x1, &(0x7f0000000000)={r6, 0x1, 0x6, @local}, 0x10) sendmsg$nl_xfrm(r4, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000500)={&(0x7f0000000400)=@polexpire={0xdc, 0x1b, 0x100, 0x70bd2d, 0x25dfdbfe, {{{@in6=@empty, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x4e20, 0x0, 0x4e24, 0x400, 0x62c0fbea3218591e, 0x20, 0x20, 0x2f, r6, 0xffffffffffffffff}, {0x7, 0x8, 0x2, 0xf7, 0x4db, 0x4, 0xcc, 0x745d}, {0x40, 0x40, 0x1, 0xf5da}, 0x6af0, 0x6e6bb9, 0x2, 0x0, 0x1, 0x3}}, [@encap={0x1c, 0x4, {0xfffffffffffffffe, 0x4e24, 0x4e22, @in=@private=0xa010101}}]}, 0xdc}, 0x1, 0x0, 0x0, 0x4000000}, 0x4800) mq_timedreceive(r0, &(0x7f0000000000)=""/194, 0xc2, 0x3, &(0x7f0000000100)) 03:42:32 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xe000}], 0x2) [ 2096.786879] FAULT_INJECTION: forcing a failure. [ 2096.786879] name failslab, interval 1, probability 0, space 0, times 0 [ 2096.789291] CPU: 0 PID: 10713 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2096.790739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2096.792470] Call Trace: [ 2096.792717] sg_write: data in/out 3223822/246 bytes for SCSI command 0x0-- guessing data in; [ 2096.792717] program syz-executor.1 not setting count and/or reply_len properly [ 2096.793020] dump_stack+0x107/0x167 [ 2096.793050] should_fail.cold+0x5/0xa [ 2096.797907] ? ___slab_alloc+0x155/0x700 [ 2096.798772] ? create_object.isra.0+0x3a/0xa20 [ 2096.799724] should_failslab+0x5/0x20 [ 2096.800520] kmem_cache_alloc+0x5b/0x310 [ 2096.801370] create_object.isra.0+0x3a/0xa20 [ 2096.802282] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2096.803348] kmem_cache_alloc+0x159/0x310 [ 2096.804219] xas_alloc+0x336/0x440 [ 2096.804963] xas_create+0x34a/0x10d0 [ 2096.805748] ? kernel_text_address+0xf2/0x120 [ 2096.806705] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2096.807804] xas_store+0x8c/0x1c40 [ 2096.808561] __xa_store+0x164/0x2d0 [ 2096.809322] ? xa_delete_node+0x280/0x280 [ 2096.810203] ? trace_hardirqs_on+0x5b/0x180 [ 2096.811120] xa_store+0x31/0x50 [ 2096.811810] __io_uring_add_tctx_node+0x1cf/0x520 [ 2096.812821] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2096.813909] ? alloc_fd+0x2e7/0x670 [ 2096.814683] io_uring_setup+0x1fbb/0x2980 [ 2096.815560] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2096.816309] sg_write: data in/out 3223822/246 bytes for SCSI command 0x0-- guessing data in; [ 2096.816309] program syz-executor.1 not setting count and/or reply_len properly [ 2096.816620] ? wait_for_completion_io+0x270/0x270 [ 2096.816667] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2096.821975] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2096.823064] do_syscall_64+0x33/0x40 [ 2096.823844] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2096.824915] RIP: 0033:0x7f00b63acb19 [ 2096.825687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2096.829531] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2096.831129] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2096.832614] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2096.834118] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2096.835617] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2096.837112] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:42:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xd000000, 0x0, 0x0, 0x0}) 03:42:32 executing program 2: prctl$PR_SET_DUMPABLE(0x4, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0xf34d}}, './file0\x00'}) ioctl$EXT4_IOC_GROUP_EXTEND(r1, 0x40086607, &(0x7f0000000040)=0x97b) mq_notify(r0, 0x0) prctl$PR_SET_DUMPABLE(0x4, 0x0) 03:42:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x90700) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = creat(&(0x7f0000000100)='./file0\x00', 0x14) stat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x5, @scatter={0x1, 0x0, &(0x7f0000000400)=[{&(0x7f0000000200)=""/103, 0x67}]}, &(0x7f0000000440), &(0x7f0000000480), 0x1f, 0x10, 0x1, &(0x7f00000004c0)}) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x8, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {}, 0x2c, {[{@cache_fscache}, {@cache_mmap}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@cache_none}, {@aname={'aname', 0x3d, '/dev/sg#\x00'}}, {@cache_mmap}, {@version_L}], [{@obj_user={'obj_user', 0x3d, '/dev/sg#\x00'}}, {@subj_type}, {@fsname={'fsname', 0x3d, '@@'}}, {@context={'context', 0x3d, 'staff_u'}}]}}) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000000)={0x3, [0x0, 0x0, 0x0]}) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:32 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:42:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r0) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000200)={0x53, 0xfffffffffffffffb, 0x4d, 0x40, @buffer={0x0, 0x29, &(0x7f0000000000)=""/41}, &(0x7f0000000080)="63ecd75ff216e613d2edde1e3b21b0da40a0fb44969b60a530d5eace6a40442467fd043b3e3408e856e8162990711d8947b030c2f64126104c9dbdac9b6ff120d6a30f99dbe5a9f73d5707fffd", &(0x7f0000000100)=""/143, 0xa3, 0x0, 0x0, &(0x7f00000001c0)}) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2096.931073] 9pnet: Insufficient options for proto=fd [ 2096.943379] 9pnet: Insufficient options for proto=fd 03:42:32 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0xf000}], 0x2) 03:42:32 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 51) lseek(0xffffffffffffffff, 0x0, 0x0) [ 2096.972249] tmpfs: Bad value for 'mpol' [ 2096.989046] sg_write: data in/out 333846222/242 bytes for SCSI command 0x3e-- guessing data in; [ 2096.989046] program syz-executor.1 not setting count and/or reply_len properly 03:42:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xe000000, 0x0, 0x0, 0x0}) 03:42:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = syz_open_dev$vcsu(&(0x7f0000000000), 0x3, 0x361901) fcntl$dupfd(r1, 0x406, r2) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2097.058241] FAULT_INJECTION: forcing a failure. [ 2097.058241] name failslab, interval 1, probability 0, space 0, times 0 [ 2097.060668] CPU: 1 PID: 10756 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2097.062117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2097.063862] Call Trace: [ 2097.064416] dump_stack+0x107/0x167 [ 2097.065188] should_fail.cold+0x5/0xa [ 2097.065993] ? xas_alloc+0x336/0x440 [ 2097.066785] should_failslab+0x5/0x20 [ 2097.067582] kmem_cache_alloc+0x5b/0x310 [ 2097.068437] xas_alloc+0x336/0x440 [ 2097.069188] xas_create+0x34a/0x10d0 [ 2097.069984] ? kernel_text_address+0xf2/0x120 [ 2097.070939] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2097.072038] xas_store+0x8c/0x1c40 [ 2097.072794] __xa_store+0x164/0x2d0 [ 2097.073564] ? xa_delete_node+0x280/0x280 [ 2097.074448] ? trace_hardirqs_on+0x5b/0x180 [ 2097.075359] xa_store+0x31/0x50 [ 2097.076053] __io_uring_add_tctx_node+0x1cf/0x520 [ 2097.077057] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2097.078155] ? alloc_fd+0x2e7/0x670 [ 2097.078940] io_uring_setup+0x1fbb/0x2980 [ 2097.079821] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2097.080886] ? wait_for_completion_io+0x270/0x270 [ 2097.081916] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2097.083026] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2097.084106] do_syscall_64+0x33/0x40 [ 2097.084888] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2097.085959] RIP: 0033:0x7f00b63acb19 [ 2097.086745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2097.090606] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2097.092196] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2097.093686] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2097.095190] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2097.096672] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2097.098162] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:42:47 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 52) lseek(0xffffffffffffffff, 0x0, 0x0) 03:42:47 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$TIOCSCTTY(r1, 0x540e, 0x100000001) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r2, 0x0) 03:42:47 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x11000}], 0x2) 03:42:47 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xa003, 0x100) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:47 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:42:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x147800, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/net', 0x604200, 0x1a4) r3 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r3, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r3, 0x40082404, &(0x7f00000000c0)=0xfff) io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000100)={0x4, 0x0, &(0x7f00000000c0)=[r2, r0, r3]}, 0x3) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:42:47 executing program 4: ioctl$BINDER_ENABLE_ONEWAY_SPAM_DETECTION(0xffffffffffffffff, 0x40046210, &(0x7f0000000080)=0x1) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYRESHEX, @ANYRES16=r0, @ANYRESHEX=r0, @ANYRES16=r0, @ANYRESOCT=r0], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:47 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x10000000, 0x0, 0x0, 0x0}) [ 2112.437977] sg_write: data in/out 1717986882/242 bytes for SCSI command 0x30-- guessing data in; [ 2112.437977] program syz-executor.4 not setting count and/or reply_len properly [ 2112.439638] FAULT_INJECTION: forcing a failure. [ 2112.439638] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.444116] CPU: 1 PID: 10784 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2112.445572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.447385] Call Trace: [ 2112.447961] dump_stack+0x107/0x167 [ 2112.448746] should_fail.cold+0x5/0xa [ 2112.449570] ? create_object.isra.0+0x3a/0xa20 [ 2112.450186] sg_write: data in/out 1717986882/242 bytes for SCSI command 0x30-- guessing data in; [ 2112.450186] program syz-executor.4 not setting count and/or reply_len properly [ 2112.450566] should_failslab+0x5/0x20 [ 2112.450597] kmem_cache_alloc+0x5b/0x310 [ 2112.455768] ? mark_held_locks+0x9e/0xe0 [ 2112.456672] create_object.isra.0+0x3a/0xa20 [ 2112.457641] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2112.458771] kmem_cache_alloc+0x159/0x310 [ 2112.459692] xas_alloc+0x336/0x440 [ 2112.460482] xas_create+0x34a/0x10d0 [ 2112.461314] ? kernel_text_address+0xf2/0x120 [ 2112.462305] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2112.463498] xas_store+0x8c/0x1c40 [ 2112.464299] __xa_store+0x164/0x2d0 [ 2112.465105] ? xa_delete_node+0x280/0x280 [ 2112.466013] ? trace_hardirqs_on+0x5b/0x180 [ 2112.467154] xa_store+0x31/0x50 [ 2112.467837] __io_uring_add_tctx_node+0x1cf/0x520 [ 2112.469070] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2112.470156] ? alloc_fd+0x2e7/0x670 [ 2112.471132] io_uring_setup+0x1fbb/0x2980 [ 2112.472208] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2112.473259] ? wait_for_completion_io+0x270/0x270 [ 2112.474530] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.475843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.476975] do_syscall_64+0x33/0x40 [ 2112.477751] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2112.479015] RIP: 0033:0x7f00b63acb19 [ 2112.479858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.483934] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2112.485600] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2112.487151] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2112.488687] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2112.490243] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2112.491823] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:42:47 executing program 2: r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x1}) write$binfmt_script(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB="2321202e2f66696c6530202d40002026247b202b275e7b202d400020763a2e5d5de97b7b295e7b21605d202d4000202d4000202a7b215b2b032d2040405e23cb202d24233a5b5b2c0a3a95e82ec3c9645a7347dc273a6ea5311684b3308b36ab69593a92100fd29d84a640452dea040657de8573ebdd565ccf5477c48f9637cec90fe743934abf3ffd80d631428e12822c16d2d445822fdb50d565acefdf9005bb4fe48c7afec734fc0f2d84bcb5d02f92126eed5f68c827debe4c47c736417d462ad833bb9cbe9238d3b16decc0773793afeb6ae8ae6557cdc56f9568ebdb5f7ec42a4298c61dd32ac87c94c3e3cd11231f32e8d49c54518de36a4bbdce4dea32fb4f89831a25d3f6f8800e8931cb12df651803134d49e6c550ab3f217f418599b16e944953521fbbb52a85907527034aca9bc1e33078c1f3aefd43d2f0c90143c4f73af6a73700caa4b91cba26ee9e17541834518c8880a376067b5091803c385340ce051ccf8d1895319c645ff40de4dc882500d0f6b79c3c7975e57b3079df31235cc42dc9212967617c5b43bc3f4f34e8894d3602e9f07f5e8ae3f7e2d4fca8a253fa2ecd4280cedb1974783c76faf1ae"], 0x143) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) [ 2112.513325] tmpfs: Bad value for 'mpol' 03:42:47 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000740)={0x0, 0xfffffffffffffffd, 0xd9, 0x5, @scatter={0x1, 0x0, &(0x7f0000000500)=[{&(0x7f0000000480)=""/123, 0x7b}]}, &(0x7f0000000540)="32b3c1370b712b09e40bc261282ea32197c1c1798e3d33d3715c85a43ee1cbc4306c37c653157379e9cabeb51198f94bc06414df2736c71bd164b39d274cb9914505888f1f4e7a2bb148dac9dcb06ef7b8eaf084eb1bd27f8623db7999dd02476808f0b5a8b0d11a1946f6a5d1811de5c483b2330b7e478e2f56d65fac0951b2accaf4b4ca781aaf88ec3905e0a1e31161a997faf3c15a3f7e37305b063681f70fb1b50edafdab4c1e5b2a76bb9069bfe32dd3d09f377409eecdfaf147a7f04319bc9e52035ea7a1d8a4a8f2112477e50543ae2c0ae1e669c4", &(0x7f0000000640)=""/139, 0x3ab, 0x10002, 0x0, &(0x7f0000000700)}) r3 = accept4$unix(r2, 0x0, &(0x7f00000007c0), 0x80800) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x41, &(0x7f0000000800), &(0x7f0000000840)=0x4) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r4 = accept$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @initdev}, &(0x7f0000000080)=0x10) r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, r4) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000400)={0x0, 0xfffffffffffffffc, 0xd0, 0x3, @scatter={0x1, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/221, 0xdd}]}, &(0x7f0000000300)="25a6fce0c7cbe2b27fb0740d2a965d1856f6369821e2b9ae6aba22d1e51edc9cabdcaab1a54add668125996fdfd545e61c3843c4348bf135079557fc2a83c5afd6a4e1cf9011352f23ad3849af19275589dc4a712cee147cd6840d23e2f06e56f9d2420bef0ee8baa34ea5aaa5da6c698d8cc259f25b9ab60b526fb1789474295284d1d82fdc333d1bd0cf390a70c013f68748f1fdb5fbe6f240f5b7eb9a0e3f28df3a8ffdb8cf968b2ecb20ffb7223f4b61b0a866a03a496143e09d9ed88a72a653f6412d7f0a5659c3f8666449c271", &(0x7f0000000200)=""/37, 0x5, 0x10000, 0x2, &(0x7f0000000240)}) ioctl$F2FS_IOC_WRITE_CHECKPOINT(r4, 0xf507, 0x0) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:47 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0xffffffffffffff4d) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:42:47 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000400)={0x53, 0xffffffffffffffff, 0xe1, 0xe3, @scatter={0x2, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)=""/50, 0x32}, {&(0x7f0000000080)=""/199, 0xc7}]}, &(0x7f00000001c0)="9c4889641131fae68b72740e4e6d0d86fa504a4b32a3173ae486ab78fb4a18ec41468fbc9e2a99bd82e315a24a374959beb53330721ed753c7652992cbef04c9e473852b7dd822f463f4da85605afbe55bc450e63e5983324cc18c3d685efa2833a063cec331fbf4777245c5a81f188ee1d89f1eb8340cd9efd1b8ca20fd75a15299bce8cfd256dbc8be32420f158191873bc86008bf09cb9e621d3d593352e7b264f898ab5f34ddda9ec007848ff94bdf19b02898c923f5dd64e5d16188130728c602bf20f6a17d5412291e2c3ad7f8a17cf3675c36406e7138d701b62a1cd297", &(0x7f00000002c0)=""/223, 0x579, 0x0, 0x0, &(0x7f00000003c0)}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:42:48 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x12000}], 0x2) 03:42:48 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2112.644305] tmpfs: Bad value for 'mpol' 03:43:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x21ffffff, 0x0, 0x0, 0x0}) 03:43:05 executing program 7: ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f0000000080)=0x10000) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_io_uring_setup(0x3f3d, &(0x7f0000000200)={0x0, 0x13d6, 0x2, 0x0, 0x357}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000300), &(0x7f0000000340)=0x0) r3 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r2, &(0x7f00000003c0)=@IORING_OP_ACCEPT={0xd, 0x3, 0x0, 0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x0, 0x800, 0x0, {0x0, r3}}, 0x9) kcmp(0x0, 0x0, 0x2, r1, 0xffffffffffffffff) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x1, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/129, 0x81}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000000c0)={0x16, 0xcdc, 0x0, "c5252ce272956bfa95e9d7aef48bbfec416c72d4057c"}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r5, 0x2285, &(0x7f0000000640)={0x0, 0xfffffffffffffffc, 0x1, 0x1, @buffer={0x0, 0x9b, &(0x7f0000000480)=""/155}, &(0x7f0000000540)="b2", &(0x7f0000000580)=""/99, 0x2, 0x10000, 0x3, &(0x7f0000000600)}) syz_open_dev$sg(&(0x7f0000000100), 0x4, 0x4002) r6 = open_tree(0xffffffffffffffff, &(0x7f0000000400)='./file0\x00', 0x80000) r7 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r7, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r7, 0x0, 0x0, 0x9, 0x0) mq_notify(r7, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000006c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r6, @ANYRES32=r7, @ANYBLOB="4bc29aed83efb04a411b5d4e5c3c26ec754f41db5b49b7aca97d60a931ce17206258473c191f5fdb16e37471686f56d9e4312b2d83ebcb61e716f10af308061a31fc8193af553c09f3a04b4767bfebcb91b320e3ddb938fdb857a2decb2b1f98a44a91ffba3918772a2732266e9e2bf0469345cef8f621a071ca249e83d1e9502755cf84d68735b7ceb52aabdc6c0d99fb72fe88c79d76b3d0b41585a2296c116ea1b4c6cc9e75779142ff056e8c76524072cc8c4ee638c7d6c457521a692e"]) 03:43:05 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000140)=0x7, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x8000, 0x2) linkat(r1, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r2, 0x227c, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) syz_open_dev$ttys(0xc, 0x2, 0x0) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xfffffffffffdffff, 0xffffffffffffffff, 0x0) read(r4, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40082404, &(0x7f00000000c0)=0xfff) r5 = fcntl$dupfd(r4, 0x0, r3) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) write$P9_RATTACH(r5, &(0x7f0000000100)={0x14, 0x69, 0x2, {0x40, 0x0, 0x7}}, 0x14) 03:43:05 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:05 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x13000}], 0x2) 03:43:05 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 53) lseek(0xffffffffffffffff, 0x0, 0x0) 03:43:05 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r1, 0xd000943e, &(0x7f0000057540)={0x0, 0x0, "fbce468b03a6f37addfac96e55998b03e934f384b18d1007cc80cc139ee149dd66d6729151b7311b150bc3df4ed99cecf9350aadce844df98b864dda7138eace4e82c0320ffb53f2636bc12f944943c541b1ae55ca5ec0b0cd9ab52d487aa5c37cbbb0b12bdef8d422380b4938276c192e6f9707f57afeb50dc34da03a3507776696569ea0448c254e315ee51a841d71e17fdb3d5711b76a08f846f235fe63c1f12ea12cad96aacdb12298f1f01e7038d3d526d54bbacd2bae314b1a7fa169b8b40f2fe8105e559be72a835633d138b1d87f5cb734ac91baf3e2952e032eb3582b5b17d897b47c256e59039d8bc67165b94b089f138a0119fefdcd827e5669e5", "91399fdb46ca55fc6f6067d02393b105f78c5f514a7948de56e69ec0b8b215abdcf87232f6c1b616e77c8419573fb93a717d69489424cc1e6562a44b2bebb012b76c06fc8b231756ef87f548310150097a928120062496f4b19e32e945cba36d63798fed911518875c51b1ac4238cf02c1784769d3eb84e91154b1abb9b456557d89f7779da626693d5f847211ec5408c750f62f7c195fc9382aebf9a3902e1d024e8b76c565bce9c22de56c9f9051433219134d813c534cce5c979f8ff7035993c97eb04602ebc5501eb1808fafe426f114ac80d2cf74e0e446bf9c89f0d4ec1386c61a9175cb8145859c8e5f8fada0a88af0c5ad784057cf2cffdfad7f010861e1510fff80cc68d3e044a5e82d7aee6c6c5da95a35ed976c02c8fa84c201ff89529f35acfeaa63df94269028a521429ad5be3be5b4cfa55185e62e737b2bab8a8cf48e6080967b3289ba776d6b40d9ed57e76e9d0f30006cb59ee644ff47db0d2086fcfd00ed04494b2a36d379bf281ff08a96b911e12c263e9b8f1318ab615379aa637fdeae6337eaf09da4efbe042402d7f10324f301da764a53c194ac8718c3a3e992e8db8e5d826eb03a553f84e7600e3c43601be9313cd3a9e95b40036e1112e76fba479d84f6c9b0ceff8e0a4e0dc833be0a508bff862528e6260682c735a1d1cf032d59fb6863307e08cb1243243d31228abbbdb743e95d7f8e31d94e3e34bd77cf103148ee9d38b283a6d7541bae7cbe31cce7e77449fd5af75c62fecbc1f99185b943cb3e3b79d3041fb83336e359288f94d8660e487fbb83bcf9d94f51e3aa3fb76c3118f64be7be83cabe148e0e8c5d4e18fa89f39fd41a52d2138c332e38f20ca061d485c279f5053e686c72d07646de44ebe70be2e9e9259b20912281577028c9a8aa57f2cecc531cdfbdc23e874bfd13c6dc361b88550276702afe62141a7ae289cfbe7b54119d261a9ae3a90e29dc8c2d906bb37cdec2a2fe774d9f515be8773ae3e915e1b95d027bb67be6d2f4a459f235a1836525540c94458565d9e5738dea84f937153a2ecdd2be641eeb2ecc6584e66207c1ac26cd60cf9a0396de737deb9db088eed1d264f3618cb5facb1cdf8edf8d2c2fb6dc39a1d3ccf57fa9f61c0699f5d8ad3e1e4d77ab4c93c805659d898adbc469a8f0333efa5175cef411da5e039ca80f69246483c914ff5cea96879931f8a4cbe9c7e5ab10248d8f59c521f83f2fdccd4e08bf3e71368d63258979a229ce09857af58f9107a11ecf20aabdd9127834880a2bc071dfcd08352716794e8fd8ca6df978dea9d44b23bf1dc6309d8053a487c92fefce58999b71451be79727b6037b9bedab47a097e1aafc2d26d757c63f2c3b06e192880e07b132870eb5d572fc2e8d1ab17c2519fac58057db43e3d346722429790e6b368889cde74e0335d7baccc2c1479076a7f606c6bd2ae7f2969c5c00300e2d6f0bdd63b2c8a5babf469ae32fd440750648fb704169a1d557905c2bbec12a4769078affcf34f6a32bc2dbfeb3c1e583197c1b97f55e6006edbb59cd34ba34577c2b73ff8ab2c81e47611c37404272a3b8878cce6d1cdf753669aa2771c01c005a8ce2be5b41ad96413c89d329b1078a006ac7121d6955b7dea3a20da53329c67461caad63f910cc219133b74404040fc3c37747ed94489245dac089f1c437f338e2d7800d36c0b9912028bfda9b437c0186d18d7de57dbb1dea2ff881da5517b9710d278840190de33aaf2852d72773b50a6678d9fc30b90dc840c981aaf96e3f64a146c2941eb87aff5b9c759a9aa30dcd4ba304b0701ec2b12bcb69e8dce17320b51fe353eabb53a5127a1fa22f857b0e5d394c290388a3d52853413250f7f0ec1bf0149a5bd676daf58180cb5570cccfe170735c1f7a9c63d7162d8194a3e737674a635be24668f57c05f4011b03f27fc25273079d65cfcf50ed09a436d42f6d8157eb4caabf0363996103aa61efcc4f0b8bb57847478b1aeac8f27728b2d69333cd78baf3e092a20c4afed8722317ea2fbebf3e571468caa09ddca988ce24c22061de742d798ae9a5a950d66f4717c57231462e2fffe96ded77c899dab4b28feaf717f687a78a276fa9ee106b5db8d8402dd146192b8517c2ba5312480740bd3f8d8e534abf91d8353a415f54cdb96223be0df3319f0c1e8725cb6468f23ca83f90beec4898d4c52cc7b915307c7854cab24d092b418192d24e810135b89382c08fc05adfd9faa003b56ef2ae7610ebb19b48f0de3eaabd4d1aabf9dac1a75558ae57c1605452572f99d874120b4bde3d2e078e42d5dd05527d36022e8a0ecfe3741b18c15dac69b280c24a1a3c1d2bddc2c18c220250608e58222ef1caf6574fdbc0ab1b730966189e8ad7fa412ff22a282cd8c1e19beb7040043230ee4e8beab970875c9e768401e1df4f4c4055b0918d7dbeea64e2351117696cd6cad4fa84cd72f4c4713c73411728cf24da1f7aa207616dae654a2c3515dd17d6e0be8386a426e2123bbdb9cf07be58210bcab7052c21d6e69099516226fe79528cb091e330f5ceacc2bf34dd61c00fe06a790e36bd753ca7658203beada10e2ceaee867c53f267170f7c31bb2425a974eac2fafa998cf013eda13a6984606861eddab132743066a8583d0559c2b4459ce78ff2f85d5fc8df23057e239982b456862c01fe2181f249967af080711f6587a9986b082f9e1ea06532d4bdf3b212410b28381bf25d1c6399dd46e10e23789ebe99d8c7c238df26b8d6e17d461f1f7be278973d8e830f1f2ad618f164412035226e11dd5dc10eed2b6dc6710a8615237cadd6087cda287dedc77b9614c1ca5ca319e0863945b93c4f8b273c338f5182fb6e52481ac2544d4008567733ed4f3aeecaed4145e27df77a055e56acb0462745cdea18e3a14f50707a3ffab3fc6ec06a5223c22a5e24ce962fadaca5fb9bc493f963064eb4fde3318cf2adadbe0c6be5c22eb44d990c939d273eec0f366eb0b5a7018789edd6b0a5c6d775abe4b4361a50fd703f676105b477c42a25271d38d890ce82b749a760b4e93245dcaeb331cfdbf7b34c2aad34cb294c3e0273551e1b2c58fbc9897ef89a05358a2be6618852f6dad463e23c5b0d562b608d07fd394613f2861e849834780f067b55ba322ac6c1b6c5451dc6e4fc2f2895286770aa44f25185f975836b999420463454a05240a88b99c908fc2acd4d55d4b942b39553fa69bb46e4612c46b6a4c5c60a8a92b1ee997b74f28335e92c79977c651e3e8979b5a7b2cd3e1c6dff064036fbfd867df65f7795a18bb333a68b576420d3389464d6f0341e23950a0970c4d4752076e40e9b6a67bb62632d5ec1078ac494ed296849d3da30ac475156f745ab6858797a6cac2ea960d3674af628fd73243741e7ac332e660d1423c5e95526eb340787b1e7c78bf8f3f10ce3b7a8dfe7ebdb9d1f55574aa5b341bcb0fde57064abe83fe01527f288ba9d6b99d56fbaea94474f6204284e04ca8a959813afee14d2a4e5c8380c50e5e664bc3af7339ffe0a11b856c7c0d74737675d5eecb09ab58eef1a43b0fb80231815e89e6e5214f94696ab7b79c37df7e66c9508132f64f731e1712f2bc12bf3260b1a032833eae5e5856d0b482b28fe8311ae0b011eded89c9b40ac9a571268c1bb6a8a347111c64c1e7a3453ffdb52be1f797baf3da0182f7c765274ea0f36ee5b72203245a45425f71be43656b52cbb09a36c83d6f5f5daff83b717aa8eb55827274cafada3f6f18f9d47658490cff8b044e28af1dcfae2e4a1930a6e5d8d8adbaa537395fb2287f89b8014ed163ff5d62399d564559df457c0604e09a5e4b147dee3eee9f4a7d25b9de7e19db0df5e6a4232704a1a9f9fca629f607568b565d03e0c5d3ed515320a7d7697bbc3998d4718a56c3c0f4eb13be0934d7b0c02f56b3286ab2bb20e0bac0b469bacc40aa210b0eed3f87efa5bcfe9a1554d2760344179ec3373bc6cf56b278422b2e0b08c5a842a09a389a517104c2ec10e7046c5680ede349746464946e032fd205088eb2d55ffaa7ba566669e5f22c0edc8e44ee8ecc6d183f6e3cbc5cf70bb2f31f4981ba129c4f70caedeb8a9097eb1caa8b0f1f2cfe51a525b131889fd6cbf5d5cf475942653efe49ef4780c94a6dd1a325aace3ea6ee155fcce1a790669faa37cb01fe6b3c4386a7042fddca91c7f54d2a25804815addef1932e18129a921e4d590f99835db34945dff4cd60a94104611b2c6b4395b6ebe3fd6e1b10ed28edb75c9899628628429091db9bb643d22b3b78a992ad04d4c23fa294f5b36eb9821c043b11b306b1c8f5df64b8c216d8e347fa70ea9855d8ee21242aa31edcaa351f2eac9da8d9c21888f10db3460917298c61448947b5da9a294b6cf6714ee9956a7ad22c7fb8ecf4dd4356389912d7e43689ed4cbc351bf74ebfc1119d8e63ee5af50e4f100f6357a28c43df4fb32e7235700b21fc95dafdcf1344bc3f234a7b04eba5ffdf4edc4f3eef654c523547f271e175effc99764b531bd6ead6093822fd951d32792270ef98579446cedf1793192d7234018f9688c8f685de213ffd2ac10db45c488574fd3c919b69998d338d73dfdb74547e37e2b86ec9d933b8f25df3ec2f7a83e2b3769a0247874bb7d301b655073dd09bd5da6b102b83ad0515362a98eae320035a2e91752eaafa93f907cd3072295091a60c361b894326ebe1e6d93eaea401ad0782d82dca44a92623258b7c229d638cb7136ba998d51cb1c550c250e2dee01b76df854cf9663b48ffb9b4b12e0a9722640dd598140aa253ef288e6794ec29fbbcfbacfbae5b36e260e9e19f0cad02473b3a17094ecc116ad1297b0b284dd296de754f402807a8500a5ed76b7c83d318c340a3d35d787c343a507134c6c5daa443cca1bcf1d916e4e5b667dc13e9af8161ef1c54a49b5281d236ec9ae784c050f05176b48116761c5ca7a5d01ce15aaa3aaabe7e2a2b306583094cbb292de9937c81d1ffff9313a18a95739eba6e11620813337bb9d7fdeb521accc853627a24127cde8aedf61574fa6260501922f8dde24bc1cf8d31358cb23660ccc9f58703eafbdc3ad8e9ec77e052f205a9f249b888fb704638db21d213ea82141595138bcf57b537455f18feecf0c97be38fd3c4ddb6722a32bcc4e4cb0bbdffc2e10158eb59ed4a40e6118b3727230f422d41f2e9ee1fc7aecd37e12770089e3cb576d46fc43b14bc84d538945d9acf847ff3ad30f7b0ac46994681e564c9a997ec3cb00da093fa1bf68b541870ea5e71830af69b928c72de9f677ad330ab762b33e912d9047b6023e44e80f417a6e7ccd42aab4ecf74bb60b039c08761935bcfec2026e9699a13ca7c50785804fab2ab15b75fdedf9db8ead5a"}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {r8}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r6}, {}, {}, {0x0, 0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4, r7}, {0x0, 0x0}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000058540)={0x8, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r15}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {0x0, r3}, {0x0, r7}], 0x0, "f6550f90620907"}) mq_timedsend(r2, &(0x7f0000000100)="f3c6036b481b388e536fe7825c657b243364d2872e3a1279e501c9e75f40c72ac55df190bcd0c0e07d8a33f7fdeeaf2291e91ec90282b1ad413e4854b63897e50d2d6772ef6f6368fa49c2c3a45fd2fa07cb6d933f79272f4d563a893a91d0b7d2aaa32a16a866b3cf2e864b2c3bf604c7dbadac56411408a8a8cc4224f7ab0688cbcee018e5d4a6bdfaac8f1798e43464a86b9a2622dace7e88b236f326a8baf8a8e0fd227b7a134b3ba4da7730951edf4b23070a3c5f389f0ad0f02d40949b63da2f229a500f3e6bf8389e1956dd43e36074f1062f3b0862d3ec49", 0xdc, 0x240000000000000, &(0x7f0000000200)={0x77359400}) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x7ff, 0x5, 0x1fc}) ioctl$AUTOFS_IOC_PROTOVER(r1, 0x80049363, &(0x7f0000000000)) [ 2129.743110] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2129.743110] program syz-executor.1 not setting count and/or reply_len properly 03:43:05 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$SG_SET_RESERVED_SIZE(r2, 0x2275, &(0x7f0000000000)=0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SCSI_IOCTL_SEND_COMMAND(r4, 0x1, &(0x7f00000000c0)={0xf6, 0x2, 0x8421, "ed4fb36cce524453475ec808af434277e0331f80b08552597ac8391e931abd32844ae1c5467233e1f619e9bfc0aa45fd8a5aa793382566c6aba676445f479106867a474b3b9987784e7042a54900eb0e55c2c417fb302996ba189c6af71482dd5df6f3eb222b56daa986272c6d91fa5318b53ec9b5433275ffbb509d621faa8ba36b0dad603a6cb7aa54a9b5f4e004a19c4a3c9a7cbb3a254468125cf6baf57bc2275f457675ff19a9b4938b6eb550f6b84bf5fd7e96f63f20fa4cc895acb4565f41915207a65047ada6464f79885773cfdbda800c913f388d744adfcccc40c97867587e7550a29b484e2be9695b0ff689fe5052a5b3"}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2129.783536] FAULT_INJECTION: forcing a failure. [ 2129.783536] name failslab, interval 1, probability 0, space 0, times 0 [ 2129.785097] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2129.785097] program syz-executor.1 not setting count and/or reply_len properly [ 2129.786067] CPU: 1 PID: 10833 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2129.791139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2129.792930] Call Trace: [ 2129.793503] dump_stack+0x107/0x167 [ 2129.794296] should_fail.cold+0x5/0xa [ 2129.795125] ? xas_alloc+0x336/0x440 [ 2129.795931] should_failslab+0x5/0x20 [ 2129.796746] kmem_cache_alloc+0x5b/0x310 [ 2129.797623] xas_alloc+0x336/0x440 [ 2129.798389] xas_create+0x34a/0x10d0 [ 2129.799213] ? kernel_text_address+0xf2/0x120 [ 2129.800177] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2129.801297] xas_store+0x8c/0x1c40 [ 2129.802069] __xa_store+0x164/0x2d0 [ 2129.802857] ? xa_delete_node+0x280/0x280 [ 2129.803748] ? trace_hardirqs_on+0x5b/0x180 [ 2129.804678] xa_store+0x31/0x50 [ 2129.805387] __io_uring_add_tctx_node+0x1cf/0x520 [ 2129.806418] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2129.807544] ? alloc_fd+0x2e7/0x670 [ 2129.808332] io_uring_setup+0x1fbb/0x2980 [ 2129.809225] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2129.810306] ? wait_for_completion_io+0x270/0x270 [ 2129.811370] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2129.812489] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2129.813592] do_syscall_64+0x33/0x40 [ 2129.814385] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2129.815489] RIP: 0033:0x7f00b63acb19 [ 2129.816284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2129.820225] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2129.821855] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2129.823382] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2129.824903] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2129.826424] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2129.827959] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2129.837565] tmpfs: Bad value for 'mpol' 03:43:05 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r2, 0xd8499488957a772f}, 0x14}}, 0x0) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r3, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(0xffffffffffffffff, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x70, r2, 0x300, 0x70bd2b, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0102}}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0xffffffffffffffff}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x2}, @NL802154_ATTR_IFTYPE={0x8, 0x5, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_EXTENDED_ADDR={0xc, 0x17, {0xaaaaaaaaaaaa0302}}]}, 0x70}, 0x1, 0x0, 0x0, 0x4800}, 0x90) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r5, 0xd8499488957a772f}, 0x14}}, 0x0) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r6, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r8, 0xd8499488957a772f}, 0x14}}, 0x0) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r9, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[@ANYRESHEX=r1, @ANYBLOB="f53d01f5676ad68a30037cd4d1", @ANYRES32=r6, @ANYRES32=r7, @ANYRESDEC], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xf5ffffff, 0x0, 0x0, 0x0}) 03:43:05 executing program 1: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e21, 0x5, @dev={0xfe, 0x80, '\x00', 0x18}, 0x9}, 0xfffffffffffffe35) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x120) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_NEXT_CMD_LEN(r4, 0x2283, &(0x7f0000000000)=0x29) fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$SG_IO(r2, 0x227c, 0x0) 03:43:05 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x14000}], 0x2) 03:43:05 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2129.958858] sg_write: data in/out 808464396/246 bytes for SCSI command 0x0-- guessing data in; [ 2129.958858] program syz-executor.4 not setting count and/or reply_len properly [ 2129.998952] sg_write: data in/out 808464396/246 bytes for SCSI command 0x0-- guessing data in; [ 2129.998952] program syz-executor.4 not setting count and/or reply_len properly [ 2130.032376] tmpfs: Bad value for 'mpol' 03:43:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xf6ffffff, 0x0, 0x0, 0x0}) 03:43:19 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$BTRFS_IOC_QGROUP_CREATE(r0, 0x4010942a, &(0x7f0000000000)={0x0, 0x1f}) mq_notify(r0, 0x0) 03:43:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x100000000, 0x101001) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r2, 0xd8499488957a772f}, 0x14}}, 0x0) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r3, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r5, 0xd8499488957a772f}, 0x14}}, 0x0) r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r4, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r6, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r8, 0xd8499488957a772f}, 0x14}}, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r6, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[@ANYRESHEX, @ANYRES16=r0, @ANYRESHEX], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:43:19 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x15000}], 0x2) 03:43:19 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0}) 03:43:19 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 54) lseek(0xffffffffffffffff, 0x0, 0x0) 03:43:19 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080), 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x1) fcntl$dupfd(0xffffffffffffffff, 0x459adb3eac3de3d2, r1) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r2 = dup3(r0, r0, 0x80000) sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r2, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100000}, 0x62, &(0x7f00000001c0)={&(0x7f0000000300)={0x11c, 0x0, 0x200, 0x70bd2a, 0x25dfdbfc, {}, [{{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8}, {0x11}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8}}}]}, 0x11c}, 0x1, 0x0, 0x0, 0x4000800}, 0x24000810) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:19 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x227c, &(0x7f0000000080)={0x53, 0x0, 0xfffffffffffffe18, 0x1, @scatter={0x1, 0x0, &(0x7f0000000000)=[{&(0x7f0000000100)=""/4096, 0x1000}]}, 0x0, 0x0, 0x0, 0x10005, 0x0, 0x0}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$AUTOFS_IOC_FAIL(r2, 0x9361, 0x8) openat(r4, &(0x7f0000001100)='./file0\x00', 0x531300, 0xd) [ 2144.179692] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2144.179692] program syz-executor.7 not setting count and/or reply_len properly [ 2144.179797] FAULT_INJECTION: forcing a failure. [ 2144.179797] name failslab, interval 1, probability 0, space 0, times 0 [ 2144.184382] CPU: 1 PID: 10889 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2144.185832] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2144.187565] Call Trace: [ 2144.188127] dump_stack+0x107/0x167 [ 2144.188887] should_fail.cold+0x5/0xa [ 2144.189691] ? ___slab_alloc+0x155/0x700 [ 2144.190540] ? create_object.isra.0+0x3a/0xa20 [ 2144.191526] should_failslab+0x5/0x20 [ 2144.192327] kmem_cache_alloc+0x5b/0x310 [ 2144.193179] create_object.isra.0+0x3a/0xa20 [ 2144.194097] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2144.195167] kmem_cache_alloc+0x159/0x310 [ 2144.196039] xas_alloc+0x336/0x440 [ 2144.196785] xas_create+0x34a/0x10d0 [ 2144.197576] ? kernel_text_address+0xf2/0x120 [ 2144.198510] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2144.199609] xas_store+0x8c/0x1c40 [ 2144.200366] __xa_store+0x164/0x2d0 [ 2144.201132] ? xa_delete_node+0x280/0x280 [ 2144.202011] ? trace_hardirqs_on+0x5b/0x180 [ 2144.202926] xa_store+0x31/0x50 [ 2144.203620] __io_uring_add_tctx_node+0x1cf/0x520 [ 2144.204628] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2144.205723] ? alloc_fd+0x2e7/0x670 [ 2144.206491] io_uring_setup+0x1fbb/0x2980 [ 2144.207380] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2144.208435] ? wait_for_completion_io+0x270/0x270 [ 2144.209459] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2144.210552] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2144.211641] do_syscall_64+0x33/0x40 [ 2144.212416] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2144.213479] RIP: 0033:0x7f00b63acb19 [ 2144.214259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2144.218114] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2144.219703] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2144.221195] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2144.222680] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2144.224190] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2144.225670] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2144.238138] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2144.238138] program syz-executor.7 not setting count and/or reply_len properly [ 2144.240728] tmpfs: Bad value for 'mpol' 03:43:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfcffffff, 0x0, 0x0, 0x0}) 03:43:19 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x1, 0xa1, 0x0) mq_notify(r0, 0x0) mq_open(&(0x7f0000000040)='-@\x00', 0x40, 0x119, &(0x7f0000000080)={0x9, 0xd035, 0x7ff, 0xffffffffffff0000}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0xffff9a81}}, './file0\x00'}) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) 03:43:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:43:19 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x8}}, './file0\x00'}) dup2(r0, r1) 03:43:19 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfdfdffff, 0x0, 0x0, 0x0}) 03:43:19 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080), 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:19 executing program 4: ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000300)={0x0, 0x0, 0x7, 0x0, '\x00', [{0x643e, 0x200, 0x6, 0x2, 0x3ff, 0x2}, {0x8c6c, 0x100, 0x7fffffff, 0x1, 0x80}], ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) syz_open_dev$sg(&(0x7f0000000000), 0xff, 0x440000) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:19 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_PROBE_HOST(0xffffffffffffffff, 0x5385, &(0x7f0000000080)={0xc2, ""/194}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SCSI_IOCTL_DOORUNLOCK(r2, 0x5381) r3 = getpgid(0x0) syz_open_procfs(r3, &(0x7f0000000000)='net/dev\x00') write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_SET_DEBUG(r0, 0x227e, &(0x7f0000000180)) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2144.396145] tmpfs: Bad value for 'mpol' [ 2157.667410] tmpfs: Bad value for 'mpol' 03:43:32 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x105901) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:32 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r3, 0xd8499488957a772f}, 0x14}}, 0x0) r4 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r2, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, 0x0, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r6, 0xd8499488957a772f}, 0x14}}, 0x0) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r8, 0xd8499488957a772f}, 0x14}}, 0x0) r9 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IEEE802154_ADD_IFACE(r7, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r9, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) write$binfmt_aout(r1, &(0x7f0000000480)=ANY=[@ANYRESHEX=r4, @ANYRES32=r6, @ANYRESHEX=r5, @ANYRES32, @ANYRESOCT=r5, @ANYBLOB="450018b2c6597a362b4ff87652ba4525e45f2b208a49d82081429089d5724c064604cb33ecef312aca01a2d89fc64f54c26f92720c327c0cc429a1cbf6ed6196a5991a029a3d9e242893bbf4663f47761107b88074052e083c4716a8943ea51294276b50def8dee91ead9e7ecb186d759b023fbdc2276affab5a68c419f0692c7150c45627cf73932af2077b6899c38bfa0e2246ad7fb6cddf8ba77913dd7905260cee2d3625e2555ac446a6fd6d2316", @ANYRESOCT=r6], 0xfffffffffffffeaa) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0xfffffffffffffffc, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:32 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1, @thr={&(0x7f00000001c0)="5a364b333e11c182e7662bc165ec94e1d863bfde86788374a0652ef9e21339a75cff482a4722bfa1927258b1941bf8d34152b080d9517fbca7e4f2086ecb6ad278bcc6019aea9e0058033cea299df9467e37f07e90d7e5600fdce69e655baa7247c1ac36e65638554d6eb8220651fe7111c1212be9f64c40265e7370df988fd4fd146b6fe4cd9e2026ce93b987c835d6c610d32a39d5cfb4fa2de3fe9b0b05b4057b84b3250407e0aadb302af060884ef11b48b61e60ea9f49331b54396b9c7e5cd072a29728b64b5511cb2ae63de7daeffbd105c16a660f992141da74931442bf800b13588331ad5d591cbda14d534f25314de4ef5c700c5711d7953e3befa1f7b499e306d016a5abe967cca4d1bb2b51959f8559a2549702a4164e20a6a0dc5a875e9afb8ac8b491668a584e694d8f6869ae9730fdc9fb0c8dc77efaf861ee163b9c36a7f6be34fe33d024895a398ddae4857e1ae2050875791a84b142c77d6b921ffe0b72405114505d62d1fe259649908e34d1dbf6a59030dfd8740103f602880692bcbaf6bc7448b2df181a9bd361d0bd0c2550f170871ce7e5d87d7ef64834b1c8e9bbd4fdc0d93204ac28f4d159f594c270f9030b8d6e2a266da910fed3567a71c2dcae6bb9f0569b8ea76d1c92aa83eb25b99ade30f153ee10664d4c1e3218d07cad78ddadca858acdb43e519b1f941b679c189be69ad4dbd2880fcd6fae69046e8f35136ebdff6c23fb07d337abc11f8210eca8cc7e1583ffef6c3ac3a090e3faabdb10decd0d8ca7053fcc90e105e1ca14b23902640aa14d985eda596f88e883b526beab7c466cd48801e13b61a50b4c0399be3b8bebf3fd4c3e94c32617c48fdc65ed6ea03b80714623a0e12b71a5778fe6e1b643493f750ba5829692bbd656907d8917e8e273f36dd44449b308dfe33c779ea1665121ab82ec149028d158f7c4514973c4071082d1c4fc2d39b342a0cf1be4d9a677975f579a3c92062c7b19a84f517a469131776b1b22c0f48164670f1cd5ca2c6036341e7b6b30fe1967b9c4dac0adc3aadab7463d135df15c51a64b62720a90c82196d36944cd1fd3b91f6e7dc37717c4c43b5ad701e8b7658865592e7e478a1239d7bf7a64a3aa4d5947385c42ba98a9fcc1e7ca5c3595a5524e60bb75321fa8811fbc47fe4d9cf55d64fcc110931e22abeea1e7840ba6537744f4c27ed0821185a8c429f995d544abdb62a945a7a3578fc5b878902a63ab7066e474689285ef5b2612227e273fc66c3040437847419b98a9c39a0eeb442aecd3208c8916df66dc6c545beb80e6e9b0d6a27175d2718bdb7ce510c7f816a6ec3bfdccc6c28e48b8524a4f308f4c37bfb4e12030343709499585eee4cd203afd56104edf82591e05327b621daac6863e1f5ecb901e7c0c7851d0f2dd3bee0b3fb7aa3462dd94a88358353d85480eba460c7b49224b3c95754a8ba4c23a62e144b3237a0a31a13d326e4c59aa576329286413c5e76e9e26a0e045db0c0e26957313e1168c330e87ba630e34e88e4d652100c73d6840b8aa76355e0de21ee1b75df97d98a8aa67faf434fe6e573375abc2067a07303ccfee3581b09761a556f4c6bcc70b75c3bd26577f31f23b30bb46a61c42f552369f11976065dfb3602c209080e27945dd51e2e930079ef37e732dada1fadf37055d4c3b656e36974c26f136b46f61ac00bd658828ba7ad4ee0fda36c8a0ea3b67fe0fbafe75ea305b00f2ae4e9ac2d7737e767f543b07847789f6918dd39965c764cc117307bfabd0b3a66a7a96fc6df76f9db8fb3ee582050d46020308f4a826e4a42b551c326abefc505b15275f23c9c3d4f5cde5c836c966ddfaed0274f451c2d2b59e896e199ed9c8903781e98f14cfd45bbf5bb10c0b278e4f38eda2c350dee83e01a02291daeb9f0b6d623a48f909d941499ea3db01f19bd7cc76400fbf6f2c364f0b00560e98fe101b35f84fba4e08c5f5fb143b0bf3b03bfe1909c50e6cbae73e498d28d0d60d9507d7b72772de203153a8642c50568a858c42f20c64fffdd18a188baa99d1ea72a16378b0b917e3f4ff8e67cb6d91d2cc985db4094f584d2a40a04aa4379a80411b3c087cc0575935cc21f4126f216c22ee92130a180f161f43ee4af3c9a175cab2195db0452e413966cff34091ba637c0dec0ccede824b199d0c05dd98acf981ffd0cfb7376f9df676a44dc1b7f6bc053c3657945ad20c6a7bbbc995570364340b3be2f74e6fc8043000a718e02517e7ee0311070b2148252bb139ecfa176645fa6c4f7f58f96140743e266aa09431ac86b68586848f7e23cded61de3de3364ffa468171b0fda19b82a9b558ba38c16224e01d67ede1efe80bd1082262a166c31d15a63dd396271df672321c7636f80d5c4540f7df1c555690618a820e08b3830224ea9c745ff431d0f96fbe1f4593f1eca994b47fa74d65a597ef0c2261578e93a3d378c676afcd5b33db7b5f7e419c83108f3f1cd2eeba9babd5543f90b2ed0568d8f05cfbf84627e1e1c866f64e17c49150620e9169a6a79d67406682f017ec6e980d8c440a73d417e0f4ed73e2c121ea0b36b546299c6c61d4a9c2a9a50aa0ff0dcb12d05260a5833f411e4d95f108a5a1a95c1b813c0cf0ac77cb8690927deb700976a9d9446311343efa40196a4eee157664fc24b65da7a8e466f1ef47d4e6da4e4959844b0895242a451bde23526f3bd23482b34025f0c2543182c8f9e30d6f3236c13cae44bcdd1449f0f09fb1bfd9f61bbcd428bd18040c0715416570978d3a00b95e9ef5333c8c74aadf7ffa4334aa0ca095443cd0507e571d56af27e4f84f03886d4261b9d2faffd39d56a89d69e1e5805ded16e95cac526d1348733a38011e3c034263ffd826aac9153f2ff8743df059cc835fb28b7b9a5168f07b3d410a7af28669350f69d4d1384f8874a177e865d96e4b131fbc178f6db4fdfe2a66cc8e0f7bf5be607344ca2ecc949db30926da28f0954ff07608e29417470b6556e6d89d54e80bff303e322f029d7e89b94f8bc1c3775069efcceaf3c1193a1da54ce501f39a5aab695fdb22f62c7d2c7a342156c3ff06d22a7b2ea950e95e34668942fd87e341cc09a2794969b7fdf5147b537fe7685f7da9d82bb036eb0b013f31ef7cfd4966e383a4a039c1c81cf51d12c97fdc2b8c57117a70aaf9d9c57cb5e4a7ae3c17edf2280ab619807a8f444be530f27178136adb349b6696ba6b4eda3d770c9d54604905d2e24a7a708db432181e739293a3ed81e62e5d4d18631995e89ce48b9d7cce71abc02e42549a10f2c1b2c7572b00251b8c3529c7e22c48193d5e14a7ca7fef9b1c96d00a370e8e69829e7dc916a193b5b3d47d1bd2fc75a46621d36f177630b9dcff31acdcd85cc864774244fc86724096c12247ef0b179645939535988f305edc40cdb5e30346545b920e9d60fc2f542b09802d962b8bf78d0473b76983461349c9c39b588effdec2a4c43993d4ed44d5280adbe6a36dfe8b252dc34b7993bca318451b84d92177a32e14325af00fc8ea95908096aff643676b4ecbe5c0b08257964ecd4c49014eea665aee6108af465a8c7f126388ff7682a76da0b535f17e24248c05487a4445f5fa4c355b6d64550ce824b0ea081bee33d17d1187c7e07af6910ddd475c97c4a1893229c86dcc4dc9c816dd6a39925ff5491f0ab9e4d2201b5fd37f6f809629ffbebc01bdb3db9ced89a9197d72478f87bfa2bf2c1579b9607ceabc4aca70b394bfee57ceca02ab532d672227191a664357feab7a0bef4711cf10abbc9082fffb1f02e048b74b48ed4af5cab40e6a12e26a0e045bc06f731f5ad514cb4a35b1d2b5f4080659f94ff6dde10aa6bee4e6b760f8ad4593042c76042ba759705cbd894ce9a414b56860a696da5f55a17f6d5ca521af8d065a6ea30d8cbcfec2292b64bd2f4ed2b7eb2bb000e6382c80af8a91e7ed3e2f2e1152c0a3f6370f599c7aca028fd50033dfc9aad55a771149b9763472f7969b3ff008f646aaeccde0252eb7b2aea89dded95beaa08ae7a3c3117c6c4fc54a16ba96d704e249916cae857890e7ba981d23bf07bc81f68deabe5bd3a10c5c116206b8ad7e37031aa632a460aefa5136631a9760e8bdca0320645f5950794b8bd39d3bad6c8170bcbc370cdb190aaf29aba0267b7d3a96f3d804aac05e0fc6cc5f385267debe542cd94278ecb15f3324a5ef7622489c75a71041ee9bd2a5250b7f3612d54e2889bde30387495ef9a5f533b8d39bed994b1bb37007a2511f818133441345a1734cbe629cf6da006a4382abbc5a8578243b22e88abab730d87498d119cb34f5749b3fc72c5f712e562181121c72e67bca7eddda7d5827a0f7c5da4f94ef82e1f0f0df5132c05da449a55287aa08da9e86c7409cc4248c9a067e93694d6030f1396ed630a412fbe2c73e2652c601f06383f5ad196b250720fd8870ce0fa1e42c49873e072f0351cdee41b77ec65cc595a2e8ee22c220d8322b0cd9fe44958ef1f59b115fb82801e282a213f9a0ea0576835edaf54e9701253815680e7ec042db50b906746e2daa7e1b11847f3bd440f088d7d29f21d2ffac531f603a1fa9d69f3258c07281f4835bc1fcf3d681e26603b54ab1d7fd6acaa05ca51f0023ffe56afe4507ab367002c25300ca397e8d018f963e00ccccafd9440e6f9f421b3079df4d38066d1d3b8c6d24e07af2ca68c112d67f42feab1216d2270366151749e9eba672d84d373be174899bd990b8f59619bc4f4681d1a01d03c6f83358e119ace72a43c602c6ef894ac954514b54791130d8719b57df2fa4e3d0056d556418c2945abb0506b5e6ef09afd388a4add84cba87c19988c1a538c3c584ddf76ecf520b3f8fb5ce48f0d88be0d4a9b8d79f802e7cdd3ed571349451a8cdb9ce8f77eee8bf14cb897ac728e9dfd1338bce867dc4d1dda4c4cf42cfb6da2c748b37e85378f4a37e04448180fafd8a827bd280919469367825d2da44fca64cd090122e4ee7747107e9e3d983d54f8651c0279e7c1f01f11d0c56f6cf12891f60038ce66cc0e4c3184244b960397832158fb93e781655f549475bb90e3292305fb004a0b6ea9c94634685f57010771c361ee9b3368336c1264855da8c01f60bcf1ea3fd960a667ab2e377aca0874648a3f0b36791d0224d2b50bc7d1f61be61266a16896f86cc1738c7b7515efa0452188ac74a938d123796835edd87e7cf8a231d9330ba3caa6612cc491f4a8168170b87ff496ed9d2802b7af2d58ade09743df7190891b99d530de2e86c175b8fcf1f7fd080db72de6c2d37ae82e72671509f422db2b2c64b10e5d3c82010bdf792aa3ae8fd7ef660e3c641241cb3ac07d788c7106072872f7b95314ed3bdc79fba46707b17a4d1464f675680e5febceab894cf81697accd907658b390075ea240d9e9bd7ccd7f597b66239144465b458d96d35388fddab6f1668ca3bde14cf2f8606e1936ba46c354d6c61b04f96cdb5971d591ece1e35c83e6d5cb9579ce001c1444eaca58d2d4966477f9250f1aef7e68bbe202c47df0929bb498b49ea44413853f1d2d89c45050f15e4dacd2485fd6b682fd3b1363affea85cdbf40511182a91adb122a49768cf1e7e46c662210799b70eca1ab31991c9882f1697c1f54335abf92712a38692b39abed118c50e861fc2484989214352de372e31e9e8b96f9faf44c1a796d3987e598a77901e3d541d489190a3a08be8515b20f31fca79481b18f6066918fef656d510765e32466945889d6e8690064", &(0x7f00000011c0)="e11da8cfde8d1d436255fe2d4baa7ecc35cd09b650179899d6842a44cc9916bba7bb953f633fdb553fb5ca2347e1e73c3aa580dbbb1cff16190fe15319de3c36503a3424e653065744f89aee1f26e54ac352886a25ff61c4d034196571f061a98c39f28969e10c7544fc99439cd552701603997b7c75a1e9589189c238da68559ad94bdd9ba2348a51e20a346cfc2633daa84b41481c52c8bed9a934aff13ed45e900dee68591d8c2353327c54e748e83f6f89ddddb559c5d51be0b005816401623f6f87553a7987eccf2b1f276dc367d1c1a5855b211d17"}}) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000000)={0xfff, 0x10001, 0x57a, 0x8, 0x54d, 0x4}) ioctl$LOOP_SET_STATUS(r1, 0x4c02, &(0x7f0000000080)={0x0, {}, 0x0, {}, 0x2, 0x1, 0x14, 0x18, "c99604f957a81c92511888d2724b668fe4d66a66a8ae8d0bbe35160256ade7bf543c93f39bd0442c12e7e1ad48c7988c5528ce86277f3c8b9fa3aa076f3f5742", "0a2305c5c10fb6e7fd02d2d1acfa555a15002bc5d3c41bb483829793052f9f80", [0x100000000, 0xff]}) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) write$binfmt_elf64(r2, &(0x7f00000012c0)={{0x7f, 0x45, 0x4c, 0x46, 0x20, 0x9, 0x1, 0xff, 0x5, 0x2, 0x3, 0x3, 0x6d, 0x40, 0xffffffff, 0x1c0000, 0x2, 0x38, 0x1, 0x0, 0x800, 0x1}, [{0x0, 0xed3, 0x401, 0x8, 0x5, 0x3, 0x589, 0x8}, {0x2, 0x195f, 0xffff, 0x20, 0x5, 0xb5, 0x4000000, 0x5}], "88d7d0781bb08333933f74db882dc192488ba7e25e05c139fd6728eaeb804a5dfd315579d55d4fb74a201cb31a4c8f6d4d8012c05493ca1793e540bbd16b5eac2c0da44614c9ee572ace873a282d1c1d8fe8662abcefaae46f560036bb8ee0f2a239502b4e07287144c64a31e6f3c665b54c255c26117c5f49dc4a48740b8e6183f9357aa80bb7d6abe67fb791399a39a625ea54b515fb95e09e51e7aa501f640f39f90a855e2ce8be283a8db25a3c03c938dea7792575ea95c56cad2987414ae5f8b94dd1de9320a20650bad51e94dd6e2b5653a2833b44e1018a16dedf4e3fe5859dbc7b89eb54ecb4d2580d03a34d", ['\x00', '\x00', '\x00']}, 0x4a0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) r4 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r4, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_notify(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x1d, 0x4}) mq_timedsend(r3, 0x0, 0x0, 0x6, 0x0) mq_notify(r4, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f0000000140)={r4, 0x2, 0x7, 0x8}) 03:43:32 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 55) lseek(0xffffffffffffffff, 0x0, 0x0) 03:43:32 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x16000}], 0x2) 03:43:32 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080), 0x0, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:32 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$BTRFS_IOC_LOGICAL_INO_V2(r0, 0xc038943b, &(0x7f0000000080)={0x8, 0x8, '\x00', 0x0, &(0x7f0000000040)=[0x0]}) r1 = perf_event_open(&(0x7f0000000100)={0x1, 0x80, 0x7, 0x4, 0x1, 0x6, 0x0, 0x8000, 0x40000, 0xd, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x6, @perf_bp={&(0x7f00000000c0), 0x9}, 0x111, 0x5, 0xfffff800, 0x6, 0x13, 0x2, 0xfff, 0x0, 0x8dd, 0x0, 0x9}, 0x0, 0xe, 0xffffffffffffffff, 0x3) ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r1, 0x80489439, &(0x7f0000000180)) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$F2FS_IOC_GET_PIN_FILE(r2, 0x8004f50e, &(0x7f0000000200)) mq_notify(r2, 0x0) 03:43:32 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfeffffff, 0x0, 0x0, 0x0}) 03:43:33 executing program 2: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) close_range(r2, r0, 0x2) ioctl$AUTOFS_IOC_PROTOSUBVER(0xffffffffffffffff, 0x80049367, &(0x7f0000000000)) 03:43:33 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000080)={0x100, 0x30, '\x00', 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) syz_io_uring_submit(0x0, 0x0, &(0x7f00000000c0)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x4, 0x0, 0xffffffffffffffff, 0x0, r1}, 0x9) [ 2157.730605] FAULT_INJECTION: forcing a failure. [ 2157.730605] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.733002] CPU: 1 PID: 10944 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2157.734447] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2157.736306] Call Trace: [ 2157.736850] dump_stack+0x107/0x167 [ 2157.737619] should_fail.cold+0x5/0xa [ 2157.738415] ? xas_alloc+0x336/0x440 [ 2157.739196] should_failslab+0x5/0x20 [ 2157.740016] kmem_cache_alloc+0x5b/0x310 [ 2157.740869] xas_alloc+0x336/0x440 [ 2157.741605] xas_create+0x34a/0x10d0 [ 2157.742393] ? kernel_text_address+0xf2/0x120 [ 2157.743330] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2157.744445] xas_store+0x8c/0x1c40 [ 2157.745200] __xa_store+0x164/0x2d0 [ 2157.745957] ? xa_delete_node+0x280/0x280 [ 2157.746836] ? trace_hardirqs_on+0x5b/0x180 [ 2157.747754] xa_store+0x31/0x50 [ 2157.748464] __io_uring_add_tctx_node+0x1cf/0x520 [ 2157.749474] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2157.750584] ? alloc_fd+0x2e7/0x670 [ 2157.751365] io_uring_setup+0x1fbb/0x2980 [ 2157.752248] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2157.753370] ? wait_for_completion_io+0x270/0x270 [ 2157.754405] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2157.755515] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2157.756576] do_syscall_64+0x33/0x40 [ 2157.757347] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2157.758404] RIP: 0033:0x7f00b63acb19 [ 2157.759184] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2157.763009] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2157.764699] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2157.766334] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2157.768150] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2157.770017] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2157.771925] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:43:33 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xffff0000, 0x0, 0x0, 0x0}) 03:43:33 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:33 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f00000017c0)={0x0, 0xffffffffffffffff, 0x3d, 0x3, @scatter={0x6, 0x0, &(0x7f0000001680)=[{&(0x7f0000000300)=""/185, 0xb9}, {&(0x7f00000003c0)=""/121, 0x79}, {&(0x7f0000000440)=""/120, 0x78}, {&(0x7f00000004c0)=""/203, 0xcb}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/180, 0xb4}]}, &(0x7f0000001700)="acb549b39533460d65cfe006cb3df707532d3c531023d350cc32000b73f322948eded709c96a7c5a8e79d016cbfea2da4cee45aeb2464fc0e4e3713b6b", &(0x7f0000001740)=""/57, 0x6, 0x10000, 0x3, &(0x7f0000001780)}) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000000000)=""/59, 0x3b}, {&(0x7f0000000080)=""/8, 0x8}, {&(0x7f00000000c0)=""/120, 0x78}, {&(0x7f0000000140)=""/205, 0xcd}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) [ 2157.875558] tmpfs: Bad value for 'mpol' 03:43:33 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 56) lseek(0xffffffffffffffff, 0x0, 0x0) 03:43:33 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfffffdfd, 0x0, 0x0, 0x0}) 03:43:33 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x17000}], 0x2) 03:43:33 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x7d, &(0x7f0000000240)=""/125}, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0}) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000000)) [ 2157.982158] FAULT_INJECTION: forcing a failure. [ 2157.982158] name failslab, interval 1, probability 0, space 0, times 0 [ 2157.984722] CPU: 0 PID: 10977 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2157.986355] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2157.988229] Call Trace: [ 2157.988753] dump_stack+0x107/0x167 [ 2157.989488] should_fail.cold+0x5/0xa [ 2157.990251] ? create_object.isra.0+0x3a/0xa20 [ 2157.991180] should_failslab+0x5/0x20 [ 2157.991950] kmem_cache_alloc+0x5b/0x310 [ 2157.992766] ? mark_held_locks+0x9e/0xe0 [ 2157.993561] create_object.isra.0+0x3a/0xa20 [ 2157.994434] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2157.995427] kmem_cache_alloc+0x159/0x310 [ 2157.996267] xas_alloc+0x336/0x440 [ 2157.996978] xas_create+0x34a/0x10d0 [ 2157.997729] ? kernel_text_address+0xf2/0x120 [ 2157.998620] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2157.999676] xas_store+0x8c/0x1c40 [ 2158.000398] __xa_store+0x164/0x2d0 [ 2158.001118] ? xa_delete_node+0x280/0x280 [ 2158.001957] ? trace_hardirqs_on+0x5b/0x180 [ 2158.002813] xa_store+0x31/0x50 [ 2158.003474] __io_uring_add_tctx_node+0x1cf/0x520 [ 2158.004436] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2158.005469] ? alloc_fd+0x2e7/0x670 [ 2158.006244] io_uring_setup+0x1fbb/0x2980 [ 2158.007082] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2158.008130] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2158.009169] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2158.010202] do_syscall_64+0x33/0x40 [ 2158.010956] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2158.012047] RIP: 0033:0x7f00b63acb19 [ 2158.012810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2158.016433] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2158.017936] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2158.019372] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2158.020780] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2158.022196] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2158.023598] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:43:49 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:43:49 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000000), 0x6002, 0x0) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000080)={{0x2, 0x4e23, @empty}, {0x306, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}, 0x60, {0x2, 0x4e23, @private=0xa010100}, 'vlan1\x00'}) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:49 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = mq_open(&(0x7f0000000000)='^\x00', 0x2, 0x7, &(0x7f0000000040)={0x9, 0x422, 0x4, 0xffff}) mq_timedsend(r1, &(0x7f0000000080)="24bd85c38e8137de29f55e1db916998c2ed2de94fcbcf46a6ed872df1f56fe8eb25067c4292f9ff5c903aff7dda6", 0x2e, 0x1ff, 0x0) mq_notify(r0, 0x0) 03:43:49 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 57) lseek(0xffffffffffffffff, 0x0, 0x0) 03:43:49 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xffffff21, 0x0, 0x0, 0x0}) 03:43:49 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000080)) r1 = dup(r0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001700)={0x53, 0xfffffffffffffffd, 0x7a, 0x3, @buffer={0x0, 0xf6, &(0x7f0000001480)=""/246}, &(0x7f0000001580)="8d1489a18e0923cfe8e990c6cde47767642563ae817a5fdc7b9fa2b8722668641591821ab59cc27928551409dfa5ed79ff5a9414f6f9edd3164d1d3a968a5b1d5da7fa37e71046192a3d91bf8748010c200ab034cf9bc4177c9c188738412b48c8442759790672a36129c70cc8ba703d1444429ce5cfa4183976", &(0x7f0000001600)=""/154, 0x326, 0x1, 0x1, &(0x7f00000016c0)}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x210200, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendfile(r3, r2, &(0x7f0000001780)=0x104498ae, 0x1000) readv(r2, &(0x7f0000001400)=[{&(0x7f0000000200)=""/85, 0x55}, {&(0x7f0000000300)=""/6, 0x6}, {&(0x7f0000000340)=""/111, 0x6f}, {&(0x7f00000003c0)=""/22, 0x16}, {&(0x7f0000000400)=""/4096, 0x1000}], 0x5) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r5, 0xc0189379, &(0x7f0000001800)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r3, @ANYBLOB="00000000000000002e83bfb0c595065e62d1632f66696c653000"]) 03:43:49 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x18000}], 0x2) 03:43:49 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5386, &(0x7f0000000000)) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2173.985498] tmpfs: Bad value for 'mpol' 03:43:49 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfffffff5, 0x0, 0x0, 0x0}) [ 2174.058318] FAULT_INJECTION: forcing a failure. [ 2174.058318] name failslab, interval 1, probability 0, space 0, times 0 [ 2174.060883] CPU: 0 PID: 11011 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2174.062363] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2174.064152] Call Trace: [ 2174.064729] dump_stack+0x107/0x167 [ 2174.065521] should_fail.cold+0x5/0xa [ 2174.066321] ? xas_alloc+0x336/0x440 [ 2174.067126] should_failslab+0x5/0x20 [ 2174.067986] kmem_cache_alloc+0x5b/0x310 [ 2174.068867] xas_alloc+0x336/0x440 [ 2174.069671] xas_create+0x34a/0x10d0 [ 2174.070496] ? kernel_text_address+0xf2/0x120 [ 2174.071476] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2174.072607] xas_store+0x8c/0x1c40 [ 2174.073384] __xa_store+0x164/0x2d0 [ 2174.074184] ? xa_delete_node+0x280/0x280 03:43:49 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x40, 0x0) mq_notify(r0, 0x0) [ 2174.075085] ? trace_hardirqs_on+0x5b/0x180 [ 2174.076209] xa_store+0x31/0x50 [ 2174.076931] __io_uring_add_tctx_node+0x1cf/0x520 [ 2174.077980] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2174.079104] ? alloc_fd+0x2e7/0x670 [ 2174.079914] io_uring_setup+0x1fbb/0x2980 [ 2174.080824] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2174.081920] ? wait_for_completion_io+0x270/0x270 [ 2174.082974] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2174.084113] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2174.085219] do_syscall_64+0x33/0x40 [ 2174.086033] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2174.087123] RIP: 0033:0x7f00b63acb19 [ 2174.087944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2174.091931] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2174.093580] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2174.095109] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2174.096644] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2174.098172] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2174.099740] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:43:49 executing program 1: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='map_files\x00') getdents64(r0, &(0x7f00000007c0)=""/180, 0x200007d8) getdents64(r0, 0x0, 0x0) r1 = syz_genetlink_get_family_id$ipvs(0x0, r0) sendmsg$IPVS_CMD_GET_SERVICE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000400)=ANY=[@ANYRESOCT, @ANYRES16=r1, @ANYBLOB="2dcadbce1e98ace8da0b4dfec1f216461337bcd377ae8319be7dd63193f293a9864d5901d97776f5aea393a769f386f38fdcf7b5cae7ca2d1efcf542964995b5ec193128d1578333cb4d78d81441041bc4cbc14e5e8a001ccada686954329b7ec11f6967b95ff93274f1fdec7205b0f379bca9e23c137f904794ddacb808b5844bf86ac331e67c3bd6c1036702a1e873350d52d3a48437a0a395d0f1c34f6a71aedc6a2fb40409d04523d5a010cda5"], 0x100}, 0x1, 0x0, 0x0, 0x4044084}, 0x0) sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x74, r1, 0x800, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_SERVICE={0x40, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x4f}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@private2={0xfc, 0x2, '\x00', 0x1}}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0x8}, @IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}]}, @IPVS_CMD_ATTR_SERVICE={0x18, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x4}}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e21}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x74}, 0x1, 0x0, 0x0, 0x8008080}, 0x4000) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r0, 0xc0189375, &(0x7f0000000180)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) ioctl$AUTOFS_DEV_IOCTL_READY(r3, 0xc0189376, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x88, 0x0, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7fffffff}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x3}}]}, 0x88}, 0x1, 0x0, 0x0, 0x40010}, 0x40041) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r2, 0x227c, 0x0) 03:43:49 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_PMKSA(r2, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="58cbdceb", @ANYRES16=0x0, @ANYBLOB="00042bbd7000fbdbdf253400000008000300", @ANYRES32=r3, @ANYBLOB="05002001090000001400fe004aa3ba93aae01eb4bae11812ffccdfbd08001f01070000000e0034007afbeb11a89fda195c8700000600fd00ffff0000"], 0x58}, 0x1, 0x0, 0x0, 0x20008800}, 0x0) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:43:49 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2174.161232] sg_write: data in/out 134217692/246 bytes for SCSI command 0xa-- guessing data in; [ 2174.161232] program syz-executor.1 not setting count and/or reply_len properly 03:43:49 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x19000}], 0x2) [ 2174.177059] sg_write: data in/out 13/246 bytes for SCSI command 0x0-- guessing data in; [ 2174.177059] program syz-executor.4 not setting count and/or reply_len properly [ 2174.184874] sg_write: data in/out 134217692/246 bytes for SCSI command 0xa-- guessing data in; [ 2174.184874] program syz-executor.1 not setting count and/or reply_len properly [ 2174.185624] tmpfs: Bad value for 'mpol' 03:43:49 executing program 7: ioctl$RTC_AIE_ON(0xffffffffffffffff, 0x7001) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x2, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$AUTOFS_IOC_READY(r0, 0x9360, 0x2) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0xfffffffffffffffd, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000}, 0x0) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_setup(0x804ebb, &(0x7f0000001780)={0x0, 0x1b9b, 0x10, 0x0, 0x165}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r8 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x66e2, 0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r8, 0x0, 0x0}, 0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r5, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, r9}}, 0x0) r10 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r1, r5, &(0x7f0000000200)=@IORING_OP_STATX={0x15, 0x0, 0x0, 0xffffffffffffff9c, &(0x7f0000000100), &(0x7f0000000000)='./file0\x00', 0x10, 0x100, 0x1, {0x0, r10}}, 0x3) r11 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r11, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r11, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$BTRFS_IOC_FS_INFO(r11, 0x8400941f, &(0x7f0000000300)) 03:44:05 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$sock_inet6_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:05 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000000)='-@\x00#T\x9c\xcc\xec\xbb3\x9di1\x88$\x88\xccSat\xa7\xfdM\xe9\xce_\xd4b\x1e\xbf\x8dB\xe9#\xa6>\xd2\x9b{\x17(l\x16\xa9C\x00\x00,:%\xc1\xdfM\xaa\xa4O\xc9YOD', 0x40, 0x0, 0x0) mq_notify(r0, 0x0) mq_timedsend(0xffffffffffffffff, &(0x7f0000000040)="9b502589605cb327719a607aef3e129d562f3fc8bceb028060093883d2180b", 0x1f, 0x20, &(0x7f0000000080)) 03:44:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$FIONREAD(0xffffffffffffffff, 0x541b, &(0x7f0000000000)) 03:44:05 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 58) lseek(0xffffffffffffffff, 0x0, 0x0) 03:44:05 executing program 1: r0 = syz_io_uring_complete(0x0) epoll_wait(r0, &(0x7f0000000000)=[{}, {}], 0x2, 0xda48) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r2 = openat2(r0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)={0x6000, 0x2, 0x10}, 0x18) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000001180)=ANY=[@ANYBLOB="001000000010000081ffffffaeb531a8b4b2928fb18a14d85f6002befa8e7ed99dac514bc7fcaec1b1e2ac6883d78a203daee29b9410f0a128da65b5cf77f6928dac7e96cfd1d930a80332400f0534f8cd006044ce55899244031234ca7f1d91a99bf47cbb2fde71de00e231f91648f8e858bb660d5020b747a1c9265b0f54a57c8780e84894d731086134346fb96374c37c1b9b55048e7a05db2651e08cf951b70554d8164c03b7603b51c0bd9bafb93fd037e9c5303e8e2cb332b17b8c4ad50e842c0a8cefa1c0bae00265ff9b1f21011c3bb0730fee0721b92d347e722a3cea19dfed2fed222c055eb6a6a88b142fe9cd6b76fbe60b7d0780fdfc52a863924f16337da4ad5c8bb2331db002c81919f909266de1feaa4d8c590dc3968fe447d714ff118cc3e406a18516572f1cbd7483186edaa4977d38d41af88b92d20019d451b5479744991e6debdba139a4ea1c3c6dc9b28f7c09af95b17300e00b82142169ad72be32f6f4998a249c7eb7ab4069a462194d207de9891fc508cfc29168cd08884f643c37b4a6bcf3c1c04ee542f22cef6c609244446fa18868df92fbf44f6173e2870c9fa0056b82c237e003ceb6eb6f9250d82a7515d90a28ef4d30fc88093dae9023feb4409e8153f900adc92131dabb7e513a753cf3896a7d5f2175b6050aa11b4b6cdfe4c8d1058c9679a4a04cd4aa9571c361cb5ad01392621e121752bb30dd25889ec1db3adda87c71ff86e12fe0083089c759f348c831575969ce7952601785ef0e3236836dff162d79230b80a5d8d39d99fb80ef6321c9966e7795ff35fd19a216f8fc1819618024624078c25cb71e79bb479a25ceedadea7cd819ebcf82eea585ded23c21b512b437c6b3f85efcd30a56559b491f2bfd9048edbaef2916fbe22ecb358749e05ae3cf17b0a31c5f55dd5f8f0c72c339b6e072ef71c3bf3e3ac3ec48a2e2976e148bc9f5b0a64137109ee3a417a04d425571ac69ab682bc12e4a0976f70b043f38451855446f4bffb0da465509c4dd634ea62a50a119224f568243d67027f823e0d3e5f1d2a15fa5a9c571bb0a19b29186e730a9f424eaf69929239d1d1a8eaf421b5de34f3b80601bb3b552f48db569f2528083b3ecbbd0aaf043a75b59476351785b860929c670058c11c8606b01e02a53189202f9af92faffa2f8b12697ee35f97f3ce20bfb1c0897aa96f6f96ac1c412737974f5670914aa2bee654a289607c7e486ff86cdcd2c3b31dfec95d3b199598b4cc6c58522e1d9acdc6cf2783be87113615c9593c19434b648c4c11a1be073b820cdf83b61f9734b4a6baeab6723d31ddfb824523b48e9589ebba2c2a3f029ac32a32265732e05386ec9b41f04ed95da50ccc5b64b3e18d3283bffdac7d1a11321dd93d4873665810249ca842b48919857400e7ab5949bf2e55ed9078b1fd5234765b4286b444acadd3ecd519295559e1b198775c2210e3efda7450adbe03fa46620fecca45fd0f453d34786b617bb73b15d6e6b0d0a1f2d3730c5d6a685c62f6090ab4511dce570d99a65f89759cef36466ac8e21555ccbfcc8c5b9fa0d4811d1f713e821a5a75985d0d3a1e733c39955a855fe9793dc031f362d7c7ff070955dd85f9e52bd3b6e68625a94e9de127c97cc6b9d59bf7ad42ccbcf1442d256e9a9609292ad64aa2cb361dd229a3f43b430e329b059dab5bae570399c5952a0ac37cb88a641e1cdc82adbdc57d45728ef602b011f387e855ad3b7e8df1d9435839540f5dbb22d6de309af84df35aba0b8c4c5faf3296595f58d750c033b0bba800a1aff4db47881e494c7f6471c16e9cbd3eea6ec380a28eee27e8b0fa60442bf4a834448a40c2a843508ac854221f994e8d66bfd7c7ea525fd18b0aad55c420c15cb80bec28f4ef69e5e29e9b67a6ab80102ef51efd74ea07bf34cf77e7f8a78e88950a3284a79f9e8175774fb166a2b610d787304d55af94d13863d9439b3464c416425a887d7845f787d91cdf84bf79f879ecfa4dfce03ced3643bbe3cf6a57f907cfd98586272865363be493c5193cbb45cae9b450e4022accb9fe7acb3bc29264a33c40405a3203098d0a4203626acbe9855d27c13adb4c0af8df12ee375b625b12400122b61c6c63024c78ea897df2ad4b76fe6e4b6a8cacaa0bfa963c186bc005bed9cb0e0603c2174270f2999382e6c3b959ed1209f368a9a3845c31c6ef6531a1b3e4297b7969d8ffc3cde928b0f399087bce052bf35e37356e4341a717cabf334e200a86ec89cdbf266f5994c244636525d8233557766b4098c9db21db62a5b9539a12bde4845de8dd41ea5916ffe13c4368877a12e2232553bbad14c5fd91cd3d4c9aecc94993d5450ad65a4bbad7230c8b50eb4254e24169427ac874accb0ac8950a79d34cbfb948d305b0c2b1f9d53f4245f3b4b0c5dcb914d228adf9c7d53429e9410f64eb2d2ab4608657e25e1c6a10825d94dac18c015b594ff0b5cea130deb7c100f54986c04aa7b4121c30ae37ae7572d96da73f61e7851f771bd811b1913971786ed64e0025d94a4b06c5a36a257965199d87ac6c8bc6064c0d4ae1c6366fcfb7c8d5ef26135234870158b99a099164fa075ba2432bf74d381ebebbef5a0e9024414181ef79df8e06c70d458cad88e1d7bccd8e7ace600b34c72fbafd34116fa4cbf83caf25771a0c3a26366be2884a96a57ece2cf936829d5b8a31fefbabd7f4db465544ecfa2a7b85d569b78fac6c67c3f6f9a965cc33125796f027ebf536dde0e059e814c29ae779bbc87fa2acb9aea2c4a7b1e0519e45dcf47e7cdee0d7792c0087335bdae2f0352a152ae3beba79733e3eb86f2934acaa3cd699e25679d57de7a100c0c541b9ddb00cae111b94f744a13d563a92a0cbe1f5b6346ec6dab915424af48b14306531f58c72a593544e225d41193bf86bbeee3315e3b4677c6ea6a7c9afdee681efd16a72a30101bbcaa0a7f8dd5d6ec48f994159dc4025fdd7fc53c49ccc99f9fa7385ad2a2ab49b4cce5d4c282b823b4e0c75e7109ab38ca3eeff4e710461f2e2087079980f4e14d84e6f8c88d0fc567f3debea2a855e01a47f95328c1621f786365405f00417af263c00b498869401f53ab91389b20688f625831d58f30a9e7785bcccd84b214cbd39218913c3369e0d9d231f628260913e0c8b91e99c49689e370937e6f44903b99c515432e07090e081f25751b5c088041d5883398eb974ef73cd3951eacda8cec7cf50e38b9939fe74d87891a89afee1b70dfa006beb6562b5b735088a527b8b8ee20b5fd6a3b22a3d1739a65be6a2c9395f780579c2405e0d0aad2666020c573022a914f91ed737ae82ab515ac202b104376833851180d0b04778f841c30f6b7f3bb5bc11ec0105d295473e53ac3cfa131c5d71f165dd3213bfd00c9a0fcd2a3b8b6bca370abe003cea46b007cef5ddbe3d859feb157357c7f775f3bbfa48090021d85e83635a0634f233500e944bf077cdf02e68149ad8f28045c10293ee35c3b3fdebb8fe3f559730aa00f9bac618a565d0be9aed42d833d39f01eadcf736bccab89b201ed6c42869082382dc4ddeffe196313d1afc16b5fbb9e6fe22385bfb06f1f905c1dbcc8673e52557219b89bf11b765a61670a3ba4d581b4e624991a66ebfea61fa313257342413e951cba78c0625673ac9a3f75442321d65166026076817d72eae6efa9ad3a49f7cefe78a4ee12379da4ac8b4f7bb20bc7cffc95752419da2d625dd62d6768bd7cf1c7c14bdca3040c05241430b5f07ecd1b7ea6f476425997a6d14bb7529939464167e63c1f53b3ab0b8ea8f7aaf9d47b1c389a675a70ae2feafa51ca921d3b619a9c2446cd4bea4e87d5ddd9bd21c6e0499e11a4dc3e61bb0a352a74ed990d0749f47dd350225025dbbe047d610d8a94f1e83147831feb1aaf15c80b41dfe245ffc7176cbef56debd17951d182e690c4b320279efa48a1cc54f0026dfd9756bfd87185ddf185ff4f394395179434c304693ded4ab48357aac44141dd6c9afda8bdf90461d48584c23ca98683b9f1b285cfd1b67f8d04915d7cbaa35f9bba3e7eded1a7d7e8a919690938dd2b7d4359f5d15aeaf499fd4bf0314394d9d604cd9576bd180554c52099e3b88831a1b7f163a4aa7fb06b92a06e4828c7e5a350553d3847113becf69af5bbacb11c6224ff9a6707dbe967b1a345997f099021600f819c4749dededea8ff48f806564221a2579191541702280d090f9833062d310600a31840426ab45e7718de566572ee63ad031c9736890cc6c1d0bbc1d322cc0e07844ec31520dc1e9c72e5924883a01aa1ea8058198a44dda32172dca0f5b7e67a097228a37efd2f221601802a7159a880fdbccdc01dcf418f332f9d082234445eb1cbc844a7bf6d057ff1c47e175cb9ab773064d00d5d3786b0a8eb0c133b2adf4aacc1b598f117620c3e26021a3a2921a16391584608397686c501456acf98cb0f89f6dc0f1058ac583c7e38ae58b9b3b90fd87ef0526b403cf7ddfc74e2f6867f5e224012c1054c09879e0c09c527a7a33aa787bc6a6984dcab555f56ab1bcd99dfabc9fc9e4f47f224ce84432d27de7d31bc6df7b80b0b5c1e266dbf009e941f53dc30bb0634122e24c8e8f6acff217e4a0db685c44b04496496a8ffac35a515ea58b7893db8d24f79b36cccf7482a3f1eb61e86ce0c0996c3af2465bf02b53d0fbf256575936579fe4b9ac2bb9830181a1704e1dfb8395840766dc47f61f2747b8f1ee36df41d4d38acff16acc83546e2124c6492da1c1b47fc065df9a2b8728f9d23c57a480900017a6df2a400dd00714bbbfd3abd6b520eab239a71f90292274182de465773b91bdd95792dd40209fcd3aa6067bb1cee991aebd3ac0076adbd71ac047515a7e9c37a96ee2668c55836ddb044a41f8107ace639c6474405794b129031d6d372bdb9d6d2a3afa1ec2883d345c7478f818b86fea58910c29d9c953711321852efc3e550c825b063423e9e0347c25b747c3bf50a6c394ce937699085f9ad1fb907b1fb80f9cdff479cacf0d4c0682c825151590ad4ccdb78e57189fc95fc2ece54029c1af146081794469127c84e727ea3feac0479ccc8bc3c49585d81b93f57d017afa5e85c282d650e0bb1182ba92ec5d90f0bcfcc24b44c840af73228822f4c02ad9080a6789a8d38cba82868a31d6a7bdda27025d91e09502815c9b92c5dd46dd2391c7d43f1f7be60e85e521fd58aa25724ffc9be8b85cdd2417b6acd6c3a0db31831488c5778a7118e7f093bfcc550d4cf8ed21806b27219eb76a15c062cbf2daf0174f068e5690aa359986a4c5a38befe40a23c7bb0751f60e3551ff4e7bd0abfadfd42c37bad741428649d588fe6a1e1c4aa1b37e3a161de1609c7a87e04d902143161f38c711117416317a396b2065ad7a5e8cde07b58b9d15eb874747620dd4d01f4baf5172ef6f44e083a2a73280ad9f1e49c36e722c2e2ce8285acc8c695fa25cbea3b86560fe2460544a034ad58a59591cd424f66c23b55e37b7e3e8c7bd8c6144ef36b3b297d01358cc610b1d1f53fa82dd79dfef10e9dfb099668c678642cbd093624672df7a87166b514e340fd9cde3566724e7fcccb463d23c24f563aac92f4d268e01ea50d44ea87820ab9752aeb44ca07443554f95245fcc7cb42c232d3f60724bdd5e8b05fc8583b6a5049726df2fb0daa8d819ff0de06761654786d763f84ad49cac04a113be380d8f5935afeb871391f21189e794541526137cfeb13e18f197e1123ba2948af2bea13c85b76676dd783a1491836fb74c5675ec392568b4e3f290ca0f7fd10c3f02f8a5527dbd4ea69843d43ffc0a2d232ce460e0254cb0b4fbd01000cf69cb5a725a4dc2e7a3224262b67d834cdd8496148b33efac07d68d025accf8a8e632ba318"]) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, 0x0) 03:44:05 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:05 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1a000}], 0x2) 03:44:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfffffff6, 0x0, 0x0, 0x0}) [ 2190.108244] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2190.108244] program syz-executor.1 not setting count and/or reply_len properly [ 2190.109715] FAULT_INJECTION: forcing a failure. [ 2190.109715] name failslab, interval 1, probability 0, space 0, times 0 [ 2190.113197] CPU: 0 PID: 11047 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2190.114070] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2190.115110] Call Trace: [ 2190.115451] dump_stack+0x107/0x167 [ 2190.115909] should_fail.cold+0x5/0xa [ 2190.116393] ? create_object.isra.0+0x3a/0xa20 [ 2190.116978] should_failslab+0x5/0x20 [ 2190.117462] kmem_cache_alloc+0x5b/0x310 [ 2190.117987] ? mark_held_locks+0x9e/0xe0 [ 2190.118499] create_object.isra.0+0x3a/0xa20 [ 2190.119066] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2190.119718] kmem_cache_alloc+0x159/0x310 [ 2190.120250] xas_alloc+0x336/0x440 [ 2190.120710] xas_create+0x34a/0x10d0 [ 2190.121197] ? kernel_text_address+0xf2/0x120 [ 2190.121795] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2190.122461] xas_store+0x8c/0x1c40 [ 2190.122920] __xa_store+0x164/0x2d0 [ 2190.123401] ? xa_delete_node+0x280/0x280 [ 2190.123926] ? trace_hardirqs_on+0x5b/0x180 [ 2190.124482] xa_store+0x31/0x50 [ 2190.124916] __io_uring_add_tctx_node+0x1cf/0x520 [ 2190.125536] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2190.126201] ? alloc_fd+0x2e7/0x670 [ 2190.126677] io_uring_setup+0x1fbb/0x2980 [ 2190.127212] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2190.127866] ? wait_for_completion_io+0x270/0x270 [ 2190.128491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2190.129156] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2190.129827] do_syscall_64+0x33/0x40 [ 2190.130305] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2190.130949] RIP: 0033:0x7f00b63acb19 [ 2190.131438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2190.133763] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2190.134743] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2190.135661] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2190.136566] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2190.137482] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2190.138385] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2190.140632] tmpfs: Bad value for 'mpol' [ 2190.142824] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2190.142824] program syz-executor.1 not setting count and/or reply_len properly 03:44:05 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000440)={0x0, 0xfffffffffffffffe, 0x39, 0x7, @buffer={0x0, 0x5e, &(0x7f0000000200)=""/94}, &(0x7f0000000300)="21a664a97eef9967fb1820d1b9c527b015d95e016b4d3ee3a3d878d121cf71ee3b8bf44ffb15ce9e5be4f2653c3267c931979327c8ea1fa72d", &(0x7f0000000340)=""/135, 0x5, 0x10010, 0x1, &(0x7f0000000400)}) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) write$binfmt_elf64(r2, &(0x7f00000016c0)={{0x7f, 0x45, 0x4c, 0x46, 0x1, 0x4, 0x43, 0x80, 0xff, 0x2, 0x3e, 0x4c68, 0x1e2, 0x40, 0x31b, 0x100, 0x3b, 0x38, 0x2, 0xff26, 0x4, 0x800}, [{0x60000000, 0x8000, 0x277, 0x4, 0x7, 0x6, 0xffff, 0x3}], "091333d11758b3cc79a0e0f0c4a718f5c61584e7d2b0142c25d462ec1d2908b7694572dde5d55491cfd3904606d3e908b01731fb266a4a4d50dea5a08d65497bf72e176bf09cac0502e055b1e0219605214f87cdca6db931e0537a3431dc4ad873f45fcb51db9359da88ca95f2dcb5893e67246850e34add20011efe850623d07f9196", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7fb) r3 = creat(&(0x7f00000004c0)='./file0\x00', 0x8) ioctl$SG_IO(r3, 0x2285, &(0x7f0000001640)={0x53, 0xfffffffffffffffe, 0xb8, 0x4, @buffer={0x0, 0x1000, &(0x7f0000000500)=""/4096}, &(0x7f0000001ec0)="f297b397e3481e2fa47d6039316a663bf8c7c327f5bceb4aa31e28f4f9a31b3670e6f6a7fa4684c85cb0aa737102a062baa1f13044231621a27cb8e837302372c6b62977ce39e740d3459a724a3cf836d4d7bcfa91b27851b7333b3f019502b26a4e36c2214a4656766191ca30ee55aee275243a62bbc8d62365ab7e4350b875cfe50050a1012bf063f77b4ee326c99e14ace92af1eddd121e5ad6a1216c6ec8ccd54cf1b34ad24753c1d6d7bba5cc06cfa7ab26cd89336e", &(0x7f0000001580)=""/96, 0x8, 0x16, 0x0, &(0x7f0000001600)}) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080), 0x2, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [{@fsmagic={'fsmagic', 0x3d, 0x100000000}}, {@fsmagic}, {@appraise_type}, {@dont_appraise}, {@smackfsroot={'smackfsroot', 0x3d, '/dev/sg#\x00'}}, {@audit}, {@appraise}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}, {@obj_user={'obj_user', 0x3d, '*'}}]}}) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:05 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r0, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$FS_IOC_SETFSLABEL(r0, 0x41009432, &(0x7f0000000000)="d37d4e8212b33bc351290bd560114df7432626b7849e1100539e08e0615624ec2cfbff0c5d0c4ac7528963f4e9d4566b51b6ce93ad23ee5d3ec213e6e68295cd278a376bbe2c5d862260ce748972c409a4a6d220c704f45d82f5c583fbf694a39358f180f50ecc9f0edc630c93db45b0004b8694b24e91106b47ff1a942040eedc11e98ab4e1c9cd905100fddddf15ed11770ba62ad9b8b840f2dd14a1a555486f37a3a8235c7177db741f9ba886468dfa00985d1fc85e043a8854d0bd765239967bef6b84dd8cae8b77aa573f87d4e45d3ecd34e7841baa39e7d0ab1c6d1a73e48408a139ab06cd8a9860d5c9b51188b0c26923d1b3de92c28f7ae708fe53de") r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) 03:44:05 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 59) lseek(0xffffffffffffffff, 0x0, 0x0) 03:44:05 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1b000}], 0x2) 03:44:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfffffffc, 0x0, 0x0, 0x0}) 03:44:05 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2190.222873] FAULT_INJECTION: forcing a failure. [ 2190.222873] name failslab, interval 1, probability 0, space 0, times 0 [ 2190.224377] CPU: 0 PID: 11071 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2190.225228] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2190.226250] Call Trace: [ 2190.226583] dump_stack+0x107/0x167 [ 2190.227039] should_fail.cold+0x5/0xa [ 2190.227529] ? xas_alloc+0x336/0x440 [ 2190.227991] should_failslab+0x5/0x20 [ 2190.228464] kmem_cache_alloc+0x5b/0x310 [ 2190.228970] xas_alloc+0x336/0x440 [ 2190.229419] xas_create+0x34a/0x10d0 [ 2190.229890] ? kernel_text_address+0xf2/0x120 [ 2190.230449] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2190.231095] xas_store+0x8c/0x1c40 [ 2190.231555] __xa_store+0x164/0x2d0 [ 2190.232015] ? xa_delete_node+0x280/0x280 [ 2190.232536] ? trace_hardirqs_on+0x5b/0x180 [ 2190.233073] xa_store+0x31/0x50 [ 2190.233482] __io_uring_add_tctx_node+0x1cf/0x520 [ 2190.234074] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2190.234719] ? alloc_fd+0x2e7/0x670 [ 2190.235177] io_uring_setup+0x1fbb/0x2980 [ 2190.235705] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2190.236347] ? wait_for_completion_io+0x270/0x270 [ 2190.237101] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2190.237812] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2190.238604] do_syscall_64+0x33/0x40 [ 2190.239074] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2190.239848] RIP: 0033:0x7f00b63acb19 [ 2190.240416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2190.243205] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2190.245179] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2190.246992] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2190.248673] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2190.250207] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2190.251748] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:44:05 executing program 4: r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000080)) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:05 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) perf_event_open(&(0x7f0000000200)={0x1, 0x80, 0x20, 0x5, 0xb6, 0x77, 0x0, 0x0, 0x7000, 0x4, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20, 0x0, @perf_bp={&(0x7f00000001c0), 0x1}, 0x100, 0x3, 0x3, 0x7, 0x0, 0xa0000000, 0x40, 0x0, 0x7, 0x0, 0xfff}, 0x0, 0x10, r1, 0x2) write$binfmt_aout(r1, &(0x7f0000000000)=ANY=[@ANYRES32, @ANYRES32], 0x120) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3, 0x80, 0x6, 0x7, 0x0, 0x9, 0x0, 0x2, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000100), 0x1}, 0x48400, 0x3ff, 0xfffffffe, 0x5, 0x9, 0xffff, 0x1, 0x0, 0xffffffff, 0x0, 0x40}, 0xffffffffffffffff, 0x2, r2, 0x2) ioctl$SG_IO(r0, 0x227c, 0x0) 03:44:05 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0xfffffffe, 0x0, 0x0, 0x0}) [ 2190.317110] 9pnet: Insufficient options for proto=fd [ 2190.319538] tmpfs: Bad value for 'mpol' [ 2191.143917] 9pnet: Insufficient options for proto=fd 03:44:23 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00d58c4520462561"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:23 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1c000}], 0x2) [ 2207.659711] FAULT_INJECTION: forcing a failure. [ 2207.659711] name failslab, interval 1, probability 0, space 0, times 0 [ 2207.662059] sg_write: data in/out 16777180/242 bytes for SCSI command 0x5d-- guessing data in; [ 2207.662059] program syz-executor.4 not setting count and/or reply_len properly [ 2207.662218] CPU: 1 PID: 11110 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2207.665709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2207.667460] Call Trace: [ 2207.668069] dump_stack+0x107/0x167 [ 2207.668840] should_fail.cold+0x5/0xa [ 2207.669650] ? create_object.isra.0+0x3a/0xa20 [ 2207.670617] should_failslab+0x5/0x20 [ 2207.671419] kmem_cache_alloc+0x5b/0x310 [ 2207.672287] ? mark_held_locks+0x9e/0xe0 [ 2207.673138] create_object.isra.0+0x3a/0xa20 [ 2207.674062] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2207.675140] kmem_cache_alloc+0x159/0x310 [ 2207.676051] xas_alloc+0x336/0x440 [ 2207.676802] xas_create+0x34a/0x10d0 [ 2207.677605] ? kernel_text_address+0xf2/0x120 [ 2207.678555] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2207.679695] xas_store+0x8c/0x1c40 [ 2207.680466] __xa_store+0x164/0x2d0 [ 2207.681237] ? xa_delete_node+0x280/0x280 [ 2207.682128] ? trace_hardirqs_on+0x5b/0x180 [ 2207.683052] xa_store+0x31/0x50 [ 2207.683769] __io_uring_add_tctx_node+0x1cf/0x520 [ 2207.684785] ? io_uring_alloc_task_context+0x6a0/0x6a0 [ 2207.685903] ? alloc_fd+0x2e7/0x670 [ 2207.686689] io_uring_setup+0x1fbb/0x2980 [ 2207.687605] ? __do_sys_io_uring_enter+0x1890/0x1890 [ 2207.688686] ? wait_for_completion_io+0x270/0x270 [ 2207.689723] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2207.690830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2207.691976] do_syscall_64+0x33/0x40 [ 2207.692763] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2207.693846] RIP: 0033:0x7f00b63acb19 [ 2207.694632] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2207.698559] RSP: 002b:00007f00b3922108 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 2207.700203] RAX: ffffffffffffffda RBX: 00007f00b64bff60 RCX: 00007f00b63acb19 [ 2207.701709] RDX: 0000000020ffc000 RSI: 0000000020000080 RDI: 0000000008003a75 [ 2207.703214] RBP: 0000000020000080 R08: 0000000020000100 R09: 0000000020000100 [ 2207.704747] R10: 00000000200002c0 R11: 0000000000000202 R12: 0000000020000100 [ 2207.706249] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:44:23 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000000000)='-@\x00\b\x02\xd5g,L\\\xbc\xaf+\xfdx\x1d\x85\x95E\x01\x8c\xb5\xee\x9f\xde\xad$\xa3\r\xbc\"\xfbB\xe4\xd6M\x95U\xe5>\xf1\xb2\xe0\xbf\x91^\xac\xc6\xe6\xae', 0x6efbdb37ac98616c, 0x40, 0x0) mq_notify(r0, 0x0) 03:44:23 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 60) lseek(0xffffffffffffffff, 0x0, 0x0) 03:44:23 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x6, 0x80, 0x5, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xffffffff81000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2c}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone3(0x0, 0x0) syz_genetlink_get_family_id$ieee802154(&(0x7f0000000100), 0xffffffffffffffff) connect$inet6(0xffffffffffffffff, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @dev={0xfe, 0x80, '\x00', 0x10}, 0x2}, 0x1c) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000000), 0x6e, &(0x7f00000001c0)=[{&(0x7f0000000180)=""/16, 0x10}, {&(0x7f0000000400)=""/99, 0x63}, {&(0x7f0000000580)=""/235, 0xeb}], 0x3, &(0x7f0000000340)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}, 0x40000010) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000080)={0x0, 0x8000}, 0x4) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002040)=[{{&(0x7f0000000380)={0x2, 0x0, @multicast1}, 0x10, &(0x7f0000001600)=[{&(0x7f00000003c0)="db9c", 0x2}], 0x1, &(0x7f0000001640)=ANY=[@ANYBLOB="14000000000000000000000007000000c4048f01000000001c000000000000000000000008000000"], 0x38}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, 0x0) 03:44:23 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:23 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = open_tree(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x1) ioctl$SG_IO(r1, 0x2286, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x3f, @scatter={0x9, 0x0, &(0x7f0000001600)=[{&(0x7f00000000c0)=""/238, 0xee}, {&(0x7f00000001c0)=""/70, 0x46}, {&(0x7f0000001480)=""/44, 0x2c}, {&(0x7f0000001740)=""/103, 0x67}, {&(0x7f0000000380)=""/70, 0x46}, {&(0x7f0000000400)=""/81, 0x51}, {&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/113, 0x71}, {&(0x7f0000001500)=""/218, 0xda}]}, 0x0, 0x0, 0x40000000, 0x0, 0x2, 0x0}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) getsockopt$inet6_mtu(r3, 0x29, 0x17, &(0x7f0000000000), &(0x7f0000000080)=0x4) 03:44:23 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r1, 0xd8499488957a772f}, 0x14}}, 0x0) r2 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r0, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000640)={0x64, r2, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0002}}, @IEEE802154_ATTR_HW_ADDR={0xc, 0x5, {0xaaaaaaaaaaaa0102}}, @IEEE802154_ATTR_DEV_TYPE={0x5, 0x20, 0x1}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}, @IEEE802154_ATTR_PHY_NAME={0x9, 0x1f, 'phy0\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x7c, r2, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@IEEE802154_ATTR_LLSEC_KEY_USAGE_FRAME_TYPES={0x5, 0x31, 0xa3}, @IEEE802154_ATTR_LLSEC_KEY_BYTES={0x14, 0x30, "98db52325de601f914e9f22e17ec6ffa"}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_SHORT={0x8, 0x2c, 0xb94}, @IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xffff}, @IEEE802154_ATTR_HW_ADDR={0xc}, @IEEE802154_ATTR_LLSEC_KEY_USAGE_COMMANDS={0x24, 0x32, "5ac292a930aaca8e7a80240880488b9254177d3d349ff805eda57b6f7e98b833"}]}, 0x7c}}, 0x40) r3 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r3, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r3, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r4, 0x8933, &(0x7f0000000180)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r6, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}]}, 0x30}}, 0x0) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000600), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_802154(r8, 0x8933, &(0x7f0000000180)={'wpan1\x00', 0x0}) sendmsg$NL802154_CMD_NEW_INTERFACE(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r10, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r11}, @NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan4\x00'}]}, 0x30}}, 0x0) sendmsg$NL802154_CMD_SET_LBT_MODE(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x5c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_IFINDEX={0x8}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x200000002}, @NL802154_ATTR_LBT_MODE={0x5, 0x13, 0x1}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r7}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r11}]}, 0x5c}, 0x1, 0x0, 0x0, 0xc000815}, 0x8041) [ 2207.734383] tmpfs: Bad value for 'mpol' [ 2207.744734] sg_write: data in/out 16777180/242 bytes for SCSI command 0x5d-- guessing data in; [ 2207.744734] program syz-executor.4 not setting count and/or reply_len properly 03:44:23 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x8000, 0x8}, 0x18) fallocate(r0, 0x8, 0xfffffffffffffffb, 0x7ff) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_open(&(0x7f0000000000)='-@\x00', 0x40, 0x42, &(0x7f0000000100)={0x180000, 0x3, 0x1, 0x2}) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000040)) 03:44:23 executing program 7: readv(0xffffffffffffffff, &(0x7f0000001600)=[{&(0x7f0000000080)=""/204, 0xcc}, {&(0x7f0000000180)=""/107, 0x6b}, {&(0x7f0000000300)=""/230, 0xe6}, {&(0x7f0000000400)=""/130, 0x82}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f0000000000)=""/53, 0x35}, {&(0x7f00000004c0)=""/195, 0xc3}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/28, 0x1c}], 0x9) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000001700)={0x2, 0x3, 0xa430, 0x8, 0x6, "4f99d671eda98c0b0022f79894f62aa62df501"}) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) pipe(&(0x7f00000016c0)) 03:44:23 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x2, 0x0, 0x0}) 03:44:23 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2207.886769] tmpfs: Bad value for 'mpol' 03:44:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000300)={0x53, 0x9038777c26fce4da, 0xa4, 0x20, @buffer={0x0, 0x98, &(0x7f0000000080)=""/152}, &(0x7f0000000140)="7bae13c66bc22feb23f5a06d46a84405ac422959b1d5ba2ebe4a1074efaa14e373c7d922f548cd998f39bcceed21669ca3ac6a3d0228e076414cb62dceef8dd374416d9d29836ca2d32e2e8afea1b2d7dba3876b6fa44ae44e5d2801bc180be20186be02d3a988260e7caf8ce07691739e8c7f296a513bc1a964ad06cdfe7deafe5280995389162d53d9f8ee46db7e13bad2db7b3445c5fa9a7ff04ae88e4380390e3c5b", &(0x7f0000000200)=""/218, 0x8, 0x25, 0x3}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) mmap$usbmon(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2, 0x810, 0xffffffffffffffff, 0x4) 03:44:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x3, 0x0, 0x0}) 03:44:39 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1d000}], 0x2) 03:44:39 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x80000b, 0x12, 0xffffffffffffffff, 0x10000000) syz_io_uring_submit(0x0, r1, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x1}, 0x6) r2 = openat(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x210000, 0x165) syz_io_uring_submit(0x0, r1, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x3, 0x4000, @fd_index=0x4, 0x800, &(0x7f0000000100)=""/238, 0xee, 0x8, 0x1}, 0x9) ioctl$sock_TIOCINQ(r2, 0x541b, &(0x7f00000000c0)) r3 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r3, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r3, 0x0, 0x0, 0x9, 0x0) mq_notify(r3, &(0x7f0000000100)={0x0, 0x41, 0x1}) sendfile(r3, r0, &(0x7f0000000240)=0x3, 0x0) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x53, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:39 executing program 7: r0 = syz_mount_image$tmpfs(&(0x7f0000000740), &(0x7f0000000780)='./file0\x00', 0xfff, 0x1, &(0x7f00000017c0)=[{&(0x7f00000007c0)="d79412800f598bbc73a3aa71a9839fcf6e4503eff1a2adff1591d55acdba4b28b7beb73de59c551ea40931c508f62332bca7710c77baa66ab18db0f2fbf375998b780193e01f17067fefa9e0f9763e3f33632f46786892a280d11e7f3a43210cc3d33c925a04071f4225129d73d265da08867b5a56f23e76b75db0500ba19651cb393c2d203aaedeff8aef4c21a844abcb056f440d7abb4cd5243f41062be7f103bdc8b81949f736b1da323572e97c02f4c40b830debae4efa5fb7b172e1646b41d1e099366ae17e5e5e1c9f14e6a4cf37f67ec7bb8e740c6c130c47c8c5387be2ae680b506c96114b3087fe0058cdd1a20cdf715dfaaf4d5c4377f2724822b6178d998c262d026927d62cd201d8dcf3397ec207813819a0d847bb97ec7890904e2229a9ca49e76ef9fe368a1647eb820bd3cc68f93e63eddde2997a015452e557c7ac5c1469931cd027b38dfb4aa6565f0fe2269b0a5af21ab1dedcca53569c14c397cd267697f2c1a25a33c8594327f6af8b973aa697b49b2973f849e7eb6584079fbfeefdd90176ba5bd17f122fe22b0fabd17cdcfd0f36739e1896e76be90f37028be744db977fe74a1426e34372d9c588aebe982a27187f5422058911217d20666670ec4169d690a611c14b52656b2bd7fd4e286c041944992b60fc87fc9ab424f537a3c28cc0045bbe54f0df814c9b80a64b261fe96180bbd1cc3c9bdda8f44c8b1240113f1edbe3d607183c69c67bd619a95431e6d15dce759aaba9339cc047ba550d835916b96b20f38fdd874c4dcf2165dfda4d418a989bdfab9f137346ec7ae07c41119d4eae46ddc620bf304a176871d4045e488131f4d4f8597eeb7190f27f27c7cd96c522875f6a22c5e118b3886fd476ad8397fd27ed1481fbe6adec71338fc53cbdcdee7bee6d1aa70df513177995678a8f26ac57c5f5abba5b2da38cf093e37cfee053978ed4269e4d3f7d7bf47ae65b699e66845848f007461658e3b3c5b76d4d2b1cc8f46b6319a7f87bbc58ae63f9c686e0b2b2589d1e9fa858f837fc076c8e0890bbd4a5a853010af83170f2ef97b1004562ea3ce2e23f145499ef435cd1c493b62eba483e90a2b4785976c18f0c9ed68c55b76c847d3aa7140d838ad39044eefde35b3f7ae12a1b880248c91aef6c220033e62b0bbf36b559208dfbf0257ec88998f3ac7c421f52b849748fc99d551541218eff7d384dcad73e95743e2c35745433ccb1ec93fcad79122a98c89f15515c0fffeffa71e70ac17dd1574270abb922136fd8968dcfb215e6b0967da21e5647f0cf4153726eb95128810db238b143b4a8a16b4b0aca3e533f974a85fe2edcbc1eebe5703b62e40ca4f28b6ca8fec3d12fde9c70e6b6d1ad938a4a795396c02466afe0d0e72147b86ab931afd9b422585fc4e13bc92e4b79d4d4340c3de02d2127a23f8eb78b0496e0754b896f7efb156b452daebba8c7c312311a6b755018b5bbb7cc6abcb1081ae846b82a669c45e74ea00ad2efa812a46336f08fedd5de195de0e33b15954e10bfa50a56dbf4c8e15523c5ac575bb65ca446ade552a5399a55d58f8a25376cddca8a86cee87838ec4939cb6844b323e38193c75b0f8a04e9efde76e488544467ce1faef2de5880724f9edd7747beb72c265daba483fa445502be0fec09d3bb2df562f1a81bf1cc9d25b7f00084bd8621c3fd856cfabae33789a0fbe9377c5a30d2675e181cc350641c890daa5153156c7c786939f040fbebbf435f975693a342e1224f873720853c12d4ca87dddc345f32ff21bc3e0060791d55709c97f6d1d76968b7b10a1d34c5b0fbc9dddbf708808a5a5ca7f20ee5806eb43635f5d101ab76d8e987b8a16de0aa261be511b52cc57396a9b2f0ec7cf799a73e287298010adb603d5d1ef56699ed0288363d208e8080b294a207db392acb9105a7ec6cb04f4be7a37fa9e55b68559e131f2cd9afc6548c1a926dbe058da3b5bd48a3ebc831670b67579ffd87e7442e59570fa3dc46b098399e5e0058b4587ba99daefc17d7ba224ed1224c83dd49ae3b520b5c8b05a2842c8efd3132ee2c2434294d4e94c5b7383bb2a16e0e16033a8c8ee6e5f56d5b6b2ffd2e6e1f5f640c837e925c14933ed3bbd9e4aa630f5b97daed6609a989f278a0f1a58d68750c53273df6962e5de040b15a6d81b5081b88a17a66d54a116eb4eeb5dfe7da53b0956b0540c003ad7316c705a5b6df145e0a241debc67f9435c1513c1e79c5d3908af60207596d967fa54683661344dcbc7ae30757be11d6de0f6c7b3d4b178d3c2c9140c142b66ef5cc3b042103f1a570f840c150b32fc381665319d0c29b171f2108cfd134f4970c0db6802fb2a5542eae88acf1b68f2b68589a542c7e17e5c827696fed5db49cebbbee149226e1aed81e2801f96459bc1e6807a0775ce7d9b2d83860897839568f29531507351d7b27f78d79dc713215587e934b3ca657fdf57a1f15e22a4dc48c095d0d55aee06ffe4183cb3d49893bf1ea783fd429ff65cd6b84e3c021379eece420bbe2722b8d2dfd54acfa7db8f25a65acac1451b83ea91672d8f7c1061d78cdcd0a79304bf6dcbe40bd58562c7f26dc4fb746a1a19e58bda17bb18f0960b78448895ca3b6d8a75b12d4df3bb89f96a0618484c78c62312c177afd28957b3e96c176997110c788050a6d37cac240c852732e1206835f59a72d3592515ea69b6aed0bba3da2453d3a071a84fdf9682eb6bfa76dabaa3ffc6cd7fa45f2c06b8ba5b5b94a931704e8505ea78f7bdd354e805df6f0cb51ac40dec5146ea9b4a5a4c1e7b185d3c43c78c5f8653a393e8ee2aabbc1d30dc3c131e43f3164a5a39921bfd63349c48e9c2b4ed12eb9bf71fe5cc6a7bb0eae6339eaa7de32c85520435d3fbb9b8b5806481409bd8f404c26da2319731ded156057b16226a2fa8f426f2b96174e1a2368bc7936a458beec2e6188a7cafb78988faf03603cd21a6dea6a53e2b63461a9b0fd3632ab08855a19fcd95776ed17c519c22ccf98096b0e9998df48fbcf0639d0a8ebd2a67d50483904302c4ca05d73c4c15cf40a4b2d3a7836578f5719e5f21be16a7ec419fc12e59467eda60b85801133d0333d0e74f294790d743925bab28866b9df732eb956c89f7bf721f204612054317a9020e945e9d3018a847ff9e171c1a5809f16c79e6c350bf7dab87420eae45e8195c99a2fd14b9b992beb737962f170ba9130e7f4d00bf1bc1403b161aa56c495bebe8c6d5b5cb94bda39e2ef5d3b5712a8d89621113eab65e033f87332b8204d6947087aa3b603772e7a530a90874e3fdb03142ca59bedbfe254f471205d36984b87830bb1ba6be6b520aa58088df0872b7a1ca3a9db54cc218a5d610f7e68bb166c29bcf905e1f9125860425246c0817c92862300f4fe8cf41021be7779be5dab9d3e5665b2d1fd36c5d0a86aa17f9db263a15aba9e12a6479dba8791739f0cfa76a806739c18af7603af3b59b98ee3071c4a2d922b1a6ff9bded4714b992d05a71564ed206353c6eba641528a9593ce8c7eaac86b12674b997857d41cb68d3b632672644089ff90395f61766271f659c1ac79497ff015b4098961eb85e5e47b5d623a8605cb1a7755e96c96593a6223d4d396aa2aadd1741cb05339c9d191d2616814bc6b60093176506bdafaa7e19b2a48046088660be38018816ccc26b8e7040a8b7c6c65bc4f22c18820e4cac08c70546f40a0d8012a2c3cf0d91f235cfb9f3cf3ce6061b1068ade264aa2387264a56b850961c1e5417ff6dc09904a8e6237622c8932c8b16da0f33897bf0af63b5698a6cb8ee599cf8ae5e60586d01bc70ccd18bc50d80c8dba9476b84c8a64a147fd1c1034cf38e9d8ec8c8fe858927ec732ae3c57173153ffff7bdefff8c394eabba9053023282ddcc2e29d6859d6487160263e2dd417e8d9e89a15eab492dedb3444dbaacf646048916074a375b5c74100c5b0da5743a81fb4a1e84713ed2756e2deb47db53d29a7abfb61d970d36432692233ea43462963bac76f5421eb933eeb4ee80d1aedb4b8b86f1a20e2c14e24dd35291a41f8ba9ac7aea083c7cfdbf583579c3b8836fc7a48dc3d8d2e26ac75473a151c3595b4c84b22c49e804dda74f14e17b926cfb436020151ccb70f16d53d05c069a944dcf6a0afe47e84484ea38a3c76381eb6d6ace8154e6b289fbea39753c2723d40ebda20666ee49f42d368c707a6719daa253390a56eaec83bcb63e3ccac7e44506e7fdd01b0fbf0605ba72962bd7c4fe682660be6f36ae5c37d78c011f4225ff6947ae7499ca562250c82870bc02f584881b48251b15feb743a396b9b7e9d35c6d4ab4c46fc1d91a6379bf3d9e8627156ef86e435fd816429943ccbd00f27d18c28dfe8fe85f77d3f6fe2ed318d46419eef91cb8ed425d15d4ec9b15f9f720cab17141a2ed19c174c82ea9e16b5292ff602340ca3249668332d3e20095d5745ff8cd5d6df3567ef51fb701be154c2edb9a2652b84fca63052bf4299ada977c2583614a1ecfbf9be42396ee99d9e26759cc4e5781d7c1b376b5c493ef6a8dbf45dd9983508fa192ba5100312d7f4aa83676d18cb098592318ad2005c95781822a424f369db5797213ce136f8ed3e7e6385d0655be6a1fb8a52a7cdc3a2a5763dad87759e93a60e61112a062f9ba0d9cc2f817a60fcd07cc12921d9ab436ca83bd5f3163b3aae3bb49cbc37458bd03dd61f9fb127cc3f44a0006d6a4a20310fa3d546def2b335e64509144fd5d100225fff58ebc28666dfddc5a0c0091b5f516e2a68c83be17998b8b038830e8cfa5ed67cf3a8749ec25741ee8d83b05ef11c6cd805c6e5f4ea48838f9a001cd47702947f9738d138b8a63b538464a24fcba809172d6d3c9ad91e81c3819a9181bac4557710ee83bc0deecafc67069402b7d01f30378c9428a143eb0350df90cb323112e0c812746286284fc81a573d37e43a30482fb84b9f9805d01c0fd35e644eaed7e6ea36f4bb980ea638021e4cb956d7b3307c811530652633c90621fa39eab42d045a6f8aecfece9e2fc4b169e21dde2ab7f9a1e0cfd16fcf9491e8d141b50a42510983cb99e9766780009003f1fa149e449f7cb2d8c82fb50bb796dd07ac80e6363b42c5f62e2bb9c271e461d9f36028e46a40356f2bd904da4837dbc93ab7a9efeefb29ed31650cf2e9942e8d2a3015ab183fff60ac63fd798a716da8c162635c6efa0cd3765e7217cc55d01c0c488ebd5f8027573025e5ab3661a62f961d36e8b8e8ec10b0ba7bd08d42fa20f3c77f7c9b2b0d5558252b4de7052d592be7d62164342fc8bf0977084170e8ee228830afc69ef1a9ca757a4b48364891fad1e3e2ad5b3d3845d8689f5ea98107ec10f70dfb8c13f0b55650df96fbbbdadfcc648825e49e915b9c9180023528a315ef0206ac9f6885062a73be32e7995e8c913587c0c4bb665202faa194ee7e4969e7ae7744635f23310aa348b6f98d32706d9a6eb9eb5364d442825cc97b39727dda3e7dabd9d66bf49f4ce3d8917002b3cf8fba6ecb3d05ebfd0236a3e38b3871668d9d061a35c828f5f1c93a3f1ffecb005fb55c400c3eb55c746ad3c4a1aea86537ba2b61ad32c9cb579657a226e03e5c47e79922069e370deb966b4f8d0580f437afb0e4da65a9796aa4539bcfe48fca3463250fc9dfac9a13a8d197541e6598cfebe85a391a11329911085e556ff0b707c7d8a7d7aa5005c90eafea76044a03e9014fe9e61656c7abfa39f02b3bcc418817fc7f4821df7042b7d63afe6", 0x1000, 0x5}], 0x88000, &(0x7f0000001800)=ANY=[@ANYBLOB='huge?never,size=txgm3,mode=00000000000000000000401,obj_role=/dev/sg#\x00,\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000001880)={{0x1, 0x1, 0x18, r0}, './file0\x00'}) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000240), 0x2401, 0x0) ioctl$VFAT_IOCTL_READDIR_SHORT(r2, 0x82307202, &(0x7f0000000500)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000480)={0x0, 0x2, 0xb2, 0x7, @scatter={0x2, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)=""/101, 0x65}, {&(0x7f0000000100)=""/221, 0xdd}]}, &(0x7f0000000300)="e1c5846924072a3bdb1431ef33ea5ae05ed590339de0fd2e5f1f228814491fff05e9ebb85aa74b92ad7ce64de5ac7419ffa9ff194394a6e6c3ff03fe212f068e4cda4371944ebbc3605773142949c6c2a5646cfd1ca33660dc331125d5e5dd188be7c2cae6057ee130e2cd7af0cf1627a47a2ba15aeddf56ba8795475910d97100ffea061cb5f102239ae53b0ec0e7a157cb7c2d776fe73318b49748b20d271949d1b9d13d3fd6b3534f348a49ce3c4310d6", &(0x7f00000003c0)=""/171, 0xffffffff, 0x7, 0xffffffffffffffff, &(0x7f0000000200)}) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:39 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) [ 2224.469184] loop7: detected capacity change from 0 to 4096 [ 2224.505213] loop7: detected capacity change from 0 to 4096 sendmsg$NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000100), 0xc, &(0x7f0000000840)={&(0x7f0000000180)={0x69c, 0x0, 0x620, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x6, 0x3b}}}}, [@NL80211_ATTR_TID_CONFIG={0x674, 0x11d, 0x0, 0x1, [{0x150, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x14c, 0xd, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x78, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x6, 0x1, [0x12, 0x6]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x65ef, 0x7, 0x3, 0x9, 0x2, 0x9, 0x627]}}, @NL80211_TXRATE_LEGACY={0x4}, @NL80211_TXRATE_HT={0x4b, 0x2, [{0x6, 0x2}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x6}, {0x1, 0x17}, {0x3, 0x2}, {0x0, 0x2}, {0x6}, {0x3, 0x8}, {0x3, 0x7}, {0x1, 0x3}, {0x6, 0x7}, {0x0, 0xa}, {0x3, 0x4}, {0x4, 0x6}, {0x4, 0x7}, {0x6, 0x6}, {0x0, 0x5}, {0x0, 0x9}, {0x3, 0x8}, {0x1, 0xa}, {0x0, 0x8}, {0x0, 0x3}, {0x1, 0x9}, {0x1, 0x9}, {0x4, 0x9}, {0x3, 0x5}, {0x4, 0x9}, {0x0, 0x3}, {0x2, 0x6}, {0x1, 0x8}, {0x0, 0x7}, {0x6, 0xa}, {0x1, 0x6}, {0x2, 0x6}, {0x1, 0x9}, {0x1, 0x5}, {0x4, 0x7}, {0x1, 0x8}, {0x2, 0x2}, {0x5, 0x5}, {0x0, 0x9}, {0x1, 0x9}, {0x6, 0x8}, {0x1, 0xa}, {0x6, 0x2}, {0x3, 0x7}, {0x6, 0x2}, {0x2, 0x8}, {0x1, 0x1}, {0x3}, {0x6, 0x8}, {0x5, 0x7}, {0x4, 0x9}, {0x6}, {0x4, 0x9}, {0x7, 0x2}, {0x6, 0x9}, {0x4, 0x2}, {0x4, 0x3}, {0x7, 0x9}, {0x7, 0x9}, {0x5, 0x3}, {0x7, 0x3}, {0x7, 0x7}, {0x3}, {0x1, 0x1}, {0x6, 0x7}, {0x0, 0x3}, {0x2, 0x7}, {0x1, 0xa}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x3}]}, @NL80211_BAND_2GHZ={0xc, 0x0, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0x18]}]}, @NL80211_BAND_5GHZ={0x6c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x8, 0x1, [0x9, 0x12, 0x4f, 0x48]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xf0, 0x9, 0xe2e, 0xfff, 0xbab, 0x4, 0x4, 0x56]}}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_HT={0x42, 0x2, [{0x4, 0x6}, {0x1, 0x2}, {0x5, 0xa}, {0x7, 0x4}, {0x2, 0x4}, {0x1, 0x4}, {0x3, 0xa}, {0x2, 0x9}, {0x0, 0x9}, {0x0, 0x2}, {0x0, 0x8}, {0x5, 0x9}, {0x2, 0x1}, {0x7, 0x3}, {0x4}, {0x4, 0x8}, {0x0, 0x1}, {0x0, 0x5}, {0x0, 0x9}, {0x0, 0xa}, {0x0, 0x1}, {0x0, 0x6}, {0x3, 0x9}, {0x0, 0x3}, {0x2, 0x8}, {0x6}, {0x5, 0xa}, {0x3, 0x1}, {0x6, 0x2}, {0x3, 0x8}, {0x1, 0x2}, {0x2, 0x3}, {0x0, 0xa}, {0x7, 0x7}, {0x4, 0x7}, {}, {0x0, 0x5}, {0x7, 0x4}, {0x0, 0x8}, {0x0, 0x3}, {0x2, 0x3}, {0x3, 0x2}, {0x2, 0x5}, {0x7, 0x6}, {0x1, 0xa}, {0x1, 0x4}, {0x0, 0x4}, {0x7, 0x3}, {0x3, 0xa}, {0x0, 0x8}, {0x5, 0x1}, {}, {0x2, 0x5}, {0x0, 0xa}, {0x3, 0x9}, {0x7, 0x9}, {0x1, 0x5}, {0x3, 0x2}, {0x1, 0x4}, {0x2, 0x5}, {0x5, 0xa}, {0x2}]}]}, @NL80211_BAND_5GHZ={0x58, 0x1, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x5, 0x1, [0xb]}, @NL80211_TXRATE_LEGACY={0x9, 0x1, [0x48, 0x12, 0x1, 0x48, 0x24]}, @NL80211_TXRATE_LEGACY={0x21, 0x1, [0x12, 0x1b, 0x1, 0xb, 0x6, 0x5a, 0x9, 0x6c, 0x3, 0x30, 0x6c, 0x6, 0x16, 0x3, 0x5, 0x42, 0xc, 0x4, 0x97e71f9154bef313, 0x30, 0x48, 0x6c, 0x1b, 0x16, 0x5, 0x16, 0x24, 0x1b, 0xc]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x8, 0x572, 0xf70, 0x3f, 0x7, 0xfff, 0x1]}}]}]}]}, {0x314, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x278, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x54, 0x1, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4f, 0x2, [{0x6, 0x1}, {0x6, 0x6}, {0x3, 0x8}, {0x1, 0x2}, {0x2, 0x3}, {0x0, 0x4}, {0x4, 0x7}, {0x6, 0x8}, {0x0, 0x7}, {0x7, 0x1}, {0x4, 0x1}, {0x7, 0x8}, {0x1}, {0x5, 0x3}, {0x6}, {0x3, 0x9}, {0x6, 0x8}, {0x2, 0x8}, {0x0, 0x8}, {0x4, 0x8}, {0x2, 0x3}, {0x2, 0x5}, {0x4, 0xa}, {0x1, 0x7}, {0x3, 0x2}, {0x6, 0xa}, {0x7, 0x5}, {0x5, 0x9}, {0x7, 0x2}, {0x4, 0x3}, {0x2, 0x3}, {0x2, 0x5}, {0x6}, {0x1, 0x7}, {0x2, 0x8}, {0x2, 0x5}, {0x0, 0x1}, {0x1}, {0x6, 0x9}, {0x3, 0x3}, {0x7, 0xa}, {0x3, 0x3}, {0x4, 0x7}, {0x7, 0x6}, {0x7, 0x4}, {0x4, 0x1}, {0x1, 0x7}, {0x6, 0x5}, {0x1}, {0x7, 0x4}, {0x0, 0x6}, {0x2, 0x3}, {0x7, 0x4}, {0x7, 0x6}, {0x2, 0x3}, {0x3, 0x1}, {0x6}, {0x3, 0xa}, {0x6, 0xa}, {0x7, 0x1}, {0x2, 0x4}, {0x0, 0x1}, {0x1, 0x7}, {0x7, 0x6}, {0x0, 0x5}, {0x2, 0x8}, {0x3, 0x2}, {0x6, 0x9}, {0x4, 0x8}, {0x1, 0x5}, {0x0, 0x5}, {0x2, 0x1}, {0x0, 0x1}, {0x1, 0x1}, {0x7, 0x1}]}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x101, 0x6, 0x86, 0x4, 0x2fd1, 0x3, 0x4]}}]}, @NL80211_BAND_6GHZ={0x8c, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0xe5c, 0x7, 0x5, 0x5, 0x0, 0x5, 0x3f]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x0, 0x0, 0x4, 0x3, 0x0, 0x4, 0x2]}}, @NL80211_TXRATE_HT={0x6, 0x2, [{0x4, 0xa}, {0x1, 0x5}]}, @NL80211_TXRATE_HT={0x3c, 0x2, [{0x7, 0x7}, {0x5}, {0x4, 0x3}, {0x2, 0x9}, {0x3, 0xa}, {0x2, 0x2}, {0x1, 0x2}, {0x5, 0x2}, {0x3, 0x2}, {0x0, 0x7}, {0x3, 0x3}, {0x4, 0x2}, {0x7, 0x8}, {0x0, 0x8}, {0x2, 0x2}, {0x4, 0x8}, {0x3, 0x5}, {0x2, 0x7}, {0x6, 0xa}, {0x1, 0x6}, {0x7, 0x4}, {0x2}, {0x2, 0x4}, {0x0, 0x2}, {0x1, 0x1}, {0x5, 0x2}, {0x5, 0x1}, {0x0, 0x1}, {0x0, 0x8}, {0x3, 0x3}, {0x3, 0x8}, {0x1, 0x8}, {0x3, 0x6}, {0x1, 0x7}, {0x0, 0xa}, {0x1, 0x5}, {0x6, 0x1}, {0x4, 0x3}, {0x6, 0x9}, {0x4, 0x8}, {0x1, 0x5}, {0x7}, {0x0, 0x9}, {0x2, 0xa}, {}, {0x3, 0x2}, {0x0, 0x9}, {0x7, 0x1}, {0x4, 0x4}, {0x4, 0x3}, {0x7, 0x1}, {0x7, 0x6}, {0x3}, {0x0, 0x6}, {0x4, 0x7}, {0x0, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x401, 0x0, 0x2, 0xfff7, 0xfff, 0x0, 0x401]}}]}, @NL80211_BAND_6GHZ={0xb8, 0x3, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x0, 0x6}, {0x1, 0x2}, {0x6, 0x2}, {0x2, 0x4}, {0x5}, {}, {0x0, 0x5}, {0x4, 0x4}, {0x0, 0x8}, {0x3, 0xa}, {0x3, 0x5}, {0x0, 0x6}, {0x1}, {0x6, 0x2}, {0x5}, {0x5, 0x5}, {0x4, 0x1}, {0x2, 0x5}, {0x1, 0x2}, {0x5}, {0x1, 0x6}, {0x6, 0x8}, {0x0, 0x8}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x3, 0x81, 0x6, 0x1f1, 0x7, 0xff4e, 0x3ff]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x8, 0x49ce, 0x20, 0xee, 0xc8e, 0x80, 0x3f]}}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x3, 0x0, 0x800, 0x2, 0xfff7, 0xc9, 0x7, 0x5]}}, @NL80211_TXRATE_HT={0x4a, 0x2, [{0x1}, {0x1, 0xa}, {0x0, 0x2}, {0x1}, {0x5}, {0x2, 0x5}, {0x1, 0x8}, {0x3, 0x6}, {0x7, 0x1}, {0x3, 0x1}, {0x5, 0x1}, {0x0, 0x7}, {0x5, 0x5}, {0x5, 0x6}, {0x3, 0x7}, {0x7, 0x9}, {0x0, 0x8}, {0x0, 0x7}, {0x1, 0x6}, {0x7, 0x2}, {0x6, 0x7}, {0x2, 0x5}, {0x6, 0x3}, {0x4, 0x1}, {0x1, 0x6}, {0x2, 0x6}, {0x3}, {0x3}, {0x0, 0xa}, {0x2, 0x4}, {0x4}, {0x3, 0x6}, {0x2, 0x8}, {0x6, 0x6}, {0x5, 0x6}, {0x2, 0x4}, {0x7, 0x6}, {0x5}, {0x0, 0x7}, {0x4}, {0x7, 0x3}, {0x6, 0x9}, {0x0, 0x3}, {0x0, 0x6}, {0x7, 0x6}, {0x0, 0x1}, {0x7}, {0x6, 0x5}, {0x4, 0x5}, {0x1, 0x6}, {0x2, 0xa}, {0x6, 0x6}, {0x0, 0x2}, {0x4, 0x9}, {0x0, 0x3}, {0x6, 0x1}, {0x7, 0x3}, {0x7, 0x5}, {0x4, 0x1}, {}, {0x5}, {0x5, 0x1}, {0x4, 0x1}, {0x3, 0x3}, {0x6, 0x6}, {0x2, 0x5}, {0x6, 0x7}, {0x6, 0x9}, {0x7, 0x6}, {0x4, 0x4}]}]}, @NL80211_BAND_2GHZ={0xc4, 0x0, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x2, 0x8, 0x1, 0x1ff, 0x81, 0x4, 0x4, 0x9]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x7f, 0x5, 0x9, 0x7ff, 0x0, 0x6, 0x1f, 0xf561]}}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0xd89a, 0xffff, 0x81, 0x7f, 0xff01, 0x3, 0xa3, 0x3f]}}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x5, 0x4, 0x6, 0x6c, 0x30, 0x0, 0x24, 0x30, 0x60, 0x24, 0x4, 0x2, 0x6, 0x6, 0xb, 0x48, 0x2, 0x6c, 0x4, 0x4, 0xc, 0x24, 0x6c, 0x36, 0x16, 0x16]}, @NL80211_TXRATE_LEGACY={0x1e, 0x1, [0x6c, 0x0, 0x36, 0x3, 0x5, 0x16, 0x16, 0x30, 0x12, 0x30, 0x6, 0x18, 0x60, 0x4, 0x48, 0x4, 0x12, 0xb, 0x36, 0x6, 0x16, 0x4, 0xc, 0xb, 0x0, 0x0]}, @NL80211_TXRATE_HT={0x7, 0x2, [{0x4, 0xa}, {0x0, 0x4}, {0x5, 0x5}]}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1, 0x40, 0x1f, 0x0, 0x4ec2, 0xff00, 0x7, 0x2]}}, @NL80211_TXRATE_LEGACY={0x16, 0x1, [0x1f, 0x9, 0x1, 0x60, 0x6, 0x36, 0x16, 0x3, 0x4, 0x1, 0x3c, 0x3, 0x6c, 0x30, 0x0, 0x1, 0x6c, 0x2]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}]}]}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5, 0xa, 0x1}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x88, 0xd, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x6c, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x1ff, 0x6, 0x8, 0x6, 0x9, 0xff00, 0x7]}}, @NL80211_TXRATE_LEGACY={0xa, 0x1, [0x12, 0x36, 0x6, 0x5, 0x16, 0x0]}, @NL80211_TXRATE_HT={0x40, 0x2, [{0x2, 0x5}, {0x6, 0xa}, {0x6, 0x9}, {0x0, 0x4}, {0x0, 0x6}, {0x7, 0x1}, {0x7, 0x2}, {0x0, 0x8}, {0x7, 0x4}, {0x4, 0x7}, {0x2, 0x2}, {0x6, 0xa}, {0x5, 0x8}, {0x5, 0x6}, {0x1, 0xa}, {0x1, 0x2}, {0x5, 0x6}, {0x5, 0x3}, {0x6, 0x5}, {0x1, 0x1}, {0x0, 0x5}, {0x0, 0x6}, {0x2, 0x4}, {0x0, 0x6}, {0x0, 0x1}, {0x3, 0xa}, {0x0, 0x5}, {0x7, 0x4}, {0x1, 0x3}, {0x1, 0x1}, {0x0, 0x1}, {0x1, 0x2}, {0x5, 0x2}, {0x5}, {0x7, 0x2}, {0x1, 0x1}, {0x5, 0x3}, {0x1, 0x8}, {0x3, 0x3}, {0x1, 0x9}, {0x5, 0x7}, {0x1, 0x1}, {0x2, 0x5}, {0x3}, {0x1, 0xa}, {0x1, 0x9}, {0x4, 0xa}, {0x1, 0x4}, {0x3, 0x4}, {0x2, 0x8}, {0x2}, {0x0, 0x8}, {0x2}, {0x1, 0x9}, {0x3}, {0x3, 0x6}, {0x1, 0x2}, {0x4}, {0x4, 0x6}, {0x3, 0x1}]}]}, @NL80211_BAND_60GHZ={0x18, 0x2, 0x0, 0x1, [@NL80211_TXRATE_VHT={0x14, 0x3, {[0x8000, 0x43, 0x1, 0x0, 0x4, 0x5, 0x66, 0x5]}}]}]}]}, {0x20c, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_PEER_SUPP={0xc, 0x3, 0x8}, @NL80211_TID_CONFIG_ATTR_TX_RATE={0x1d4, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x24, 0x3, 0x0, 0x1, [@NL80211_TXRATE_LEGACY={0x17, 0x1, [0x36, 0x6, 0x48, 0x5c, 0x1, 0x4, 0x5, 0x1b, 0x18, 0x2, 0x60, 0x60, 0x5, 0x3, 0x1, 0xa430321b91b93a7b, 0x9, 0x1, 0x9]}, @NL80211_TXRATE_GI={0x5}]}, @NL80211_BAND_6GHZ={0xa4, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HT={0x16, 0x2, [{0x6}, {0x7, 0x6}, {0x7, 0xa}, {0x0, 0x5}, {0x1}, {0x0, 0x1}, {0x4, 0xa}, {0x7}, {0x0, 0x2}, {0x3, 0x8}, {}, {}, {0x5, 0x8}, {0x4, 0x6}, {0x1, 0xa}, {0x1, 0xa}, {0x0, 0xa}, {0x1, 0x2}]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x6, 0x9000, 0x8001, 0xa0c8, 0x8db, 0xdef8, 0x2, 0x8]}}, @NL80211_TXRATE_HT={0x4d, 0x2, [{0x0, 0x9}, {0x6, 0x2}, {0x0, 0x9}, {0x0, 0x8}, {0x6, 0x2}, {0x7, 0xa}, {0x2, 0x4}, {0x4}, {0x5, 0x9}, {}, {0x0, 0x8}, {0x2, 0x8}, {0x0, 0x6}, {0x2, 0x6}, {0x5, 0xa}, {0x0, 0x2}, {0x3, 0x1}, {0x4, 0x4}, {0x2, 0xa}, {0x0, 0x7}, {0x0, 0x8}, {0x1, 0x6}, {0x4, 0x8}, {0x7, 0x9}, {0x2, 0x1}, {0x1, 0x7}, {0x2, 0x1}, {0x3, 0x9}, {0x4}, {0x4, 0x1}, {0x7, 0xa}, {0x0, 0x7}, {0x2}, {0x4, 0x6}, {0x1, 0x7}, {0x6}, {0x7, 0x2}, {0x0, 0x5}, {0x6, 0xa}, {0x6, 0x2}, {0x7, 0x2}, {0x1, 0x7}, {0x1, 0x6}, {0x6, 0xa}, {0x0, 0x6}, {0x0, 0x1}, {0x2, 0x9}, {0x4, 0x5}, {0x0, 0x7}, {0x7, 0xa}, {0x5, 0x1}, {0x6, 0x2}, {0x0, 0x5}, {0x7, 0x3}, {0x4, 0x3}, {0x5, 0x2}, {0x0, 0x2}, {}, {0x7, 0x8}, {0x1, 0x5}, {0x4, 0x3}, {0x0, 0x6}, {0x1, 0x2}, {0x2, 0x7}, {0x1}, {0x6, 0x8}, {0x4, 0x7}, {0x3, 0xa}, {0x2, 0x3}, {0x4, 0x5}, {0x1, 0x6}, {0x5, 0x2}, {0x0, 0x4}]}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x9, 0xc532, 0xe81c, 0x2, 0x6, 0x6, 0x8000, 0x3]}}]}, @NL80211_BAND_5GHZ={0x30, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_GI={0x5}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x12, 0x1, [0x48, 0x18, 0xb, 0x16, 0x34, 0x5, 0x37, 0x16, 0x30, 0x60, 0x9, 0x1, 0x6, 0x60]}]}, @NL80211_BAND_60GHZ={0xd8, 0x2, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x2}, @NL80211_TXRATE_VHT={0x14, 0x3, {[0x0, 0x800, 0x4, 0x1, 0x1, 0x1, 0x7fff, 0x6]}}, @NL80211_TXRATE_HT={0x1b, 0x2, [{0x3}, {0x1}, {0x0, 0x6}, {0x2, 0x2}, {0x6, 0x1}, {0x1, 0x2}, {0x3, 0x5}, {0x5, 0x8}, {0x6, 0x6}, {0x5, 0x5}, {0x4, 0x1}, {0x7, 0x9}, {0x6, 0x1}, {0x7, 0x8}, {0x4, 0x7}, {0x6, 0x6}, {0x0, 0x5}, {0x1, 0x3}, {0x2, 0x9}, {0x6, 0x4}, {0x5, 0x8}, {0x6, 0xa}, {0x3}]}, @NL80211_TXRATE_HT={0x51, 0x2, [{0x3, 0x8}, {0x0, 0x3}, {0x5, 0xa}, {0x2, 0xa}, {0x0, 0x7}, {0x1, 0x2}, {0x0, 0x9}, {0x3, 0x6}, {0x7, 0x9}, {0x0, 0x7}, {0x3, 0x3}, {0x6, 0x7}, {0x1, 0x1}, {0x1, 0x1}, {0x3, 0x8}, {0x7, 0x7}, {0x7}, {0x0, 0x2}, {}, {0x7, 0x5}, {0x1, 0x9}, {0x1, 0x5}, {0x1, 0x4}, {0x3, 0x4}, {0x1, 0xa}, {0x5, 0x5}, {0x2, 0x8}, {0x0, 0x4}, {0x0, 0x1}, {0x7, 0xa}, {0x7, 0x3}, {0x6, 0xa}, {0x7, 0x9}, {0x5, 0x4}, {0x2, 0x6}, {0x2, 0x2}, {0x0, 0x2}, {0x1, 0x5}, {0x3, 0x5}, {0x2, 0x6}, {0x4, 0x2}, {0x7, 0x7}, {0x4, 0x3}, {0x0, 0x5}, {0x5}, {0x5, 0xa}, {0x3, 0x8}, {0x1, 0x5}, {0x1, 0x3}, {0x4, 0x4}, {0x2, 0x6}, {0x0, 0x8}, {0x3, 0x2}, {0x4, 0x6}, {0x1, 0x6}, {0x0, 0xa}, {0x0, 0x1}, {0x6, 0x3}, {0x7, 0x5}, {0x0, 0x5}, {0x0, 0x4}, {0x6, 0x1}, {0x5, 0x2}, {0x5, 0x1}, {0x1, 0x2}, {0x7, 0x7}, {0x3, 0x4}, {0x7, 0xa}, {0x1, 0x2}, {0x6, 0x2}, {0x5, 0x5}, {0x1}, {0x7, 0x9}, {0x7, 0x5}, {0x2, 0x7}, {0x1, 0x5}, {0x2, 0x2}]}, @NL80211_TXRATE_LEGACY={0x24, 0x1, [0x3, 0x0, 0xc, 0x48, 0x30, 0x3, 0x18, 0xc, 0x36, 0x16, 0x60, 0x24, 0x48, 0x0, 0x12, 0x18, 0x4, 0x6c, 0x4, 0x0, 0x18, 0x16, 0x24, 0x60, 0x24, 0x12, 0x2, 0x16, 0x6c, 0x48, 0x9, 0x16]}, @NL80211_TXRATE_GI={0x5, 0x4, 0x1}, @NL80211_TXRATE_LEGACY={0x5, 0x1, [0x5]}, @NL80211_TXRATE_LEGACY={0xc, 0x1, [0x3, 0x6, 0x5, 0x18, 0x16, 0x24, 0xf, 0x9]}, @NL80211_TXRATE_GI={0x5}]}]}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x7e}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xb9}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xd7}]}]}]}, 0x69c}, 0x1, 0x0, 0x0, 0x940}, 0x2c000) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='net/ip_vs\x00') mq_timedsend(r2, &(0x7f0000000040)="1fc747a18063b490fd8fe5bed7e260d99c0d630d5981e35bb38c433b8c62c505b0392099524b5303343332fee332db2ed81258219e632564dbca36e0461e1c67676ebca05dab1b0e64802b4c99bd419b56c883d05c6ccae87e12271e937b7e24396c3545be6cc08f017a92474cf08163ef9799272683501d6660", 0x7a, 0x10001, &(0x7f00000000c0)={0x77359400}) mq_notify(r0, 0x0) 03:44:39 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 61) lseek(0xffffffffffffffff, 0x0, 0x0) 03:44:39 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:39 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x8, 0x0, 0x0}) 03:44:39 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) signalfd4(r0, &(0x7f0000000000)={[0x6c]}, 0x8, 0xc00) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000080)=0x400) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2224.535169] tmpfs: Bad value for 'mpol' 03:44:39 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000}, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r0, 0xc020f509, &(0x7f0000000000)={r0, 0x7, 0x100000000, 0x800}) syz_io_uring_submit(r1, 0x0, &(0x7f00000000c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x1, 0x0, r4, 0x0, &(0x7f0000000080)="5983", 0x2, 0x40010000, 0x1}, 0x4) 03:44:40 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1e000}], 0x2) 03:44:40 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x9, 0x0, 0x0}) [ 2224.613418] FAULT_INJECTION: forcing a failure. [ 2224.613418] name failslab, interval 1, probability 0, space 0, times 0 [ 2224.615995] CPU: 0 PID: 11164 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2224.617429] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2224.619143] Call Trace: [ 2224.619702] dump_stack+0x107/0x167 [ 2224.620470] should_fail.cold+0x5/0xa [ 2224.621271] ? vm_area_dup+0x78/0x290 [ 2224.622073] should_failslab+0x5/0x20 [ 2224.622867] kmem_cache_alloc+0x5b/0x310 [ 2224.623738] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2224.624847] ? lock_downgrade+0x6d0/0x6d0 [ 2224.625720] vm_area_dup+0x78/0x290 [ 2224.626489] ? mark_lock+0xf5/0x2df0 [ 2224.627277] ? lock_chain_count+0x20/0x20 [ 2224.628161] ? mark_lock+0xf5/0x2df0 [ 2224.628948] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2224.630043] ? lock_chain_count+0x20/0x20 [ 2224.630903] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2224.631856] ? trace_hardirqs_on+0x5b/0x180 [ 2224.632762] ? mark_lock+0xf5/0x2df0 [ 2224.633543] ? vm_area_alloc+0x110/0x110 [ 2224.634394] ? __lock_acquire+0x1657/0x5b00 [ 2224.635319] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2224.636429] ? vmacache_find+0x55/0x2a0 [ 2224.637271] __split_vma+0xa8/0x4e0 [ 2224.638035] __do_munmap+0x365/0x1260 [ 2224.638843] ? arch_get_unmapped_area+0x450/0x450 [ 2224.639872] ? lock_release+0x680/0x680 [ 2224.640711] mmap_region+0x7c8/0x1500 [ 2224.641531] do_mmap+0xcdb/0x11e0 [ 2224.642267] vm_mmap_pgoff+0x198/0x1f0 [ 2224.643099] ? randomize_page+0xb0/0xb0 [ 2224.643970] ksys_mmap_pgoff+0x41c/0x560 [ 2224.644823] ? find_mergeable_anon_vma+0x250/0x250 [ 2224.645858] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2224.646960] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2224.648049] do_syscall_64+0x33/0x40 [ 2224.648824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2224.649897] RIP: 0033:0x7f00b63acb62 [ 2224.650682] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2224.654532] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2224.656125] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2224.657620] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2224.659103] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2224.660592] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2224.662094] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:44:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)={0x1000, 0x3, 0xffffffff, "d40e0727714f620d57e5b7547c147459ca73fd92ebb85359b69e88e633beb7a13f5a79e380a6a48a3884b5ed52fc1fed71b9cf62f8fee0e35e4d5221635100811f5163e8dd505532a97a0b1e549aa873bb228479a483e335c6a4f6966750993dbd7a130db86ac005a6c7c2b04ac1559e991d8a8a26b1617971c22564efac4c819c5fa0202dc6df37b5b0febbf6b34308cdc4301e9cbf485936b6bb08894139682f128d9dbb4d40948982922579908c6d977a630ca3a177a55b8b9e0d115c99b066f045870aa9ad77ca500e99b74e3fdae795d81465995eeca948f9c5c3885864afbdd127b6bc25916de9867dafbe39b48e68b44813ec000700e5e14f90ad4130a88c592e12a5f34d9cb3dfa4d416fd15b8d2835993bd2086b46b22e4a21a31612fc078dcf60a24087b29da52ee5d56e633cf3b092f43f9283085e98729376fccbebd680a6f5297b7a4138b9211a3ef246328c14ed02643c01ee4393ce8088090f7f312723826641ef97ddcab794f85d53c3cc0a1a9166df659d59d0ede49fc7128895e674f8d6e42c002760773eb6e47baeb86f8c7cfda734e3ee24e6ec76d3b9ca24a27fba5a35142ce59015c71968e510b22dec67db4fa2ce461779aa882033e1f43e5bb604b611c77bcc03c2a64d69902e0d1486f4910c1b6b4ef4d893f882f5b6292612692ec8003015d504a9adec74b77e3b67e6b3037706b9f6e04d3a7cdbf34318efcf99633debf72d6df0a06829a8415ae2d0bcaa5749e3c29cca9c34af34f12213e8f44f284ff3ba80bb77d64ce63e24022ffff8b8a21b3551192ee635b2718483600c83e1d4480040b7161aa076f50a507f70830b77e9b8374c7c3336b50339e32339aa6d639b5505d624b03f486fe2b8b7f1abd8264106931f1c530b61f40484da0a57a0ec3f00afe376e2bf8eb56663071cc8f1224da59746c8e981dd464481d0183ee595d36e8163b285d201beeaadedb69f63865c052f5af54086418db4987825ac1ef95ac38f0471c20c8aa69961dd9bd2341dcac6c89ac01363a220d9827a7ffc1bf72aba391910c4d5f7aff51aa80c8a33c0c8b9e89b3c9f154e83331f712f4b2ca95e430fb726a2131ccd8d206a25521d2ebd0cf709070f6c7228ebe5ca5d61ab30e568a69a691592207b4ab802a388dec4ac3c30170673a35f5199e66b46de91107d0718fc5205618a33a05483d01ad1f6dd52e463b1aee033682f5995494bb0f5b52b1818a8096b7c4e3f1beb9e705c9badbd082be920b7bd17c084f94fa4497d4526dbf1724946cc04f844176d12a6496ed277acbf52c93035aa8fde716df1ba5357d4898d0b75a6ca48a8cdd1f682796453f68a7331c709354140ffcd4e7d2e4df10d8cbeb90c906c1f1b67ddc305ffd73f5356170a57e30faf7055f9abf9a485098dbd066edbc32eadd729bf53ea40de07310cc2daf978775a4f5fcc297fc3e69fd351804d51333aeb0e6f13ed91442308db2feb08a641787391e67beccdd9227fb33472a73d6996afd086d668dcfa35bdfcaf1d6ecbbb569db3d6caa3c8f499a0d5ee038b2b219ab970a96ecdd54b076d4443693e08b4a3237fede71df6c9244b4394cbeb47219e5af0163f908594c851f5a45d473e5c9e5228003ac6c050463e7870022606e5e129f074f1f85654a2a6400ae7b80bc8408868409b5ef6ee59bf899dc75fd9ce3a8619f0518cd5eb629aa450ccb3b078e0ad7be2784f5a1dde7a2a2b4aa27a26ebfe09429b9564ce24d10029dfca2b0094e0f915bf8eaf34f08722ca38c6990d5962a68d2efade474a2c404696984c1217b07def68a4f9bdaf6f7af392a4ecb8532537f5ef2fbfdbd905eac892169edee7c363340b22d6ec07a20d5ce1e7934cdada412db8bffa98afeb1a7357d6495e43192a5072f26ff7b46ed70d63f3567bb07135b0610e6491ae824c027d18c9ae64ba2a9ff49b77239e17146af58c4ac631d39d9530043ca3d61b445aa4385d601d74254d77dad16afd7eec6eb9ef77b9975664cb99099b7c8c86458ef3a585588fd78537538318d35bcb92a20059324f68a50c385b6d45c4313e133b3ca79341ed942b634c02829b168ab34c5a283ffeb7fc991a62c4db07cad696134bf26f81f770e758f6d512a9f500d2826326862ff8e8f8663865c81e077833d22d0206ceb7d93127eb20b5219f2ea5dd520c3f066ab07e5fe5eb1e5e01a5e9ee2559be21f9a41505446c4dfddce682a981aea70afdf33b31070112be1b6af8245739da92fc5b304ad9b2648f922da810e223a967fc1a42e9a45d333e0ee57ba9e85d6bcdc5ffc0f1d9e0c24b2181e3dc5fce4c049973194e8d85df9a2c6936ff739bcdb349c3ba09720ddd6f23895fb6f1d191e41ffe0afbb644d51728ea1e09cd85aade475b3d2f7f51fe252d6264490a2ed71011f070f40528de2030a01efbd0190dd572e882f34642367a0f84d2df2683d9219cddaa5b03c1a74aed1c3f00938884ce50d00cc3e1232521364356983942e840abf7f5d9415d39b540351bba4a7efed6a8512993b52f4421cd8115fb3206c03154c1d992a4c10c27cc437f629102852fb3d692e69f4ff8fcc82bc12490af80aa1002f6a0aaa92a72ceed006263acaf3bfbf718fabfa64613354e2530fae03723f5a2d85f45a7f9aeabe2743eb92e45b1187a09ab8e9e0ae29d79e90e5ed505cee30df5b02189ccab510c4a75e2fead23c7fca714616461e73c39b618e706e8a89d9af172b96c968d4a3e0ca78d3b2fe50d3a4e7dee164c8975fff781fd23f15b4f8d0b9e2de3e3acb76974e151d3dd3bca3c90759f7c4c6c37551b04882aef3fa9007db2f782f60c8553df770773e3e6a5b22b2235e53c94c9d97af8f00b322c14b5ab95dd7c9fb1a78bc25a4dbeab7828313f496c6a308570e2d72c037cbe677bb49974f0faf3856fd0cc4292c548add580351595376c22a27f9fc99ac1014d1c4ce0f5bb7a47c3c36e4f1d26f021782af75bfd85bd531f83a16f7398f9dca824e45d415087c44d9b79205232f1beff0d26cac38ffad998dd41bfc64af824a07186c9ef86acfc1c8887680e580cf70f72f8133a2c6f879981d3b5cc248a09ab27033dae2584128d42345e1d52b199d503dde5cb351dfc38aaf25eeedb36932c0f4013e2db11545b7ef1a9efdf68e1c75b108ee58ef03f052e9b45d4bfadd876bed38b1e0b6f0678c56e448ea045ee39036309efb0d4e21985d51ac148a967f3d4a0bdd1771afc658ed7d3488e9ad9897751e52ae7db91bd240bc4dc7924debd78992534623a8a61358feeb7351152314ffeb7efc73765030a32bfe2c66bf6e58b7feb38e74c72493ee17023521f9f622d2910d228d09b8e172a0678501f40dd7010d0ad4acf72a3549f6bb9e287c075094e781270a4a981dea1645258f33313c0e6b97f849c2295ec5cb440c8c017e887147d693f8f99b44859bbf8add8b7171279a8bde346e2568692361978d3c5f5a24ffdfd547b9757cb776548fd99e58f77dc3d2b733ecc981b1f21081d10e7aba608eba280e603f1c557fff8b4e537d4d540d0a07f4b9b8011791128d35cd1907355f7ec827d5632a28b872b8588fe8bc3f4e5c35c57623c57828c980c789e753e132e9be7b39472658669c06c8ff6290682e0131edb78592698fd26a0466098fa091eb4a0be96b1c6409466e224510b31bdb1bf62bd33fa56e9a9c766ba529ca7b6a2111e23e14c22b9da603e843bb417c8beee4ec8923309e97454370b87691eaf6a3d078b54e3863bbb6f36a0ef4c3992c3791d642a0962aaf3f72791a10893f60c5ea6e0bed5057c264f11da0d3425780a28d377536d228766d2f8df50d21e6e673e7b366675f7f605df03457beaea0f814e7528b932c0fbc9984abc88f2b642afbd264cc7a9e9dae56bf041b169326ff8724f7cf28c793d5657f5bbf4aadce88afd1ff6e52d63c74535a2dd0808a3a1042d70a4fa98670098d9ed1f6df259a9c01ae148800d2ea67157de9fa49db5520609bd3c1f13640f6639395e47414985687f134de096f46c7dacc478cd1f7c75271a23a7376c200acf34bcc05d547e4bad629444d6b9df61baf270debe274d5588193c1a897023f5f2590b180da3060cf3a6b9d075b64edeb5fd7905b8f00243d3dc7781ec8a7364e2f08088d23f3af1728aa08267343c129dca632e872c787f3ef3ab2939fdb685af785ea13c2a5d364a33096f056a97290fc6f239bcc0f2ef0bb1fdede9bb1553aff856d3ca7539621201f32eaa97d4354e229b7dd049e97fc2344948e2a3f69e2bbe3c182a387dafc92801e9314ae635260430acc3072485a66e43f24d6bbfa9e0be0978c2aa4891ae689917fcc61fdc599673d2aee5de86d54349add0ab2c4fbe8e68b64b4aa6a0f486efb12dd46b63f82b2e61331c922a25e7babeddf20005954109a61930757461b98779e9e9e7b73654cdab4c1159640ef9b9f6712e4c5c09b77b0f43ec4a6bf17fdcc08cfef68dc66ed8f1411425e62002723239ac5f3bf55643e9aea3091108749b0e43b2cb07dbc514d19413ececa0e547e47cbe2de5e9f474b5cb2ed32a905d178c656ca790f5edfc9a5553f30c2488fb9b920f440b7d36c279a2cb705d2c033d42d16fe6d0c2d699461ff417fcdb2f661d380d42d83c75c43c76644fe5de7925082df8201ced3d88494c4fa077d8acaf555653c24d181ed3917ed1659bb411a4aa784551c578f4038553acb9c9e02381524acdc1d9649442fcc555388e43fb801157ba7611bbbec02a2f8dbaaf133403e24da711b1cbfdd7131c00051d2745deafdc31c9454b481e11aebce189a1d25e821250ea709123642bada5cb298ee0424a039fd4bda3d8571fad093e5075bebbebd3e0fe6cb6ffbd20429a999e65335052d92e18cce8c9df00f92b28303b3c2bc27a73bd9a3c88956236125f9a5f352a1e9e4c2fd8e85ad332ed08846b33cc67a0fc8952a9e9f0f60a3d5b50f6a2ee697151e0ddfa08f64c7b79a50f4439939529dd44d4d9c1436f7b755af59a778ba1cd51742fd0929fa44b68fee37ee979926ef5d47dcf854bdec4739985eabad20bb4cfed8cc2040a58806261c0715db20f8e658da8f1bddfc7ce0a8d0ecbcbd3423bfa2ef3100c00122346bed4fab29d4472c54e58a1cff7c6ea529d3d73d7252d353d33dc37b5fc9a9a1a3085ab8b6b482c0b9bdbaa0354b0e0cbe74e8ff24aea4b58222d4407050613118c3ca06cd89e22e52fef834c1c9ea26a53aa32d7557fe9c04f54f687e560e04cd4b4cf761fe22e54e933be1de27fe8317eaf89e9c2a605bc522af3ef0a33e1838f765e94193bab3cea982990536a272f377475eb009cf4aff3072908c2e2472e634180f91510932da12cd3504cdffb2e72c617b8c4a1d8dc985cb0aee624f38f6247968fcf601e8b7f5a09d507556f6a4c1973dbf10607cbad7563ad81d6341866a5aa63a67dadb403f90a08c683fb5bd2ceec848af4d0fe4c6e6bd85725e7c22289e9eb31f08a493cf72f85c03c88978694a363e795726ae56b35df5831133a03050610767a7398ff70e456999e197b8fcc49cd2015b0715d6154ae06da149d75b13ea3739d35191a0b91e85a01cb784a1a709bfce9e5ed6b41ab420c36be3014f2cd66db47cd90d20110e45ef87cf041f1dc1554bfce501e3e7ef63bf41e9522f8416c3854c856a6d2bc275325e1875ea8f54ed6633f3b11a84c01f77307206d87ea2496ec70d59e5fce28c5f334d1b801a6b44977e9c1367e05ad2f4dd92646b30143e4971c4c9a32993934585"}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000001240)={0x1, 0x0, 0x1000, 0xd5, &(0x7f00000010c0)="40708efb5e723dd3936c06d9281d5289fc13e1d5100f8d044a752ef8d6510109e9b0145d071807a49b0dd279623364274fe733d3afd8487a7c5dfc0a7226dc624c66d597a984fa5f770d3307536c6e41788f986aed5b13da51d80df58ae3e6ce423a7b40ba64f673abaf5ccd31d624a121905982bf755b31be34fd5fc9f612d6e7dd7fb574ca46260066fc41c13934f971ad95eeb1d732939893aad321cf9de25b15831ead17c5d0fe843e2f2867cf707936bf7ebf2824d93c339f39f632c721ae36a9464e8fc315b7273f3acd31112cb2fde84a90", 0x63, 0x0, &(0x7f00000011c0)="dce340f66e36da41f85bf02446e466a871b0e163fa9a89be5c710699d60c86055a70b6d8324c65ceba47cb7af7cbc3c35df4c9f2429928f86ef9ae7bc4bbd2e28df0ddac691c1b535c38f2e1f2eaa7a0b941bd3e2fe89ebf70d07837ac79663949efc9"}) ioctl$SG_IO(r0, 0x227c, 0x0) 03:44:40 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, 0x0, 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:40 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xd, 0x0, 0x0}) 03:44:40 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r2, 0x2286, &(0x7f0000000280)={0x0, 0xfffffffffffffffb, 0x0, 0x40, @scatter={0x7, 0x0, &(0x7f0000002340)=[{&(0x7f0000000000)=""/15, 0xf}, {&(0x7f00000000c0)=""/37, 0x25}, {&(0x7f0000000300)=""/4096, 0x1000}, {&(0x7f0000001300)=""/4096, 0x1000}, {&(0x7f00000023c0)=""/218, 0xda}, {&(0x7f0000000200)=""/83, 0x53}, {&(0x7f0000002300)=""/41, 0x23}]}, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0}) [ 2224.756484] tmpfs: Bad value for 'mpol' 03:44:40 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x1f000}], 0x2) 03:44:40 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) write$binfmt_misc(r0, &(0x7f00000010c0)={'syz0', "e4c927c8c527fcee9aa122fad8421823bd7b2392efdd93ca1fac6574c59f623d82c15c6a313ee37c279821dac57b86e9aa7fd48846a70d3df04b9c46be03292e2f76a512709d9a3a7f9e3d8c8c4bf1ecde4abf5a62deaa8ac6d1d8ab541e4df9ebe8c6fa4e58de43212198191df9386d12fba659bfceb8c6b685bd315df8a0dd59901a489a63b69474cfddc1ada5e695d35299452e9fb9a1dc19ff25205c533a8b9ce7e13e94c8387af8d666a1646be46feab16587d740be61869bec51370ff5d1953fcb2d05bf907074ae98d953eff65ddd7bcb23fdc567a8834b8a1dafe89b77283ac342cac86495293aca563a960ed1861e35b2a37c59d99c37c07f44bad32f46d262a3eb56f750fde8b6252accd01c076efc0935b6f74c0cdff68e4549f14bdacdac8f03be68da2f3969be3bce5a14d4c26553e2534083409fc675d24eff4bdee4fbd72ddae1edc99316c21cff33a05553085ed77232e403999c039a7ff9404bb800d3f277147721e4b3fd2c2b4383cfcf953c89d31efd86180cc4cd55059fe920487a50283a862be0eeef91f6ffa650a3f13077e36b093f1504c113a127560c8693b7db35a852b34c92beb306265b5a3ac93d5317e7e592bea76426a29a0cd7ba22dfbd97bf7d89ab752984d649ec045d617963af05dfff37c45000922ac48fefa77d21e610f8d4aaae6700f03be64dbc54df09ae027bbb9dbaedab7990e23b061bf9096c10dc9123aa162fe6233c1af0fb92057caca11debb7d0ef1cc0ac1419f4bf12b52f676a02e432bc08dfc1837e22f55b68f62109c7f59f5bc4d7da23fff80d89fc7282d6235a8aecfda6d90f659cae2defdc99e6d54f698df3c6ec7a869be3fcc71e182f5bc60dd307fe72df1cbe3d7463dea8dd67bc97c0dc95aa535f6aae04e03901d41f05fbb71f60dd884ab60085737166ef888d198522719ff218bf25764c62148ecbb2620a46cba24fb30080711567e9716166fb792b5ea1b00cadf20f225589211b9639087eabdba09d94b496b3307af197844d443bba086dc96230d9064cf7c530f823d4bdc1e5693695657c5dd51d4737c2c22af7faca0bba3a7b7bf18f401084d535e582e03246a7ea8be4bad197b3d2e20c9dcad375742ae6cd274547d9a7dc7c28459db49a000410519d8e815365306a8cb50792fc716b1a9a1d962b38ebd22c8ac8958f2d15b90eca94a8312526527c342723bd261dca38cbf5ff5180853ccca06676aaec164656b7ea6bc4274ee653121ab2fd8cb7280e0a18420f6dac9cd097c6fa4654e521ba7e82c7468ce3275f883b56e5d6b0d64a02de696f4893ca697ae2193933bbf14b607bc954c1eb01fd9666a4e2cf3dcfac40cc2a163adbe976de1d5dde5bcddc4f30c1dfb89112f43a94c0208b70a9f6a3339db6fbabca1ad20a78252aaa9a64c909817df77c6fa89b0163eac183f80b5dec7203f08df97ddf1475778ab87d11e196d6b6bacc94276bbbc7a3294558e841f7629eddb0544b9160954840fcfa4b73d2d185a6c13c56e15c287d61059a922ed4e18c35ff744b4062615fb6f9fc614a24481f11e7d6a6bfd7045878cb3430b21736a484c349d169ac1b4a60d817195c3e47a1a16f6b3c0dbbbc2722be050a06686d1ad32e2a3218101bf974800bda1d69720e641935a13b2b5b9dd46954de2f437af54a1cb03eb24c86e22ff53b4d8577f1ba03551de334f66ea905b3b956d5482899e1841cb10ed09d6517c1ebfc0c20a3aad2f4a1988037bbb30832bb388a5411fae08db117f0f1b321fe13bb60f729a60f1deb335833572deac41cc259893f55e4918647210ba6472e8d1136f88ccf02d9ec62ef60795840d4183bc42b03f1b82b3fdce82a617339737fcae2ec9dd8ab9319ce48d998d69b5051adc65d7b4dd91d7c6cf1357ab619e963ca3c30f8ab32b7aa7d36370d6a5a5b2ac1b437dcc615d760216bacdba559e48abf721fbb96d2073c38952bdd0677eec0d502fde684848f7a484be864525871c223c2165ca3f7ee6e385e94bfce18adf5e5ec26743bff9e474feb612c04c1ebcbe92363a8c3ecac1b716f2d73d97044084dbf74187a77433b8892ea839a6c18951cf9100ec0b4ecc02f6a70c428839bf2cfeaf9062463b3187f91712f47310107ee5475b70d1c5787c3b511a02b4899f7afea0562d5921657b1b59dd31671661e7f0e0eba0409aaa57d8744b8724b2afecbe0e33958f91813c84b653e96b61f30e617145bc5d071bd51d123bf2294c4e429c085203b8fa63ee3e81ae311fbc5fbeb128f66fdcad09aec158d36dda1da6c5bd6991d6aae2244a3fb164c83e1e414a7d396cdb37cd0a4f449d767a3498229e3a8b4171e35afb89083278c734eb7eaba2076cfb7092b50b79e2d448cd0ba765cb5f1ea3e302cede2839ff7202ecea7f147374abc5b11859ef6ab39305c39b6ff1ad57ade68716f6442d8d98e24d11c1f661cb3601c18b2a6c49fa53fc28fd79a2600797bdb871bea628380df21f71cfda908637833c7cc4d20cc9c8be5066b5ccc83b9310266733702675e260d778e33fc707d5490966c7594e99341bf7619d8d6e456e29eeb2ec22f951555d762ece9c7ed04dc02cc0db560cb9cf949be51eb1ea2686cbfb1fe6f68c115724392d89f89b7aec74aac92713c1c7210fbbfe2bd459bcfbce15c57e10d20347e0c2eeba35462691f449b853303746e8c57f91fd9d2d78785debcac8c1fab4ba116c84c0cd0468cc2b14e7e006a1cfd27c49f64b0179cc4a8d5869741ec18e35d763385b28dae9c1df5daaa241a9109527c58905b2824fe6094bb33f1cad1509215e7f9291fd66c4de6a4aa05901fdf507ce4a71f1c4da037ef9760fd8e29f1feb084b299b183a4706a49bf7a7f2151988d16dd08231d4362167a17b8af4dd05d76b0f08ebf7446a5de1dd8e2657540cf6a15c54ea815ebf597cc1efe601784005a549213e8e4a40acf5e1b9932f3bd99f1ca31d6e3cd1167901b4b9e268f13cefa50aca561d5af84c44775b38009ec5d0b3b42c2a5ec8d41dda25d480e0f32e3771a3ff0cbffa0d96686d9de26c5937fa90af9cc878eba62385763d099410a25ab87df37ed2e9c58f69b0d7db0dfcddf65faf20d92f0811b69ef32661b4d2df9edbf8b77407e998e796f72accf23f68538e38f5b4cab194a3f3a7ea53a6614ea36900064f2f5d77b3038b07dc9327499153fcaa2dd36f5a2fd9e342e2d1c922d07679fc795ec04aa623f4eff2bd3b6c2b927e1688a9cc1d49d582c431976428067340824406eda9e749c980d63e87e2d972db00a643a53ae174e821abb3e0364a187352c6a5b75070e4972e39e0656479031efb91361608092ea487d1db3d3de910dc7dbde4645442e5d686c6bc31af8d466ad79281a07b2eb377f771adf30f9d59a6e3e3323401ed84a18f131a251f15990f216d422e23ec4954908733c1b6be195f3c0b98b6abd2f460dc39c353b53e3fd73fdd9569b5c09f50a763ec55110723d9a7cc540b7ccc7fb616e828d5e29b9cf7cd012103a7bebd05180cd03a202b32386e4bdb5ca5de5c56d8219a9f26be4566ad33b797bb537dcc5d02914d38b62624b9be86af8a6f07b9f9f4a2b4456cd6c18b7645994d931fa813b18af477c47d422c8bed8f89030483ece6e5aa78e63deb47b93149156cfe1d0873952c154123a9a8f804848a652790b93659e6f47010c900507cc43caa03db7d1cbca5164c89f6f4b60f56e16ebf822a95cbf451518b93c2191a8c4f46ced6fc0e5cfc41ae4ec5bae9b0f9ae817531e18d7eaf6497908b6a3ab46eca3dbfa792cb19ddf2f7cfc31d50d35136cd68ecbf2fbd87be43353af0435a490a2d4d389db5fa37ea88b802b235d4bb50040685382956f2543707eb570d643f8c048d0b3e9a102c5af774660824b0cadef0e72771802b5499607c324ce9ef3c38e5801d7d17251455a75aff6f43986546fdd8b6a85619623e2baed7824311659e35835fee80e49a3a6505e0e93680f8599261a3071f8f12dedb6ade80dff4fd85c822620bafea60b255795534d90d2df333406d67384d787ef812ecdc896e7e8103c3e7db5f6a5ed6e72d4c252be2eaeac553cff8c6e23f7947e3ee1efb395fd935659d3c01df8585279003869b9be59cf58a6411ed73452ded522f0bf502245c65373c92626215ddae77f5efe33dc35a6b73c5bfabe9ce55d4c2fd010661afdee4b1cd310215841e750f76ea8d89c5109cbefda3bc79722f5c36ab025f9f8baf33363a8725be087167513cfa6ca66360e946ab2f2ad364bce22b362cc63e0006ea999dd344848c20d333dff77b19c66c167ae9d34da675bbb993b0107667721d0351e43374d5df89265474ca1de019229f6697079d3df9a2474540010478c966957dce58e57be5faf065fa053f256b9ab97fca2d5f1db6bdb4e6b69deb0f21e7a1c9efe7d640077263aad72249503ff9f7495d357e7f02628868105ef48fc081ec37cf5b63bb69f3e69a107a0c7ab262edc9527411bc586bb312d7ccb7d4a1528b1292e7a71998864196fb2700898c997405f062ec495695fe6778465ca76a7d6e46f0e26c41001adfcbc7b3105d531e8e66dc630cf676e59a18c18ff509d90bef73bb0c00b8bb107e21e194b3594e1d247517b805c5129001f2cb67bedb70a11090d97648f8d65c7cb54896f02774dd6fc748cd80dc32df660e341351c413f3b95f189fdd8580fe73bc45f5f531b77613988a1d9a673a169111ab822e5d6c1dafaaa52117b998e116ad5d64c1df47ca4dbcef4e743a05466732a2d3f46b6e411ad6fcd14263635e18b455fa2650462fb068624601387e33113b2d2a43aefe758d4727ee2a08a97778795156dffcd962e38f4eeeea769a356ec51af07f0a007a955fc5026e826eade51857b0c9e5c7e492f879db352f8880a93e6374857f0a805d6bd15fcd4b204db34a9ca42947922fd13e3fb7d4abca57fecdeab2ec703688842ba2ee32927bae75ad9f5d2bea96de964385988f55d6a8629d2dd696e7a5a34451178a2a1ba2b11807d2ae957225ec14e6507560075eab2f69b64ef89ff6598f3cf84ae304eab7eedcf8b1ad16e4b0b2b702c5094fb4ed252ece958570e0faac4e2fbfcb92e89167ce0c182881be55645ad9c0048c667b1c5cda13a2d1d62253eb8033d3006ad87a372a2dfdbad774cc04aa3a87c82f2ce1d8c4cc61986d5981949bd72be0c1a48785f53b0a6cd18dec144eb52c13aaf0bcb88a55dfa9537ed0a1e8246ac0619aab68ca5a15eaa4b9fa5f8d2410154013949ba632bffbcd79ae82d0401b3c91fc3b7060acd4c578f1c9baa15fcedfada8a5d3999133f9c97e67a08993734e9fb0e21f47f73d9ed32451d6afb49a9afe3ec15d6a5731dd4d21e1392b2ca217dc183f5dc42e60237129b934c403c370a19128904e3f460fef942305c8ccc660123e76e71cc6ac4bbe84c06b90054159fa74d0a06cedcb7622c4246db3137dc450230f16b381eec38e057fc3f62574de32ea842325cae3a932cef64dc112b8dad8d32054f3ca3b17af35e9aca9010005efd0e6be5a8bf211be90d3d4a487c018b692e937ceba0e291e70f21ba2363e55f752b623182398768a71388135667eb4f4c1ae0a1d4c252763a12bcff06c6e7016d8dd5e4ccec5742bbf80f730cf97837358d7ea95dc93062b8dd200d8e188996fa337589aa45bc33af648f198cb6878472611f73a798e0d5cbd0da68f740a1d740e760d0fb6f13e19788426d91e36f948e347190e344d09b1e01a6b04605c3"}, 0xffe) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2225.276976] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2225.276976] program syz-executor.4 not setting count and/or reply_len properly 03:44:55 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:55 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) write$binfmt_aout(r0, &(0x7f0000000200)=ANY=[@ANYRESHEX, @ANYRESHEX=r0, @ANYRES16, @ANYRESHEX=r1], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:44:55 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xe, 0x0, 0x0}) 03:44:55 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$AUTOFS_IOC_SETTIMEOUT(0xffffffffffffffff, 0x80049367, &(0x7f0000000000)=0x7fffffff) 03:44:55 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0xfffffffffffffffc, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$ptys(0xc, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, r0, {0xb0}}, './file0\x00'}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$KDSKBSENT(r4, 0x4b49, &(0x7f0000000300)={0xd5, "07333453ab7f8cb2e0904ec37ac3f05e27aed36963469bd7fdb6870cfc455b7d738f2f81fd375a65947e126b243f84f26c4c7f1bfd04d44c6ef861d6a38efdcf934a1b0fc66ea359b3468806464356942c06f45f24f9931decf905ab0384215da4b5b3712e5256e4e7c080692fcd9a33bb0678fdf6714f6e842c9eb04e5cb10440feffc269e1961c0db2c80f236d9a228c8a8d3b8536330ed2b108692d3f7a8d51217dd317dea021cb2fefd0c46fb44818ff96f7c9b3418c64b7bd195c2ff66dedc9cd87934e0ed73a9d7cf6ea040d45e44f860da8186167d9f301ea0700e0751cc16d03003c8e38575326daed1ff616a216185a972f8c92ccfd7bee5919318141fa79dd07c9a0717a0ac6d268182f6693a1e84ad1fccc92139831e082c6748b24335b7943ca016d4b4ab8f4894130073ae19ba045d2a76e6b1c0566e4218533f3bba7ca91effd0c0900c32029cfd0678d9e6ba2bf26fa71854484cfba380618876ab64d83bad56e75eac2f37edafac8f42b81e264baa3d308bdda1577412bdf64abb56832d2f2e4d4cb138ed79d1e48d3c685288ebbe5a5f1b0841e1972f9a0433f4281a6fa042f6be81ca4adfa4c388b2b839840974b716e6252d340a3c6ee5cad50f5650ab5444c818080c5b488a9d7ac6e86065ebb4e61ec25fae0dba144ff7ff835e8f470d0d78c00"}) ioctl$KDSETMODE(r2, 0x4b3a, 0x0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x6, &(0x7f00000000c0)=[{0x0, 0x5, 0xfd, 0x1}, {0x400, 0x7, 0x4, 0x3ff}, {0x9, 0x2, 0xf8, 0x9}, {0xcb, 0x6, 0x3, 0x8}, {0x7, 0x3f, 0x9, 0x40}, {0x6, 0x0, 0x3, 0x5}]}) ioctl$EXT4_IOC_SWAP_BOOT(r5, 0x6611) ioctl$TIOCGSID(r1, 0x5429, &(0x7f0000000000)) r6 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r6, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r6, 0x40082404, &(0x7f00000000c0)=0xfff) lseek(r6, 0x78f, 0x0) 03:44:55 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 62) lseek(0xffffffffffffffff, 0x0, 0x0) 03:44:55 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x20000}], 0x2) 03:44:55 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = dup3(r0, r0, 0x80000) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000100), 0x101001, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r1) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$BTRFS_IOC_TREE_SEARCH(r1, 0xd0009411, &(0x7f000004c980)={{0x0, 0x8, 0x8001, 0x6, 0x1, 0x6, 0x5000000000000, 0x101, 0xfffffffe, 0x1, 0x8, 0xfffffffffffffffa, 0x1, 0x0, 0x80000000}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r3, 0x81f8943c, &(0x7f000004d980)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_TREE_SEARCH(0xffffffffffffffff, 0xd0009411, &(0x7f0000056b00)={{0x0, 0x8, 0x7, 0x9, 0x3, 0x5, 0x6, 0xffff, 0x3, 0x1, 0x0, 0x2, 0x3f, 0x1000, 0x5}}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000100)={0x0, ""/256, 0x0, 0x0}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000007d440)={0x9, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0}, {}, {}, {}, {0x0, r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}], 0x0, "46dacd8396fe92"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f0000057b00)={0x0, [{}, {}, {r14}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r13}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r7, r10}], 0x80, "5fabd34a60e47f"}) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r0, 0xd000943e, &(0x7f000004db80)={0x0, 0x0, "b30fe6c7be681ca70e05f22414e2e3430280533d918f4cca07c670d768825116a0dd23f93f05661d8ef7c7559f378a46d2941299fab2e845a691a94ca8af878550198caecb63c4d4da0ad8c5f8c9c71fd52b84eae32653c858b600aac7c2e036f7435f48c823df5528f2de114c659b97d085bc028a1ad4a1647c3c8e80d8637159e69c6ceb46fc5d1fc8facbe4d1bdb2efb5c47f4f122510a9e57309f8c76a4b8f59378eaa0a85fa183c4a76b9cf810dd6b0c43cba0682b6ebc1466976e83ea802b4a72cdb8c71f04954842e7b56ba2c9c6ec94f19f340c6c5bdc3e7ab73cf612514568835459000e62de1ca2f876d4a89d3fd31f15554bfa39b053c95be2dda", "b96c311efdc1d60bf254f8b9507ad208223d30f169d6908820186865f7982348fdaeae0778f5c4e4e9eccac1791d495a415732b9391902c9fd353438e43d0bd3b4d000cca51bf4d3e0c0f5fb165e530cb8bd59cac305cb8ec2565a88174939d50bf7557da736f5793ccafe1a6b165179f40da8bb70250c6ed5fe71d69cdbdc9144665e336374e5626576d2aa42e8cf4dc7c7912f8c10ab7b4dec9a8598d83571f4a355a1b6fe80175b9914e25f389f9035705bb441e19172652741414e8afdbf1309b651e30c0ce0456d0a4b196d0558c80ae101244d7512674a29413e7b9908c59563bd8dd310a45aa3141a53aa71e1400b06c49b02a09231a5cb61985cb9c144c7c64da7c046bc7408163ef9dbc61b09140011bacfc968b7c7d0890c1c2276bdebbf5de7a1441b33e36fe2a06d281802415741f33133ddcd9b9ff8dc64a376fdf38e3f0b2d9d8303d912c7494acc15c277f3fde7b7111d45e79625af25441aca20d900d8c9f8f0a3a4399d8a989c77669a4320846ea6cde2be1b14ba493a4bb8fa74c54a68ec620d0d88b8a831ee768bf64ea3d9f51d310b15fd57fa5b747d182b8c650996e9707317b3ba5bc35d1f551bf61efa6cff2adf1e7a4bdaa298e8595950b1dd33bfa2bfcac3d812d347ff4a2ede57b65f489b601ed17ca5000972440f063f20ec4841f63908db31f33f1957d7ba736772461a9d220e5fa9ace1008c4a9000dcd84d174b0127d8384921f57c4b497c386806b0325d46be41ae83f3f79686f05a0f53f8e40e82fc257be6718fb02b8622a5642cc7a7b3d007b5c4b14d47d258282013fe0d5509e981b062d56753474de2a733da19c107ec83e2cf8682f495f1bfbdc303713da1e6a0822e6758fb1243d6695118090c093036aee19a2615a2bb15485290b9ac80953204a37ba3eab3addf4c32ea9741456cf6b404a2468cc3f3bfcec8fef2011113b64d672d3b71f54f6bd524abc7ce9fcb0395986916aa989e54f0e63bf4dd38e5622c1b8cf50214c1d6e9a195a031a15fb4ef658b66a86141cb9bc2ae1232c81364744dd139d53e924fcb68962e91bea0b4676534bcad797072e789a2b4b1046e98483d1770e7ffd1e16d4ab33f8c427563350934fe329d2c8845494b1d3da8602c46064cfdd998aa3ed022bb430d50c078bf83ab07f26eb859334abfd0dbc1067a789604bc530b6d5ac9b245a4d8b7a1453b71a79d2da0ee0d2963a7e32fff00c84afdd99b830550c089267bcb42c6ae03c3f8eb521758fae51b8485fc78eeaa9e5ec6e3db7d5695ed4926202c58a55cf9d67ba16e322abeda7dd035c4a9088eb6c2cac7193a8aaaabd0eb0ee68826c039fa68324e1572ce1864c5c74f006c2a649f0dff045aca1d0cfabdc8fa10f2f32e9c77d48669c75e29c34cafa229e94a90a265f182b44c3b37e9cdcec30f8ac26ed9f266fdc63b4829393cdbade14b19631286ba50b3cb73dd711269c12efcdf1030309670c098dd05a110097e02655548ab355362dc8a538cd1e0a969eeba4d6135b94a5b0318b897861218f44be981b4b7d9db82c165d62aa04ee7e1de3a6bb35c78224e4c54e745a8e0fe46cbb1efeb6730edf2e6a9d85714d996042aee40ae4b3df46f2173605f14810a8a4d3fec29e935879c7e9d7ba04a474b2cb049f55f620f132badd57fb5014733753541270c5babe2f4b67f0d650d57e9f6cb968c7186494dbcae2b4a686fd45d4b876fc6426762c02e615949376a7dced35931a2d8453a3314a616df655e8b76757aa524f8d2181bbf3a16a7ab5baee3f0e895dfff9544ac7d45a80c0900e8bfcfd4234010d6062dd8f315a71d4de403aa4cad4eaffc7b9d64e9511f64c4ad0746f9135e0b2cbd269884816fc7a637b13b1f621944ae379bfcc41e56ee4f7ff3dc32021ec2ae07f2209a966884ff1d40aab3eb9ee819ec9588fc32d8beb4430299e64cd2b3f173e90a4e1e3654905b208b89401524f49b2e1f8f13321ea05ff7d4ad8b1a87b5973bce08cbb23182d0c417da0eb7abad953c7a0b36f7afea091727eeb7c46df666cc67361b30486847eb0b2dd787627d02480f95a58d36c9b53a19f6cc5fd66e5fe4d0c1feecd38eea9fa0113573893a53b4d8875b3e64bcef7947c104cf019e2916b06b3b04288c7eb7cf1bd79ffa7374864de9f9f1247b90728df9774ca2c95d5de608f054ddf50ece48f6945c3b780954434ac22e0be3153404167611eebcfc7ff82f065e1a218da81839ed42fb8301449060e3aa321355d9da246af3bbaa9fb95049ff5640bc1d420267f570f8b41504b95ce3bfa1c1daca22f6cd4fb06fd33c495370104ad01e043095c55d03e488e4a9a32b23d8649ad922f0df89c05a47fe0baae2a003ff4ac9e68efbec5040fff33ee6c16238439bc410015cc26f848818fde0e16197fdd2eaf662596b20e619b518bc1d61d829678eb7bd1cc2ee936bf52fb96efca11060ba6508377baa1463cf0544225e00559975eddffd5f5cbfc2f0327603fb88ac081c2a90b7633211b254c486eaf10670bff4ed1143e4fba655693dcdf65fff7c65873e2385e8d3eb16190c115259c3b1525a56b8bdd7c39e3938b59c93f99888b2e98d36b94f5629ef11260f0e6cbca6980323be5ee514139fc07ea7088e06e0f646c27004698900561dfff9550956287cec1625a80547fee2edf7ce04000d85c58517cf457c4c2c0d38269b73d4d4f8d864fd44f4d18ac00b21682b13f2ca0f16d5f9850a2437f8f544c22900d1ef82f226fce8adbd9b5733208ed54e456155834577fb9f45db5b1a101430b8a016da006bd043350d5c94cf240336f372f13449f218f8d241b68ac18a8442eb8c9d01073567f022be30424f31d7d1f654e0d11ab04ffb97a90cf1fb3dfb696db2e691c42f0ae154255a98dd1a8adfb7335a4d5ccb21c498a562fdef65fee25a2d29b4b77f7d0b835c5732cfe7db0afe26e8ae51f36b8b2b4712175311bf11dbf8b68702f9ab9105bbed7f3fa07c621337f83b5d671efa5d5959899aecaa78982d0a9753843f39bca632e65d3d25f04d32fe65f7c4e2ab82e37e51532537b9fc0fe423b9c99b8de0333848ac05672cf98ef662a0f09eeb86ef558b049b824cd5450520e9f0fa6379c5ced7b1468dc27f408d0cc5f48ef159a571b05bec7c7195f0073c20a53b454b50b4af9864648440037134de310096a038f2e57878c72e5acbd78b0d6be3f781939bfe89cc3567e3ef8be7cbedc462dc72fe30368e1898342f977b952ab2acbd062d9509f81dddcb05b0b87cba92644c750b734ef6d6a8408f5cc1dc13883d878738cdf31f1e6cdffc3d896e1c87b4872d70ba02d52bfe69ff7b81233ed269ea8806d4078587c20d64a5bfa32d8a62f538cca0d4032767531aa7b8304a7861df5800aff2d7baa0d797a96f1e92a8c522909249006a4f784a11e451bf4d7c9f824682b78909c2cbb39498960d47ff55dd375c2859d2147698b6348e65c3aefcd09b02f54c83428adbdc26fc67ab60fecc02c525f4b13fe2cbd6680af9db1a36f7a0a4539d53bb8172a376ccc1377580c1977cc2e7be00d85815fb4999dc75f5672bf8fd06e1a3db2024daed6106f1ed1bb98b90434cf63538d2727d0ec7d5722077ca3251c46467de95851bc10d2651f1986248a51e29d67de1dfb1234cfec772a909da97512cc91b31c3a5b3f40b5b7e3e12fa5877620af87cfe44bfd50caa73b770c0ecdaa621524ad0953273396a12f77a011202eff575f4f669efae0edf884fd1aaba5ee2de9aad680383510f11074156ef14f0b915ce014b60ef9c9e2b2179c36130db744d9e32c035442bd8a8e6945dd5c9491b9ec46a1c9b90b9d90510cab69bc8d63428ad91f192f684be0c5629259de1f6fbdab7e5737980a6e51da5ffe923621aa28c15c93b5fcedc879c1975f2f879d50db79156c72f965dc555b4fae029c84eebf9664f779b3937c7fce5bdb7fd98882d79202545c3de5b6a6ab2ea913dd6d00e7675c6de37729cb92e189128251ece36fa57e6d2a5c1fd5272a1a648fbad0aa269d9ee16bee224e29fff648e82535f808795f3bdd11196eb8def1a3d9bc78dde45fa8464ca328338e91d72e8a74f0473da51eac665c0e41ff670408c83fa2fe0bafa26ac722481125b5493c21fa09107236df76e44160c8f9699400e490e335d99110b8aba7c765025599233c5375cd9de4c1ab3e3731794c330ed69645b510c28026929bfc81b1bce3ddc6a8a9ff03e8843544922dd6fe69d6456d917749c97d3726155920c296b07ad3748e98db192ec9ef91afbac4b7c09e29c2d7c013ba0c14c29edd47796b2a28c11223afbddc584b09bdedd5ee8349898e8b20380db1309564621ac6f3f59366d781085ee16b3da4cded0d8138cd2b0cfbce5c579d94fa99dcdb394dd377d140a1e682fbaade3fb7fd437af9b571a4acaf8629563f73aa0ac6fe01ed7028407477aaa80e7bec217176c01739208f55961e7a4396cb36c5270d6068773e736108fd38932a223055d9cdad7d0be224884055e6e5971cd5b2255319c223822680ed4ac3b67c1703e561510504a908920c4ddca5220a0de7d2b281cb0e557ac81a7baaaee7c674a46811cf8d2196dd7faa41e0e8725e981ced935ab58cc74ec81eedebb46ed072eb165d4bec1442eaa548d80719979c402fe311e5e2f5f2685f4639e3f71f7c51cd9642b68c57e8d509cc36d43adeb1030057215a12dd4611df48bc2bd8594f97cb5cbefcac0a253545dff36569b729f90a2c8a4883e9fb49a28ec26c2b45e9a8691e0ff65fd49f2a28c320eea47307ea5a64a4af66f71e76254ff0881f6fb1d91715bc6f133bf79426d36f2d8b78150f63438def6a3740f4b370dea890dc307a2adc338437cc885c659d7b7d7ce363d448ddf4cb298b9f5a1c248e994e0c2b9f154f0151202adb924af5728124703f49fb538da7ada83cdc8733e36c571a12414b9ce16ef8270ca76a3f1e7472ee8ab470541a8c96bf79a80334e37e02e27b6f0a43cd0a4ef6fd904831a2fed04542064c7c3715f783ebb7fcfae1fb436d0d59ee04b4cd142a276bb49245008a4cc48d145dcce55288e99a91fdaa0d8ce4cdb4fb848c75fc40b4448ba58e19bd4fa30904f282c445ccccbbf5c0b377f402924327d40c2bf84ebeb30a40b88533eb69a3b47de0aed3975e0a54419433125430d432957e528d4ce591cfbece7ba8576d6319ac8a1e89ea2fed379daaf025da69703d18117afceb600e2fc07cad04f869c564b4b91ecd859ff02da63f61f0788e320400cb3846233110fec8c414b2943baf392005ff631dab03d2cf7d1d3922fc1b7b7cca4dced6c8bc322d425daffdd55906629a51c76f657008733c47079d00bb1a5a11b7f9a2a19e30438ada63a9ff411"}) ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f000004eb80)={0xffff, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r4}, {r5, r10}, {0x0, r15}], 0x2, "c8db43ac7871d4"}) signalfd4(r2, &(0x7f0000000080)={[0x8]}, 0x8, 0x800) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, r1, 0x0, &(0x7f0000000000)='./file0\x00', 0x27, 0x8001, 0x12345}, 0x94) mq_notify(r0, 0x0) [ 2240.111813] sg_write: data in/out 1717986882/242 bytes for SCSI command 0xff-- guessing data in; [ 2240.111813] program syz-executor.1 not setting count and/or reply_len properly [ 2240.118049] FAULT_INJECTION: forcing a failure. [ 2240.118049] name failslab, interval 1, probability 0, space 0, times 0 [ 2240.120460] CPU: 1 PID: 11230 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2240.121953] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2240.123679] Call Trace: [ 2240.124263] dump_stack+0x107/0x167 [ 2240.125026] should_fail.cold+0x5/0xa [ 2240.125831] ? create_object.isra.0+0x3a/0xa20 [ 2240.126787] should_failslab+0x5/0x20 [ 2240.127581] kmem_cache_alloc+0x5b/0x310 [ 2240.128445] create_object.isra.0+0x3a/0xa20 [ 2240.129359] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2240.130430] kmem_cache_alloc+0x159/0x310 [ 2240.131297] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2240.132396] vm_area_dup+0x78/0x290 [ 2240.133160] ? mark_lock+0xf5/0x2df0 [ 2240.133945] ? lock_chain_count+0x20/0x20 [ 2240.134805] ? mark_lock+0xf5/0x2df0 [ 2240.135584] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2240.136689] ? lock_chain_count+0x20/0x20 [ 2240.137555] ? _raw_spin_unlock_irq+0x1f/0x30 [ 2240.138490] ? trace_hardirqs_on+0x5b/0x180 [ 2240.139387] ? mark_lock+0xf5/0x2df0 [ 2240.140182] ? vm_area_alloc+0x110/0x110 [ 2240.141032] ? __lock_acquire+0x1657/0x5b00 [ 2240.141957] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2240.143060] ? vmacache_find+0x55/0x2a0 [ 2240.143902] __split_vma+0xa8/0x4e0 [ 2240.144660] __do_munmap+0x365/0x1260 [ 2240.145454] ? arch_get_unmapped_area+0x450/0x450 [ 2240.146459] ? lock_release+0x680/0x680 [ 2240.147291] mmap_region+0x7c8/0x1500 [ 2240.148094] do_mmap+0xcdb/0x11e0 [ 2240.148828] vm_mmap_pgoff+0x198/0x1f0 [ 2240.149645] ? randomize_page+0xb0/0xb0 [ 2240.150487] ksys_mmap_pgoff+0x41c/0x560 [ 2240.151330] ? find_mergeable_anon_vma+0x250/0x250 [ 2240.152364] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2240.153467] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2240.154542] do_syscall_64+0x33/0x40 [ 2240.155328] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2240.156408] RIP: 0033:0x7f00b63acb62 [ 2240.157179] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2240.161017] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2240.162597] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2240.164099] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2240.165581] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2240.167064] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2240.168558] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2240.176790] tmpfs: Bad value for 'mpol' 03:44:55 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/keys\x00', 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f0000003500)={0x53, 0xfffffffffffffffe, 0x1000, 0x6, @scatter={0x4, 0x0, &(0x7f0000001480)=[{&(0x7f0000001300)=""/42, 0x2a}, {&(0x7f0000001340)}, {&(0x7f0000001380)=""/97, 0x61}, {&(0x7f0000001400)=""/110, 0x6e}]}, &(0x7f00000014c0)="498acb3cc61ba5aff96c9004c00c54333a9c0af373fd77408c0165ad850313a0d49e1a5ad99c7ab9a1a78296e9aa00da19dfabffbec023837507b9e431123a1641d5a1683566f2640f066dd7d138b8db5d7cac0f025938ee620175826dccdfc287251bbd543be7fe29d7681bb2cc26db3507af19986dd9c14fd7511c440e84dda91e1b182f21e0ac4cd81cde55f3ac58d302e0c004f32da5a0f7c66d44f071f98951e1d763565c14f805c458969ff19cbe5048ec43551440e5869e23940ca9c2a3baf353d90d7f79a88543ca98bb9af7ac26a0ba03885ef8fabcc3efffafa5b43c49d7a443d22f9d7b8fe540648452943b0dcb270c1d7a055c63d1796f7e09f399d05232089dc943bc178bbd379536dfa9db0b1c63c4d629e23afde918da70baca28bc07fe394b4c2863de0c64316ed92a4c68d22123cb038ff938c4ce650bbce70894ace2b494b43ecb37ae89fc26eab94c0eec02d5ec5dd4bdc704e8887301f767dfe19941d82b4fcdb8333dc53261fcbc212ef20c0261aa6206a287761882152a154e53c437257b42dd989de11ba22f8d60866dd527cc0c4808a0f021155bdbfb669efe13abef10ffb03abfc4d4bc2cbdaac585e043613715276565ab76ce600b3a84a691b2616528232cbb272f798956a9b1a3c251bb2ea535a20b354460d0b2819aae955f26ff4d3a5726745c45ac4946c69dd3851c52920485d0f288b2d0e1c90cfee1a46e943710f7950832d111be4653b9622d856547f37029f73ab5b5035a88b470f0f335821b51376eedd346494c89e8ea1cffa31f9493f4aba240b91f6b882b6aa219cb244020541a2eab16a2339ea1d42abf1666fba50ed0e36f758488d508a885e6ca65c187103cbcad9e025a53de1181652cb47b3d36516506ff1717faca6dc5a4092df8ef4d88503162c029d30e7747ad2d34260faad7f85c78d1f596ed5f3937d37a1fd9d8a8fc72d8870a69f737010ef186811d069f865ce1477bff006ddf6d399f31da318c87acd60f25d2f280520138b645673a4005d998a46ed8d2836f9e944b848b96b88d1863b172858ddb3b001dc6bb7e48976ee5968d20aa1dfae77e2217ea9a24c18f470218cd0c61132189f5335aa4043fcbd68b04111f6038dbd50ba9118c2cc3eee7db55bd5d111269eaaff9711b00dd22291c1eee905c1887978f8860f818463fdd4d854677a5a66fff7c9c9daf9f5e0ec87c69d53b3b6a17e7d7a123323a45b08d4b80a0ec99dfd26720c84ed96281f786d65a09598c2a5da9c80ac0df6ea52a8f5268e9381e9571549d41f2c7555945373af66d0c87a32b857864e2af0cd0c2b2a886bdf86cdabd0ef49a7e08624caaf4dab768a4aacf6251dca9babfe33900831903766d0b03ce89cf3f41b9504a0f9cd7eb5d79972aa6ce44164fe24955e23566f82adbaefa507be79deb75acab146813ca4f719939cb4bffce007a421d539aa24152a68b615b1e944a7d50469b8fef523c9d749e147487b2196016cc34b8552c35b6b4e2b1f40a7b404c1dc17024bf995def6cf370386838ea5098905c23cf7363e58b63e234da29930d30eba0f810be169145594a1504368c9332b8d12f2086c2bc8e9e69ef7d2ecb114d2975fa6690a509545c89d208ea3c19864750543ed022e3f243a92a00c95c9eb58b10e5e4aebef015a2c0af3c79dd6246e283045bda6d950ee1b26341ec7309f180f0403736305cc5a1f1c08773b5228e451ef948f7350b47b52b348f0557e6f010483f009a30fd40dbd1a7d7b7c82f8f42a07c715d01bf6cf0ded7d3026a26f9b942b25a065c8e183be73123f50676c41ea91eecef1e3346a89b47bcd281ec0719c97935e21d4053136ace94bdc524afddcd4766ff780f8ff4f115ad3ef7819b56d10d50f99b0e88385150885500cce2d54f8988710be37d472e71562ff468992ffe42b95c930d02864b6056f2142d31f27be7fb298b23f3587ad40a389131987284a8ba2598e21cc6793ffa2640583d11185cd5bc4e031b67c57482015c581a636a79715cbeb2400aca40b9882a54b6fbcaee3369f53596bb12bf2cd8168d01a4f04c81c4afa9d079f89a3ae30fa64436317e8bb8d71cf6a47359e150c28f85103ca4d0a2018e987212d5fd9ac63754963bd8926883681cd64c264419a99084e887d8b667ca0d460f1c645037e51a33ca7bf45ae1c455faf2f8f625be740ed910c89ef8a358c2de160aec23658c41cf401a4c9338588b4c57e1f49ed4ff7f74f9ec6a1e515cf2a6ba9abf59c48dd9cbf1390774482477bc8289cc37254175788de9b79c53c07d7cb6137971252f6eaab68399e4fbaf3a9864e169f4a06f6574cc826a3a37c6ffc107cc02862399a7fdcc2ad9d4f0db4dc4ceba83bb3b735e1aae36d8f533acbaf68c9f2ead6c52f4e8778639edd4424a16223ea56a4c965a4057f4dbac4afa3b8fe0d017f6b96c4946d3d310d244813e473a6976c806f45dcfb930970e31c12c7980777b431e6948d7d5647a74f286f3d2419c139f59387cc2657b1f875159990bdc86899f227bf07208ede2b224fdd9eff9725e50c441d69b230ab32b8b3e89f6ecb28069dbe10254f70a10962eafa0770a4b99f27a4c7d5218801ae6c33699661dfeb9ab67038ec115755ec71f10c8e285916dc1c4ea87920da3940dd1d73cb2a3b4adc23e9c059322acd6a7ba87072517fecf4cf31136887430b87c023c034d02327627bac51e424114e869b34656f3b21c7a407da534fecfd97ad370fe6385161e43d9bb0855336937be490116290225fdf55da1d4eb24e7b9409681e245d0618395977f7ac74dbb3eef04376eed9309b5db5087ea04bbca7c8e356b279d04c179649c095e326ee81506535d35dc933ef4f97da07684ab414fd5d733a5c6fe9d81559bc9aeee788d53af887d87ef551e9bb261b5b07d9562546ea762cece53e793ad41606a850ccca1966b02a8342e694594d02b6a6613909cdab297bd471289e04833b9b1a0138df112836a2c5270b34443d255f7877748ed2cc6922d57d7ffe9e2a5a7df1d510e02fe76d126d22eab9ad96b364d76165cc0a57a007d651d2f032135d834e177a3c0c3f1d48e885a2ef6d14a273a39172fac3239c6a5ed108e72763ecd56702537d64ec3f7e7bae60fe256691a3181e21d21d4110a7e92e0169f6e1a8d107fa1a7819e3c45bb7aa9b1cb783606e4ee94cf267927ca3730f4600b3bffe92ee7d1e5a3507f10b8ec6bbf4534a00f6779e1a4c00b3900182b69326ca166cf945ffb317b3caa197dbbe93d42eca23124ee466c6800f983b816d02635916bcefff651697327b228a01608bc5d5cb336be3a3f3c64b0c82c2e21b4a6e589b33a73413c770b11cd388b8f88ae9c7fa26c3574068fad7963dc04372ef63ce4664d466990642b9f51c36c1c504a5e3aa6e77d7a415cc12d8ab45b1cbee12c03b44d39a16e206c56d329a1f46f68c9f59c815587faf7bda786276ef5a659e7a2384db6fb4f8d8d74524a8f8872a2fc333b2955e97ec9cce31f9a349a5e9bbca5940620c5a38ff3c98f9811a3aadee5eb622cc398f3d160fda17848087ddc28f333fb252730a8b7902c6e202be311da4cb8a41d2cb6ab6077c07d743e028a031ff0a8659ae218630a0d4f291b506628ca423abbb947b47211bd8c5f4d1d6cd2d96b1cf971a9845c6c3767704b1f8501851855d3bac1cdf8a892dac6a4d88220fa6512692c235543b80efd09c160a99f622a2abe1f838b4de34473ff892c0a043849505bad015a3e35f6ebcb5955caa99e9917cbdbcce4d3d3011f91bf04e4f7a09b106d8947e2f32c3033e98a850476fc2f1fb34c320afb1fee9070b37e50b1fdae4d226814ec094111b27adea8eb9db9f72fd52d443cb9530680a166875c84a2da1a47a7f880c742b5456c6345f87428dce17c362164346dc90cfe2ed3ae001bc3960e3a3bb49451d12f01a33673ad721a6d353c56dcdbf156d15b31b95588191a0f1543638df9246ea8375b4de5e16d3a222948b804ed74148be20a31efd5435753ba5d60c852ae56780608ffe8e409e04f0b8e41d0fe84366f9765ac2bc0016f473da4a0641e77b94bc632641db7c00acc8b4ad1e3607cb8262972f4cd4a0531be89b951fec8f7fdc12ee8c66ff6a66a6d3fa11a695a38b8af019b7f8b5c146c990d1c453f0c86fba1369a7b6241abd6594bacc6ab92bb595f559d306a8d2937a361efc43d1bc8587920f8621bcf5369e4c229f8c1656d1d15eaa8d5e5cf03073d9965916fdc0a17739cf2b0e6972a8958958803b9ae52f710612b4572fc29751683ea568ebb07976b016e979da49c9d181d0932f95b1b793f25a8fc1e15e6bfd06884cae4502d3be559ced3b689c3436ff9930c307118bea34296f60a8a76735ae7ccd7accd7c0d262f8de917db376f1bebae2fc0c5f3269f8083e527db170506773b36f9602af2579a7a77867779a68c73f44f00dbdff52e8ac8bd683da7696f676e6334ee6ecce2427ad91c978d40ed78d16ec31085835c0e4c54994961c364dfe92676d5929f29fb21218111756a4053ceea3ee89e60c2460e1c9c5ca6be3f866e020a63a0b86321b546d0cdb753f5c2e47b1121603b57034c02675419a3c591c38336f75c58e96f40737e83691bd21966496442dd2aa832a1d6a886323bf6e2dc6bf7e6df85e09be72fbb6e2c492862b5f552ada998071f7fbe489b52eabf8132f53c3a6dcef31ece9399d80d1595fdacc1833857aedd4ce12a575864de8a16f114d472265e2b07888e6b326757f09109310b1a97890b54033be9339ece7e552762c31297232842b7f79299f5843b43cd1812eab6fc4e8954cfffa09289bbcfd78149244a872c89d7ad9ed577c992b7207250a803faafec746aae60eee0fb4ad899c17266fe8a650e3439a32ab1cef220b924fa0c01378fa74ce18280bca7e5f33308b5a2ea26f4ab2cd35d67724a8a575262861bc7e1d6158391d6ff76ddaf13e343081e216a40c9bcf90ebe87e366ab2cde6eb00c5a85efcbd093f00228ef5fa655ea3e7f6042ae0317535c8c86a3a887feb2403edb7ecb52bde4a6cfaa1826f2111a0523b800829b8e9c0537ace979f45ba95883b89cf4b3629ddf4aaffa8f1c9d8e4fcb4acffdc7c181e2bc73131aaac2266937c0564cfa8b95a77ddadbe897ec13b1028a79eca1df85d0b7eb878721bedf8bd748d03fd60d7859c6edc00db26840269c561c5c0a59c3e301824edc07f261e3eec9c380e2381449d2b15f8fcc40cdb6292a3cd58b45e6d009ccaa79995eb599067f0e4a350f51a930280a2919194fed649cb2062ec45b280c309b35f40fe7aad074eeb114697ac6d7dab8ed8b40d153fd0a5cb0321a1f17eceeae1dd7f3c98c7b30b69563055ad12266cc8c2202700eda077ba670dd45fd3055f7d99d8ef44a00c66f5f4b60be119c12f5a5b2ea9f6ba45f91c59c1f74389b928e94381471565d260502e9efa73fcac86f6cb0ebb80241f2f90f7236cbb8b2641544f45e7bb8f8fdeca6a54df4bcd89e4f7e1191a1ac4ad2a8860869b7ded0e090d03a4496abb9210a38353c326f90381e7dc35c2bae7ef51663d9ae1a8eeec49a8190eac0ee03e83747b463bda26e177362b07a19bf0ff55151eb149f6c3963ba909ae7d756c17e2d78bebfe3b44e5ff40c3dabf6d8c1493606ddcf05d5e473f6223b04d04b3bedf08206cf56e4e4dc081d7e195a6ed75a4c9c50e9e144598ffa2b3d3343cb02ea7ec65f9308001236c747df495ac717e03febce062f0ca0148785b01d0f7246", &(0x7f00000024c0)=""/4096, 0x2a, 0x10002, 0x2, &(0x7f00000034c0)}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r3, 0x2285, &(0x7f00000001c0)={0x0, 0x2, 0x1000, 0x80, @buffer={0x0, 0xe, &(0x7f0000000000)=""/14}, &(0x7f0000000300)="fa8ed2339a7f9809f078c2f9fd448ca62f76dcfa7c8b976325c73c37622498a2cd962bb571b1d94f37b8cded183778419a42003f156ea141064e2cf2fbd3c6fe308909f56fb9a706c1a32338baff525c8a2530fc4e3d1e5b97dfba23dffa4e2774abe02ab6864de13ff2edd1e509be277ccda7c5955f2dad4e53d53e2b523f8207de5f544d823de25b073dec236980bd0714b833b1636124c2d41a1db6059148d69a38f153128077315259ccd27d01bc539d43a0002f49d0c9f9d60a33ec5119b0a8a4f848bcf504edee9118d63a3023bb9020b35cdb2a3448b2bd6f6d9f7c6948ab1cedad5788a42b949c5630f05d09a265f869aaef166b1a9c6913650b6a5a6ef0b62be2d323429da7e66228c55409f368fdc7419c1b048f2acfd7fca0882c9a1e672080bc54cc3cbf7ac241800e6ff4c5ba8083461e0a79cb55f2bee824b9bbb1cc30cf0b56529a55cd94afec146a68ceee8cf0c0fe87ec9f2fabc95ce0cc32290b0a86cf27fe012b618ce87eda8f90ba71cff5d33b2778355dc2581ce8b9df84e0e17c1c5c0e6f91fa6d2fc69a7a5fb5c64c6a5c3065539ff48b983810f65c49503b5b6b45732a604a00a8815692498a642876bc3a49c9dfd287a1160235d2fdeee3771ff87f17627f9d06970340eca4c6b36f4b77d64e4ec1112c952fe63520fe6aa0929547f585cf20875fa13580ea52d4deb238917db9db14f1230896a8439b9ba661bdf5d5ed10a140971dc3465d3380e0837cdb1d8722037c9d50635a3b869a909efa2a933bc77076c8a0c4c6d260bc43be40c70aa200b97dfa947a19cc4be090f53cb93d6db35959c12508e5f48c26ed143293fba46ddca0e4ac0ff93b01880b88c9eeffaf992cef550210430f2488961e334dc63d63c4b18120a826bc6fe381cf2272e0452276f9d05e83fcdfc3f64f1e5d635d9c83f541f6c4cb0469aa36061163f10877d8af8bea959b1c8d459f787ac6dc52e48429faf6a9cb3d2ab41aafc39d793cb6b0b7905f3e7f037ac28442a4cc47d2eda0abf0451a0a1e4bf81336ad2dd3de8c3ae57aac5236fbee54b0cd01b6571c0fa2852518a778d0b9dba6e65e2a69e4d686ae92f2e05b33ece39ccbf03287eeacf7448d91b1ce6bea567c3cd68869c9aea0f93eacc10cf47aeee376bbd343dc50ab3510f232e96fe3bf0d14cc636c5ba6f931aada0337e01235f6d0a6615755a6801965c41b93f89b206ffa1157cf3be20696a1f4ed9f77f6034325268d5818cf8696cd77829d2eaa2fa544eaea700c4100a444bff0156de03cf3299fd99c3d3537e05e1e8a1a34c8109301a670f8b82a3033e256602d99f2f59bf605994f913822a10c6bb6c8c52798cc6e9f79c708b4716da8d5853985aef9aaedeaeb16ae997808d478191e03e35b3fa09fb33cd8cd5acf718abf7ac0e598637066138172d318d21d8ba3af7f4c29b01b1375e1b866104b077caaf10234e2516221a8f348b65e27c59528b35922cf5abbc36f4ae96e49fddc91d29e72329ec6c7b4acd7b88bc0cc8e6e93f62df3e58f750b03c8c9ab713394b128b2d4c2b89ec04d5ee12637baea55b370ac7a7caddb588d9b36446647c1b0828761f12c1b00f276ec74575ee58334f25847dafe9193e120502194e040fd5f6d3b486f8f67736385b2f4120dfa7d9fd83a09e1b9c1cde866581609f18f91a183266f0ec1effea7343a6c9c2606d0178e6559689b7b0023c0f398fe2a6411f60e7bfad7e9b02eeaa2ec3f056b7923eec87eabf6f5927b7a105dcb5bd01072d932fb16fdc7d9ab5dfe0211d95cc39bc53655c4e36b1b9f75d3581cf84b82a3bdb327bf3cc5eba22ae1f0c8c53c900b41b048e71bb74e9115ff9ae4aaf96eee8703142b2d1ca711ff880a423789193a43f69bf1e96b45d573f4878b63f2703a79e1a48ee582a3b3902b631fd76c31974b3c2af96bb0689ffdeab642b8ace54ddc350ea4985e1878cc8a148ae23baad5536251f34c47a858d67be0b623f7572430f5ff4dc2c9e1074fb4632d723f1550f09157ab2c2e9c7b3fc7f10e9b0b3ea558a2101a1b16b0917349bdaebc8a0af455bc171f0a2e30e90ffe04754ea3bca7c5042ddd506bdea027b1180c6785c1328979acaaa5078ef419d412f9800510bde2dfddeb8c32e8bc1a53ac9b0193b16e90634c30de0e5adb52cef7ba3b098fa5f12663efb6d90611a40e23ea541bed8e0f747bece7d4915a42a3a8f87d37a938e0c6eacd9615623c7c0016497e23014367a121180e895c48b0b3c4e31091598bc403715cd682cfb63c8775f95e7cc58ec61c9024db0f32bfc6060d1b86e7b73813f62d2d2d4d02cac0a5defff916d3aae205e868c767b9d43b3bd4fdf82c3986662500c425eb0d6f0c83529841e3c4e592c3ec2c40a7585613527c2dd9e373aa0218442c6de4cd5dc89ea8174555f59358c84f8b97c9f2081e0f7f0115044bbb77dd1e084b262f2360fb735bd33426f0991e4c08dbe2ffc0c178d2adeca78220a0c5c21b390c7bf27acbc924067b83af961de9bfa54d00d022726ab68c912552f2b7d35bf1ce0c020f8c3b93e042daa7335780cc8b31d92ad197a72215b92de49d8b6e53d597037bfc2fe3ae64f65a98015e72e0c22990dc4ddacc711a8f96da7562b71fdfe835ba46b2c59d3fd32d1fc11ac754c7f121448a94a36e45e01f8341eddccce9c6b15da1b6ced25717f2f8e95cde49e47cdf17ca5a8a88f967045baef63016846e79b95c467e0b8712667d7d0216ea2f6ac08163930eb68bb21e3dc63752d1afe45ae982767254990a7abfe72c11b0dcd584ca477fe060c42ba3d2c9676de7e9b041be93339a623dbfda9e1dc8d06b4ff37f069e41b196532a5856e6986b0fd2bce94e7524a544ed02f872b1f770ee4ad688bbba6bd964304520db52a63805d555de731adf21274097857b0f0ad6de8a21b71c01140289369de9a0ab6134d13869d201dbeaa30ea8d6ebb65d4935135b648c1c4f0e2863b374b33d77df4afe13abe5aa30f975ce05cbfd263ec292962e3ac387883d6d00a7ce791f4525097e2dcd03c552ae7ef889326f2ef7bdd9c4a17b20f30149ae4b0a014fd3bfd329755e47b95c18e0a409acfaab6bfcd00f3fa0e0b62a6d20298e9de09d2b80ee5fec6cfe21fc08d98d6d325140e45a565b2de0e2a321ef8f91f83c51438eb5155a3ffddea0446f257fd97797d685d7b2cf344fa3847dfa6831928e764641c41e8cf5565d628b89f1daf3791810eb1ad2c5acb72a13fca1f2527f2860adfb8bf624ded31733515962831fba26d979a4a131cfcec85efd839ae1362c8c52fd582e122104ba4418177470d5be5d8e83bff86a0fb3372a9379ae9890b62af68b7c1f656f20d65706e818332fde37244a5a619ef04c137b081d9baf025f2b1ef0dd111e83653b3cd314c4d14e428275ad76c6f195af07f8d55df9d093b1b7160db96511af5ba5f61c22e4f81342649a513232b4ec9fef240636e552be9842d521ceb4f0ee27d59afddd32be6862cbff5f45484326de8e43ac91ac47d34d52d482d2372345f3923f44d7be62e90f2f4a2cea945e3ebcddf66a9ffaae78417bf3847b08c853a3c95ce0c37873b8a5f5f3c344db09bc6016dec61f98a865a59856d6226ca37591111495731346ec89a21f94279da600b457e27bd139c3474a5df9a2e011891b7f0f87f1311dfc1ef6062a70c62999621483c0e359c90ac30017b4741c2b073ccc9d869fb81ff28593af9da883ec0db046a9911172c27d6375ff1376f1926674452a8796e83ec2f09ae4a62dfab4f0a9a51c573ee7164e08eb2c23210eab9729fe8209d3bf0108786a9d6d7456ef796c14e8c1462b4b48ac87f6a211307d30c797849a55ffacb3588a956914e3614a1e29eb5d233b4b336637dbea44844fc670f4e154955a0fa4d106bd80cb40acfbc5c01486418e860a6cea5f030900140abd8675390f4b43035b73ece7ef558b4768345af3c901ed071198432074b2a3c876bb8213e7a0ad05dab7e67cb02d7e9a845735330325040b833dcd31d5a981dda4df549b52a150133adf21e2d154af46d9be038c815962b08b953c48ef8f531eefbf770f49d433bc84dc1102ce46e1d7be67df9927910a9e1ae640aa299ea8cbe1c77afaea73f6e1378a4e78b7182362343da3280a30c975ee7cece2ff5b0dd5f463e9356fb257ec0c667ab0e21a79ba4a61291582825792bfa36029e993bc5f9a426befaa5f5e7b26e3ab40fd73cf6d7cdb138cb7f0afae1283a886472602e4af5a66bf72e80d9976e9ad88610b76e47678ecb6b18f2ba356881dca3a31515b576ab730a92587994cd185b0353bb400a9adab7b6ff49d029b9e490db5a345796f3ecf58d0fcbf5669dc97a266bcf5c9a604fe2ea493e780532d8b684fe751c48d16977a0bc287ed1bb287f91c6a08c09981d5bf3a4c50c955b6d2a55ed91d03e9a21be450facd1a558089008cca980f7f069e3e2fe27c99621c32e8253bea5669d07b740c3ad8f628bd06d5d2c744a87f38a9f5cb24373d2c9483f158c9a23ee244c49559272de86bf5a75da828f56fea7823cc8e38bd1bed231aeecc0d21b586e7e7c9cea274dd256e4109add6a16ca543d47c616cdcc2f026f6223190d944b3a762a974f6b39f48f729d580fb16ab8accb1a4a789361585a30cce960ca2a0e3f881c076b397a40df3f691212aabbe6f3f2bfd5bf46d3321427497e1b36c7c982e47007b1ca7f58c31075df116ee64a35b9bf3931b2f268d44c7dc27b68366be88589488b438b98610ae57a8fbe31685a19cd80991ccf4d87ab591fa3074c6470ebbe40a7e50ab3d419ec2fbe92185384396e5e53d01dfb299a0fdb32f920ecb011a86dedce757504899e215a3d56eae9e047e9911465b34f6efdb7f54a4e888d3d4fc971c38721d4d765445080f7cfde6d045efbbd7b87ea73d96ecfb47e52f61886da1c2f541f7fe26e935aee5e01c66810e5ad8418fc466196ba755a182341f3ebff0584d134c3f9fae3b54f20d8156d06dda3e6ba21b35d928318dd00b0f73022056fe75427cff53eee910c7ed010d0e0442ce4557486e1ce025dd894501da2ed65cba709416cc83710ab121e958abbafef12bcab97934b84f84f4fb9ebe091a0ddba1b5a60f3bcc28e79e9bfadfaa3f0a23b4588e42a3dae889fa573a803cd245fe902b19c55d2bebcdae311e73f28a2bd9a780eb4a864f5466406391c4089b67e1a5946bbb4a3c07baa8f93912ca2fbf19c65d3a84dcb1e8ca6667628545180f4121ff610dbbef0b4688153d6a5e920f48e7e68d28f0f3d42e630cf81f18ca213fbdd62d3807a8ca61840bc6eccd9fb74f1d5b575e29e74b2420054eb198da8e4933cf6a4dca3ceb32ecfe20bbde1509e4279679a7d030f877dd93d55145ec29940727d698c292815027fdba8332409058141a636696ee1ffc0bc54ed4e8d6dca6b7ac6bc68977cab7c64a2e89d5579042387c60bb0defb501e3f5d491ba552ff5a4cb13b0a20a384a9aa0856a70adc19611b73a491c0a63358a3e7ff2606bb6bdbb5866813935fb1334b8c679ac392e3a6cc34c5b39f50d9f392bc94cbaf20647809d0c1d52e4416b54a506ec5ffb2f8311cb22af832764bd3e0fb7c26b5eb874517fe34a323459e4ad7dec04221d22a00d15d7dcc34cea3cba4e5c4c25439c8d989323cfc6b2eebe4fe8443cb5fdaf5f419c89c6d9055bf9f392d6c706537d933675ac9ff80cfceef98fb3ecb517749f8f8e03603ca6bb40d6d586f48fdaac261c99b3c71e257600865a90bb", &(0x7f0000000080)=""/219, 0x2, 0x20, 0x2, &(0x7f0000000180)}) 03:44:55 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101102) syz_open_dev$sg(&(0x7f0000000080), 0x6, 0x80000) fcntl$setlease(r0, 0x400, 0x1) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x200, 0x14000) ioctl$SG_IO(r1, 0x227c, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x0, @buffer={0x0, 0x4a, &(0x7f0000001440)=""/74}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:44:55 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x10, 0x0, 0x0}) 03:44:55 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:44:55 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000000)=[r1], 0x1) mq_notify(r0, 0x0) [ 2240.283207] sg_write: data in/out 593982219/246 bytes for SCSI command 0x0-- guessing data in; [ 2240.283207] program syz-executor.4 not setting count and/or reply_len properly [ 2240.302584] sg_write: data in/out 593982219/246 bytes for SCSI command 0x0-- guessing data in; [ 2240.302584] program syz-executor.4 not setting count and/or reply_len properly 03:44:55 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) [ 2240.320575] tmpfs: Bad value for 'mpol' 03:44:55 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = accept$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14) fcntl$getownex(r1, 0x10, &(0x7f0000000140)) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_STATX={0x15, 0x2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x800, 0x400, 0x3, {0x0, r2}}, 0x3) symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00') read(r1, &(0x7f0000000300)=""/21, 0x15) 03:44:55 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x300, 0x0, 0x0}) 03:44:55 executing program 2: kexec_load(0x6, 0x1, &(0x7f0000000140)=[{&(0x7f0000000040)="6dd27eae5b3be84209cc93103e46c75b3ffd0370359f35b7bdd2276be1ae2ef8a5802d42a4543b0ab59a6fafba14c9342471dc896c657cd9db69788a31eb9017d973a712e26e8366c1654141c0fbd98850fdfe645e0fc2181cfdc9c62335c2d838a5fb211f1be3801736b41b652f28cc3b47d71c95a33fbe93650889f2f374b453b9d09933f9facb2f68d8d394074b83a5db3c96158900f49e0b519de543c927077e42ea8d4eafa7e8ea619a3f30c5d23bdc9d6fe1b24420453512f8a8c6e4bdd33016", 0xc3, 0x0, 0x7}], 0x3e0000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(0xffffffffffffffff, 0x8040942d, &(0x7f0000000000)) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) [ 2240.444070] sg_write: data in/out 3171656/246 bytes for SCSI command 0x0-- guessing data in; [ 2240.444070] program syz-executor.4 not setting count and/or reply_len properly [ 2240.892142] sg_write: data in/out 1717986882/242 bytes for SCSI command 0xff-- guessing data in; [ 2240.892142] program syz-executor.1 not setting count and/or reply_len properly 03:45:11 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, &(0x7f0000000140)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="04000000080000696c65301d5fa70000000000"]) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r3 = fcntl$dupfd(r2, 0x0, r2) fallocate(r0, 0x8, 0xffff, 0x4) getsockopt$bt_BT_VOICE(r3, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r3, 0x227c, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r5 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r6 = epoll_create(0x3ff) r7 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000000200)={0x20000001}) sendmsg$inet(r2, &(0x7f0000000780)={&(0x7f0000000180)={0x2, 0x4e1f, @loopback}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000240)="d5ee18d37227cf649e256de61c45aa6512dc2bce414ffdedde65a3323033181953450cc75fdfa1270cea9f64cbb16fd5195004bf5961bb526b26222ac3bd63f678f5f79da90af110c4a1fb7abffa4f719307894c0322e00cd9cd60aca579c6535033b367e0c5f9930bad92299908452eab83e3ea661f13f0388762c3d3a4", 0x7e}, {&(0x7f0000000600)="43c0a422f448f2fed1dc7a3d25928b1aae82866724b7681b5cdd0915211bcb955f00000080000000005bc184d1d9b71a858c89e601b7b5b219febb895eab7358d359159e72266a5519c778da7ab1a3f67db69feca630984d9dc6057adc399f9fbe65e3565dad6b34028d18eaea701dd3da55da4848bf4e257767abe37014797c1f7fa7d7288d4c33", 0x88}, {&(0x7f00000003c0)="e505847f66ef283e071c3fd3f8242d1cfc62b0c66a1219e2002d789864f7d158126a486cea936c4a549f4bab65f7b5b2c36fb35ae7952d2134e259ba271635a709262c61afc68e14436096b670b0bb2af7c627e77fec0028f8ea8dc55d2f1755e4d8ffed3124c636458eb9d6a6a18b58a4072ed39ee8235ab2fa8b0c8eb1c614a9cab993dee92bc44e3b7d9d3d3b467e919f50db5e70f71fd7c531f9f6727bd99c0b2470552ccefebc8197bcbcd5bd37255a133f2e34d692d942a1ae61eb336a8975062d802d068560811f7aa35031f7ea748023000000000000", 0xda}, {&(0x7f00000004c0)="c0dbb8a72774fd4f0a5576731802bbcd61c7ba033002fbbdcc96bdd9f9d2936d4cbb73bae9e76baad7cc03e990bc21a353546e2dedcaf7499b358e8091e565be1e52ae5295cda6ab82ddf10a537483793078ff035e1ea06e74ef0b32f6c113c2fec9088e0a83efc313c5af131d7f2add2d436c756bb0d688b5a278a5efbf886a1c64acba570ef9774627c2d7bc3e489da0ffa8ca370fe045107afcad1531ac78364551092f21900ebc48ca311d1dbb2e241afe3c44045f3464ab7b5a2efe64c9a2cb5be3d2aa50e3ded33c038859345f10f249ed015d9697e8bfb951cfd56708faccfed194a99b3b6069558d2b58817ae25a382242d66d", 0xf7}], 0x4, &(0x7f00000005c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @multicast2}}}], 0x20}, 0x800) dup2(r7, r5) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r4, 0x4, r7, 0x2) waitid(0x0, r4, 0x0, 0x8, 0x0) fcntl$lock(r1, 0x26, &(0x7f0000000100)={0x0, 0x3, 0x401, 0x4, r4}) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f0000000080)={0x5e, 0x2, 0x60000000, "81f1cc950b109db5f168354aa33cfec37a5f43c62bde7cae10a640ee940dfa819b8ca50d8d4db84a038bf6eb88e1fe8d715286eae219ab4cc9a62e16c591ac4569e69a3a6e90863df43dc403e4d76a066a66d5617c137afbe5939ca1e22d"}) 03:45:11 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:45:12 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0xfffffffffffffffe, 0x20180) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000940)={{}, r2, 0x0, @unused=[0x8000, 0x2400000000000000, 0x0, 0x3], @devid}) r3 = signalfd(r1, &(0x7f0000000080)={[0x2]}, 0x8) ioctl$SG_IO(r3, 0x2285, &(0x7f0000001a40)={0x53, 0xfffffffffffffffd, 0xb0, 0x7, @buffer={0x0, 0x9f, &(0x7f00000000c0)=""/159}, &(0x7f0000000180)="a87dca1105f3b3e5a60798e1bfcbc3810f78eba3e1ea3fec9f5cbad10ec50ef163a3685c571cdb9098b0d6c83df7f7aa82a9c4a0337171e00812db78e7a0805e9e6a160891a1d5bdbfb0a01b3979d611d18bd005de38da64467a27ad858ad5645729322f51e54dd98e9ba0ff789c828b203435cdac02a3aff49902f1acef5568f177fd59aae97533bde36d66c6cdced16a7494ca2b5818fba0eb05552335c812bbbf001c302cbbf91484d5a708840b73", &(0x7f0000001940)=""/252, 0x80000001, 0x4, 0xffffffffffffffff, &(0x7f0000000240)}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000300)={{r1}, r2, 0x1a, @unused=[0xffff, 0x9, 0x3, 0x3], @devid}) 03:45:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$TIOCMSET(r2, 0x5418, &(0x7f0000000000)=0x9) r3 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1000000, 0x12, r2, 0x10000000) r4 = openat$sr(0xffffffffffffff9c, &(0x7f00000000c0), 0x224000, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f00000029c0)=@IORING_OP_SENDMSG={0x9, 0x5, 0x0, r4, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@un=@abs={0x1, 0x0, 0x4e24}, 0x80, &(0x7f0000000180)=[{&(0x7f0000002a00)="47e602a867b3f3a407c6c0b9e78e8f40dc1b673f74e509fcc595a3c2c9a40a37805b5c0f9593bbf0c7ffabe2cd8ea97c778500194b21f44e5da62feaaf3db99620cbc2ab8a9c495e71cc47e7c9cba2c1f22b463751b872d8bf27a0e1fe7563a39e7859e08fcbc03d0e7bea1c390b44c947a74701cc5af4c46c04f0cb79d8208eb3187dc45c4956224c2296fbc6f995aa3fd027db9a", 0x95}, {&(0x7f0000000300)="19f3b4e99860a2b84ced6034fbefe37e485eec87f64be173ca66b6d196641324f5f0d7fb3ab62cc90bde3a9a3daf5c767d5d1413dc49f386ea56b3a1429437d58c53bb9d306ed8f3ae909f10ad9b3e686a27a41ce6076f0b59bb09a4", 0x5c}, {&(0x7f0000000380)="7a366afe60e78ef555db5973bd45cd3e5e45a4fc333f895921dcd047a368212aec68fd568478782f3ee6d63d549784d997c280bbe4605f1ab62f20cfbed1749ffd96bd7ab13dad00e5a1c84bd6440d0313e2421741466e8ac8a949e8147e098598b8b74ba3ddd88c08e240198b587cc2358c639ce50d50cff51d04b8afa7b5dad9", 0x81}, {&(0x7f0000000440)="04fe24d29a6c1ab699bd8c1ead591819018fc6b0ff0508b599a5216d538544e708a655d33d9f4af268c262dc01d40f5c263b20e1729c569fc4f0be88c0ff2fe8e974ea1f76e4cd0d714142afae81b06dd7b50331358faf4eafbec224bc0d4558510af4d790372e3713ecc529baacb8a3386969fc3a9a76", 0x77}, {&(0x7f00000004c0)="71d2778fb27772783d352de24ff3943f5617200feeecad923dda9bba503a85d5a4257a3d039f3e597a5dd4304b59292a70f9d210441e72f1d8280620a153d30eb8a23f7357885a9e2a7b8b7e97a9f96c29c602e3a366a697cb05159273d47958e9e1529704a32766f403d1aeacf150c772", 0x71}, {&(0x7f0000002ac0)="4ad19918af40dd92291869a327645a6a72dc385050d587e1b1cc80f6d4a36f277cdd1f36f9fb56a5f0c92cbfdf0fe2f8cffc0d844fcff3dd6b5913b506dc888beaa6420213fabf2bd49b20d5ae0df53ec3a48ca76eb6c1b2c1811dc2ccc07ab9727fb61281b395f5d14c48095ea522568741b660bf581dbd0f5be346bbadf0f56066785dec0e3870831d142472257751dcbc564d36c42a11b5f235021986eacd381f8c30067e029b392c09e857c5b68c487992cb5a5033558c3a0d9311aa218a0fd47ac58781cf228e2f052b057d6cd3d212952a0b0ac8f3b9663a9b6dc2703fc3679f4bffab4a", 0xe7}], 0x6, &(0x7f00000005c0)=[{0x78, 0x10e, 0xe9f, "7988cb3026658918874f5079144e4362a5a2d9e3484592a8a149206d3302bab2da7b538803c93e485cd0cbc8b33f35ee80df1fcc2bb1d34916c569e5824321343b9b2975f05b9b9fc47febf6372f90b1fc973ce94b22f4b8b3671e2bcfdacb36061b"}, {0xc0, 0x114, 0x100, "f814e471dfa3401e4b9f9e17615f09d1ccb72142ad60a13b980b214927fbab242655f01bd67b396dbe59b10094992189f8537a0d11e7ea2664be07e67af5ea7834311aa3d851167c874d00482ae4ed9cbe62458525cce14fe0c9cbd797bfb1016f4d210c6718736e620d35d546883bd406eda4fc6ce1034e358c21e16e05311a46964726f69338e3b1c015e0a2f64f5a71f25f168ab5fde8ab61abff3e619f171249fa3b09861587c4a4"}, {0x50, 0x0, 0x4, "5f539586f2938d43126b43780fbec5bcbd6bca4a38c810061ab4dc3248bb8638966b7008895f51f9068370dac0e469c8ffc55afdac6b95e184a4a6de"}, {0x1010, 0x114, 0x3, "531f81d4c58d66e9e35f34cc720bac5fd598ed03a618cc666869b5c7ace6741edd3e6253c8cc34a8b9f5510987dd5c7a7ebd9fc7c09be2af15ef4abe65ae57decf95cda20a62cca701fcbe7ebea02a95f49795c8a4a93a59ee27e830a321705fde377661f8da61e71cf13ec9044ab8dc03664dbff6237241c4b0bfde8aebac983b18243a1c7b2a1d0eb3eb598f968c1028db31a98b06be6c11852a96d2915d0f94462cfb207aca6ac56f5aa927eec1d367cba09235add0b4896d9391e1b3b23f2f4d4e1919a40f89e543dfc6fa2c51f8a820b6e6e49b61f1105dc16192313e3c9abfb30c04a4a4f648e5b1079da275a2c775438611e13d396c34f9262be41533bae65b99f2e9408a0e641746f880f2e911738cb5d7803f406537e83896b153092fa160a143dc074c468736e1797f2f8ae34723e497e9017044e36a4265227d20f969b4d6f7504cde4751d995e05a660a45eec09c7cd699d2c3b46d3a656d76bc7a42a408739dbe1ecacdcb294feec10e773f978033c491832ac952e0059d56d9252b61f8e31d78635d9b2cf84c49455d98d0b246c414cea52b209ad580f35593f7a3d01c21c038d90fe9d641125adf5d57be2a1997dedc10f0eb3c3cf808b78daaff8b5293a4fbf1c1f185070043c1e71576d58aed1f92b3865225e31430b972d91625e7002b32a91707f1f94444f1541c3cb602667596030cd29baef0490420a106d7e39e232b377576bb0eaeef88e5eb2a06937eb6cca0c66db8accceb13802c23dfd02ee63e05fd23a2b282ce7964104a553dd38c978e85ddf2a7e902df8183e9ca94bf57cd6b3843a8c53f118e13027d0e5ab5dcbcd7124405c7e02821ba2ac7c28629e3c07c32f880e04611cc4c5568454b213f03268880947810c30c9f4cd9935f4d676c4b797bd3d9be6117d497c5f32193c5cd8e52a75991a6a32715f26672bca990bcd0a1e99f5976aa89492a8c6b74c55b192601f81a796282b9bd95cd2022f3f9c5f9012eb44086b1e5bbf3f8be827506e6bfa280cf10f3acdcfd003ab0f205183da06771abb47aa041e24e0bbfb0eebf97432e419dc38ba153859a4937d67c31e05c73677bc39db11d6cec41980c916ed8b5a509079cc2602fb732394420388e3fb2e3a634b2d91ee3bba0e20ac46b90d84e63bf8434e3c00a1324c35659e17882df7337e490495fa5a6f7c770dc76fc913aa0316ad3a9554548f95d170143f667ca3c2a8bfe47d211322db67d9906692426b31a3016919a1afcedb5098827288c49aebf610df73f4ef0e670be2a484ed7b02ee3be38fc3b82103e4b9cea72e0a414e02b3d3aeb0dae6d03b303ee93426380840f2404c6ec67048bce95df12837ae4f4cd216a67239130fd2c4e53e7857cefc2540eb9dddd8b0be755f0a1a0ee69435bce791b59380a74cdb2807507d4be69c102472ba8cf3338851e27e1702698a72d0583af1d6affaa44c562cfb45941d047afa373cb553ec76b77942cb08c6099a62b1007e08448442d08c3323fca41c604098a48e39391bdd2c6ca0aef9e3aef5554b8c979d5152750dac5bccf787c8fb10fe6d5da4e8046adceaa0e00a23306b05b4018c3313a3073fff196b710962e38f4d758e95b523d560d86ab80446e214955cdb2e50bff2a4642f2dd15bfb71126a0664b10d6c1d1dab1057d8216b910f4d6a8fd4a8a4f848e4ca551c62fb8b759e5f21d620dc7d834c63a2cd253bf957805f06b159338bc6cd11ab71e15a902648945312d73c2dd0a908b9bbb53d0f56b962ecd1bf5b122d0da7784676d7cbceab45f20bf814dfdda406f2905c3a46052605bbdd632185ec4f193ed3c8a4c99a0477ee532d727957865e856c87a5243fffbf02a24b11132c02af90933964b021a763b03b4bc81487edefac94b7d6ba938afbd04e92475dfc89276b8ca87e26831f217436bcc5baf7088b142eeafd4f0f62dd28386f7ba6c8846da3b7cd857d80fb8f80278f3e96d6ab81f2924f6c27ad46ca7b176cc17f32060d1f23b5893d1e0ce8ab173ef1f23ee9c9cd455979e2b480b31b0aab57db8994a8e7c79135059415eaa52538fd348e2a64de9472ef9f4e2e4e33aef7340f58eb15f4096f67972b0a81c8105308f2571755a41e0aa5f57c2c6963c717b64a94ec8bbd4e99204fed929ce2a099d06ef6e6cc5ea650c825ce727ef4b2e6dee50b0dd2e026c69432970776421aa3d36a42d5ad0a571b66f4166c2b2e609c30825c1c6b8cfdc446915970eb4ce07afbcf887b0cb99f79dd9a7d09392953bbe314ffbff53019d09e62cab80db66d41d5cfafdf073e7de622f0f6db4a235ad6b779f74d357659c2f801b9f9aa09dd8c5bf26e31c728ac7dd72fd031fc0d887c03816762eeb5ff365bdc6835fb58b440889e9b9ea6bc1907548e8269997048688176ffeb4596c4cd226503a2ee00bfe2afc2a8643588e1ead1a01b582776e838ec04748d43c04f9dd5c32e9ba3dcd9542b19603155ce0850517c3c87d5b018d055ad66864536f0097bc86f82811a713334d3e5b54463eeaa3a3f8d5822719b55822953c14be8c191dc3db42da455258f6452217eb0a01562bfebc2e60e279b4e2faa2754711efbb1bb9d4caabf4df5acca112b64d627422ad39d5abc5dbd0c3b9d28dd3fe3533077359c45b30b4511789bc0b8f6b2959c54269398c063eb198ec7b21ec91ddb0722bfccf57ec9ad40cd500ef055c291fdfee737f1790c4c54ee9f77f50dd26a52113df8c743f2374950909b6f470f736dd5e0ef57641649fafb9e7527b30a2354872de79db3edc03d0e13787f7aff6481c21c21d7d0cb26702b9978570607fd56676862ab9ad85ef616dfc2aff67fd60fbbb58319f906bb499ac36d1f7d408983918d7f891532ecef1ac2949730438a8069fc205912ad9bb5d90ebe688e9d0c0523bfce55780d47aa988a0053b89fd05ba1312a5c0251435c698ecd4d4762ba1f7d09eaf644be2e8aa44086c18cf88f19a1a737c9a60e8665bbe75efdb71224c0726ab13fe7af0e46dc9a840fa98e89a3f89d041ec4b7be2be05da6de9be6d95c2096bdab0f027e8efce91a97cbc364f67e16c629109d3a49814fac2b6be2b066349040a8dcc5ecc750be27e2f1c771e43fbbab02006d55f33c65805b648729540c48aba7551a738bc0cb4e542ef18819777824c2e7e738a6e4881ac5a4f1593779c3d61b71eaa8b2cc2e07aa2e3eb47b2d9748a4a79860cb099837259ebc7f1c6b882dc90551cafbc2396f0bb6295990e8101fd922957b456091b27fdcd70857a2df0fc347235d8e65abb722ae177ef6e6d3cb167ceef580969d0e8d9778ef7e31645fb60fdf3a977772fefea3157b1a60f93672cbf4d6fed051b70d06b3e898856a16ba5ab08fb99a9fcd04422b00cefaa1f81952593a53c905ee455b82401b70364121b319dd4d80428f158f4bfc4c0c1c59a3a936adccae97106f08dacf26a21b5360e86e92d703927b11019324eb39d1fafd0689c21854898b67d65507e929cbf16e0d557ece8efd2e870dfa138d7aafd17c0b4024025382da076209f8aac9346d939c95380606f388609846ef581eb1b54f27ce4f97524413058c8890c5b9265e8ca6dee1b15ba5078e25121a450d5aef81df5f4cb69a37612205e97de0cecfbdd3b6e2c28968e9013d7f3158ca63c4b6e09e6d938927ddf2bd2aab6de65f497f55fecbe50c50594cf50d6d789b33c48e58ccbb18c56ae4926c4f2c990ca7d0724ba5b8e3e1b174e8e74091445294b5c33967e66658c858f85ba15e20348eb8f760269a03c2edd95996e52bddf15c9a924382f66636dc5d9fc688496b6945f702ae51c7b1421d35689d6797f460cdd9d4f97f6ec44ece5290322326539755fb01d29c14d0aeb2e89924e65ff8f0762ddac625cb716f2c25cbca7de7464424384ae07e89cf20eb6e2a95dad70066c19f6d8e30c6deb955b31ef44358ad23f85f6a92050495a0457a3714dcfe6cc08164286ee9fcc21e16ec007c155e66269da8f244ac52eb1d81e89b90139df2f558e392a5baff99b71173beb62ec878d29e39e038db37106fb72f8810fbef269b7da7fe16fe6f96fea4977edbb18c89d423518d83aa87b6db0ec9e0488598cd712cc7b9a4e1210e548373e4b5ce58e8f73194790a5cb564dc047f7ba6631045070849df645f1c2aaa6fec66f11fc4aa1f65bc509212bd9dedb9cb4c32dbf353cc628c69dea328c69193c4327f41502089dae4942faa0f285ede9b66d26d33e54e394e04643bd678a9a4a13de4b7367b6936b75f8deff30901b1ab4b4b066a3352508ddbe4271c567dc7fbdd237099fda272250045fcc3add24bd0c410876833d705e35c612bd72cfa29d0d20d69d4d7868c72d235b468cb511b45730e6628ebe0c67f14fd84d0553ea06beffd9a0c38cc39c6872f4ae2f5a0aa99d4470d1e108784438917f71ace62a3ca2504998cb4dfc1dc2494e5d010e2a3bc25a3edcbd1872f02e35ce2e73e51126febe63203898c40ea9b7097a3aa673d84a163f717234ccbe8850767e04e8ca9f73ca651d106a45077afde3044287af3ace1746e885fddd3e4051d4d3b8308c24c378b6f75000bace4d80f87871a78067cbb830095a2c53f9e1dfc061067e0a7d6e708208d68740720be2b0e4fa956830e3813109537d803c90ad2844639d55f4161c39461d37959632c3dbbd86e63a3209934bb750acb8c471e8fb4b1126c34dc02f736daff99d217b5f885fc75dfd2b2f5c86d52d54db46748f7f135d7e776e70fe0f5bc7d0019116f937743f140accb01cac4aa730a5b9754b7e6199c4b53b98e27afaa3208e6eee59e1c9cbb13ecdaeef203064d3633ea4b1e91b7fe37dea4283b0243f26f3011578fafce04c039adf00f7424f8e26fd3805660216acbdafc4ad02c6fe9b186bc11504e884ff5ac32083885787c844c4e8eae3dc732dd12727892f0e85c832f5177af95040691c2a294cd242cf62cc35689b93095db9dfbfb2279ebf98cd459b8986ab17afc6c60238d4a28759460cde6951d4728ea0942e9ff47e7baa49d84545b2d902233f390ab744dc6e83e3605b341df567279f227e59fea94ebfee5a01076c88edd1ff0f7abbe602b2c2938e7d67bf1defe961a7100a7ad0ed8cc0c0503f528fafa478992c222165b291ecd8de50586bfddc1b94c89fe7264c24cf52f6bed418b93fbe82c27da158fe38147ec435001654986e4e4cee858c6da9cd9b9062fff876d09097d41a29e53ee24b8de451edc50050ca52c29ab9a1bbcf132a8f702cb4965c20555bf3347ee4cf77e050fc4186b0cfaf3cfd136a1b54a483e5070d3747e5ea9d6893816666ec26f8b9612be5a96d3552901be98c6c0ada937076ec7116ceafd19229d6f19810f4648cceeb0005b0ff79653acc9df1b3f19e4e87dc4c5516fa3edb6245e5dd0378888719961a859232b064fd826e3b2c6e3db1addc2d96670fa707ee368a07037a13e73be1c7ce8e6cdc7d7eeb3defd9390305996017a3178551928b923b84236b0dfd51fe6797f34cfa6cb0485b6883ea26830ba12c15f1e3164e9d5cea9e77f8dc94c4deba202ae0030b42f1f00f08f7d535fa23bd5fdeb295997ea9745bbac285130f20e11355f548fe08d32985ac0fe4dda3de896204145b9602de470348ec75cca0dbef8e4e5b125cee3d6e2f22055de5ceaade0a52620e7ceaed339b7f2708c28ab9f752c6c96887ab16318ba51219faced926e289b938ec701be1cfbc980191a97b53732c7a6c8056d7d9b797ab0ccf4de3efe989af5a3c86bd54"}, {0xd8, 0x10c, 0x1, "43cb6502ec74f363ccab7d9e94906bc6fb4fdb8d4955b00a8e3b7319486f36f421ee67b915d449a0d1c0ae71c18ddf7d5533deb5528ec5492045e16fea348a32b81980318010b72e6c43534303d86abb32860424f424caeb664a81b82997933c910694a89b05395e6552de9b3067a8f129f07ec729f4a3d19b85539cba40ad49405aa6a4f97962e77a82d55262af90b7ce8e74212938dc1699e7c22dfb49863e20a92335e9059328173e6b8b74f4a8ce0cddd4d98f956c683684221bcfc132a3c0b15b6a6f7aa145"}, {0xe8, 0x105, 0xa83, "fc706ef1a0fe4bbc9e2632540bfa872abc9d9fcfc39101d630e9d04dcfc7748b56bd860f8b5dcc8f6aa0b838eb5850f1d9a999fc613d706eb9a61365ac5ee76952611a5b850da9843dfda0188c6bc51ab65f8b9effb1608b5e3de5c6b3183dabade43d045e8e9a72c73ddff7ba6eaa534441b6e76eccbebb3f4b8470937cc5175e142fb6f45ce95d896a9c6b968387923051392918f75ee5bfffa3e498f4cb32a309b4714d8dc063fef515cea66e690519cedcd4a11fb4b45d58329bd2e639df7d9dcdf577d4d4baf9a2ddb13a3ebd7d91bbc63c1d"}, {0x90, 0x102, 0x0, "20887c8b05ac024a45951e88d21820c5ca9e9e633e6b7f46d92e9fe4385a2f04dfcb3463ca60d3b9059c07626b556910cc5aa97f52ce44dcd41fa33b8eeb0dd9ce2e0589149c636cf0657e44e2a9bd05e2ba78c3e4f55a07aa9abd03c7b5d645848c59d0a2beebf768c17f707bed587419f4f874335653e6cf66c7b7d905fc87"}, {0x1010, 0x10e, 0x1, "8bb752470aef166345904ad4ab728a5b50ec3934412cff47bdbded4ba53d7ee3088e50d696683a0bc1e0db3493f07ac84f66ec4724cddc433be0749d3240cd1bb420914c52099f7c43db751fbe4f4d427c4b48ac5cc0f7ca62ee22b6100ae83f90104b1c04664a96ac0a1048bad7ad24b4d564b65f33e2487c2210bed51cfced4ecc70ea16e2855ae7e1dde34733b1ed86477850df49ba6d703ae8910839868678df3fdffe297e41b3afe6a0b235689654d5f0e0779349a870426715fc40265a5dc4e4b120f7de61561dc88027d86099348b21b7824d9b4e22af48061029c8dd3d7eb4222046bf25d2a5933be275a8d5e5d7d1b98f2d718962e91432a11085f6991bc3d38c2643448942bb1e317f5d9dcfd8871abb9546d4e9541ca7a13bdd2a1489d892843205a8e1b91e2bbb14f624f76e3bafbdffbb9c251d66e8de172e786968f2570c3f833bced9df26fdbd9f0b017ad4aa8afdb784ba483904ba31168a217305b757af0539814a5cee74cc4933c401a3c8e11bc55fc663fe6d32186017c1206be83df1633381a63b081cbbdcfb90336565b549868f0e582e6ba3ab32a70255eee7bae563884a44db0846bd97dfb814b12519dea61b0ea826ba746c2e0b7306102f9df424056fad605b79555161c4b3322b3241805aed5bc9cbca6d6d7e2206a4417d4ceb39b2611ac74ce95868c276d8e426ff11f4899c0667f5e712af37502d3bca5c881a09b4b8580f752f29312706d0ac5b5449ce9dde1e8b22e4dbe2b281451f9e50be98ce4977af4bd59a2edb3fafd709bf5e798378092223d57694735b9324d6f3b4105973bacfad7ef52f426eefdeb229f6345c098853b1bc2ac254c1de9aa161fc15041ce576448d67765ba746e357f7c2f66e95022cf2b052c214d739311c268640a298915dace1b07ead6790b51a349f13f6436e48e9d7901c227fb76e54c6c96a8378edbbf1edaef24b014ba7b2afc5766cfaec122efc27ef0430b58c637553251ff0e1922291e3e0d7bc6f637f3ca1277f6b36787643a02e359d490eb79b673cca3f11fe7b5bf4c69a57848b37ba5b739bf22301d36fd1470155d70da441c4a36f3cb89c5d7e66852830a4ce1304f95d70c9b49935d08ded16d927c88bbcab66971d06f7ecbb196704690492baed736ee0d55aa078281218e2fe5ff5972f91040dbf5a7fcaf9ba4e662cebc1955f569d258b14ca55a41811f215fb1622f7b338ef7b3b08b04f8c034a6e7d74e0754b5131acbd20546fa1f14fed2c79e8ffd87c149951162317a7c0fdc39438ecb94ca4a68b76a98c244a19710573cf39560378f31c412be7f5d80bf0cc0ab526d98012a387321ed27b0f21f80259faadeb3010d35b6fb85b62c02892cc12d151c23bb6238d22faf23952034cbffa61c6b3be47638888f15472d4d3939a52939447aac06b36e3bc30235d49b5821169eebf04a04fa339e198b228e5f8266eb6b4c04f6dca2ab125cb69f16d9557ce99f31873a6bdcb430aea97954020420b6949e5a9073062e873656add1f0b46e6517ef4a0d489a82243f9e0ea88f1c6255e078bb82d0a74b442917a300b7ba2f6474aaf680a567e9a8af97ed53f18c3c2566a6cc551170e065eed8c313e848f8e1bc59f0e199ba85c09f6ee9d7d30fec5363946795cf41ebc75eb9aac1a1c91e86b2ca0c9a517605a242881548d8760e426f92f8a5f827b70f3e812b72dcccf67ab1623ee852f88fe76ab3af16bc93fe5b0f26fe19ea5d5886268ae25d500ccfe2ff8d702de4eb5ebcfdca3b8006adc75149565c6b58bd1d172c9e58ef6534b08a7595eb12e3958f2d4aade15a94b0129c318b436719b3cb567ddc0a22d16aeb2d22b07e56f5dacbcd3b6ae49c92a05ba4ed69440f312f444b94e8ac6cade6a50c305b1227446416164ce5931787690d11e0bda683bc7aca9f6b3ca27ecdec9d3ca9fcc2f286ac31011c0f700583c20710a4c430cd9d40b17d05b866cec193f8c4d1316d25c6f1d05f21a06f435a789214809380deeeff549d5320907807b8ff45c65ca4b861b4f9d876ea6e9134608527dcb823eee312c2bafc8409347a28376071dac6779dabe8420427415029b4944472061741f32eda952e54d2b4159f5b8ceb0cbecf638f6ebac79106e22999505eae8447ca969c45f77f426bc2a06deacae6a98deb9d2ccfdb967a2f07fc35d002f81da7055b66c77c450b9000daca4fcd6ae48c409cc0af411ca9ee935fa2880039567bd09fc80a6af0d09b195882466810195dba47b9ae5982b225e596431fde50aaf718dab2afd91872ca3e7fa88f9c0dd107bb7de008d42a9dcb020124d7f888aef39f9521ce8db7ab26595b00aba6423bfeac9a518160167f0c78c2e25a9d533bd1d03bf57916b5df826ff7b8edaa03da90c9697113942b51d91f946a1eefbe81df855fbcf922e029eb165b63d4f9c2c348d956ccbb7242e9e80ab0a65dae173e3fd7e88e11c71ac73b29a91296509e72e7b10c88ef69f4183cb5b3f1e2bf1152927e114f46cd747262a8bb48100318bb1ea930ac4e887f948b3448aea04a5ddf4f8613542c0e5cb1fcfbd4f2a0917526f5fa0deb5e223fe4125c94c9254ee4690e76adf556d5dbff074e901f85778db98450bbfe74f8252c60a1c72fd39fbe7c74a66754c0cae7eba18b1a56dd85744bcdeabe59dffa7709cd6eee8244b1275148116f394686b024b09c6cfc520aa8f6f5f97a50eef9f8ac47b8f9b6b5890f964b3fcbee9d2648c2dbba5f77fe8ae875632644420bb60c48f719d904dace67ba5e4d3434108ec0cdd0970c21a6b8dc7174563180ce1532602f7ee8528489ce0380d62a1839b13ab9a8a99eb97b3edf746406c9c8ed33778a1a95a24b3726e41f41d6a05116329a8490347eb337b91bc60b04230b27cda7d303a719306feccb4caa01bc03574b1c88c8f56c801f22252456ed320b963025ae1216a0693722a79c78f918d8708c8702a837ebf056004b933862061ca01e76d2e120e7e06e240bd5741aed01e5f43a90ff010fa1faca494c6811c33730574516f39dc0fa69c5a31b51194175d624f6171aa8293e5fbfa5b391e4e21e8a5320aeb8003ee4fc8b5114c795c174cbefda83c5a04b401ec5a25d4082f97a382fd86ea8720d6f464f35ef8e3dd8e42b2428c68776c258a0e8af6f65dc3d4d183b1c9bcfe1bbe42a2f57d0110987f01e85c058c98a8f93f8c6b5cca02b37ab78503047327b9be946de7ab1549ffc32df9312f9ea125e9fe53b0184e8bb47c3e5319463a434ae8d92e63aeb4b5ab11c2e17e792f95f0afe3a32b00415f0ce77759a24f48389abca2e365054fc4f6b43c2b10760c7cb2946b9d5959f4d7571f8427494c3c85c29cebf7752ee0149b15cda2480d98bac78f7f386ef2a7eb4b73b9a6588c5d547bfbffc589998d28b65ff358d193202c880718bdeec99055ef4afa806191863bf714e8d3428b42a3fda38e4665237fd582fb46c8a44d5658384467cf10c3b358cd01edfdd4226f3b7e7ca45200b89f9c2d8daf4ba8af3ca4c97b8eea22df62576091719c839e780c50573c3d86fcd282cde0deec3165dd98b6a76ea07220801b331352d086d00fc7c09c4c1c1131bf181e38a743f43dde798d1f7f8dbec0a03b317395e5ce55fc22cef6842b60f64fab06645367f67af417ceb8f2150880711e1b18f78083630ea40190828a053dd9e224316f90dbab45bc60848874a3b12067a06507dadf4e765fdc6983add0934f8370f5177cb3d5de23444e91a8207848094ecd8e4bec3992c3ab80e76a6ee51bb41c7ded2117cf07604870c2f6b2b3b48a331c7a4237b55922e27752c2f18b1405fafc74ed8d75116305c7a476b394358d5388de8785fc8f052957a3ab7820b3c353ecae92929ba38c6ef18219a470f27cacd32a097d5ec0d1bb26dedd4b9489e4ea458c6cf7bdbcc62e39fd6f47717dd6711da994fe7edf39af02656b49ae7a84cf3500acf55ad83f5f641e4aa3fcb9dfef139d9aa1ed20bc08d0d2c11a26380c60bb8120dbc5b2c0f69f7936f51cf46b69480749e5f78b8d97cfa04e1b941919175ba563dc4e66c11eb815868f786493a1b99e573bf0f445808e7eb9a3425245509eb9b7f22dd92bdc1bbd9cf30bd7996b4a247b2b688b8a35072f0f21500e38b83171b94b2e999faa23da8ab9b61db570bf6052276793fe14859bd26cbf2f671f9fb9d39b2b8db142669e9c0f2d10d6a2e6f3ea1b6d89ad78d26aec834b4efc1cd3c14d792de7da79e2fdfb37d5752ebf53b1382b1fc35aeb624a54acc49c7b83c59119d30db3af1bb5a63f6ed2cf81f9d218cff73a61ba69bd7f6392c747ffd1b8e64ee155d7177d17d1762ffc074886bd32d4ce659557bb04b71f024399e66d9f5f4649dd91e93796baf5a17d7d989dd25805be53d1031832ddff33c79fc24c483539aec28f4234066f126f9baf4c2c692b2b33ec16275d6bd427b74e9182cc48fc92941a698265ff1b3c7a447d83b8e683880cef4fa82160471d9343b6ddfebfb11bf620805942271d3790936e2951b0b1f51d5ad29a2f2daee0c7939942e7e04f3bfe6d23f4839cf93f838d27cfcd26799922128b691ac5136f2f5eb081ccb963a7c0fa91cefb097a8a65cc559ccaab1eae860bf1935b604c6be0538a92abad74c807337f0bcaae58fd07614fcf97fe07c8cf2d2f95276d7897ca83d8ca7d6dbfa544099d66820d3333f7c8549a88b03f6c4a715b006e20c24a96e2c05b343450c57071f204493d1d5b8ff5bf45b997a9dca409af4c10157306892a6268dd2a3e50c27b1a003d15a12471b09e11e0f6dc34b88dfb3f459a71b8c1ea207f812d1520860c2b758b7cb57724702e819669e39d80b5d6715237c03662b251de3f3a065f4dbfaf45489b973c3a88ae20260508961281ad1728e27638cca9ad8584f7138e43831bf15245b33d582c273afb85388b2cf2b2a38201569d81d5d2786e87dd6cc6fc3e6784d862077a06f71cccf1358e0f4b84c6d52a199cda74040dce3c646adc1faa9cb636ea0622fe08fb510cff9c2f9b3294906680c5bd36c86e6f51d2a3f35cde71fcc50987c5db5a7ab17157db13ceb61538ecfab77e46c5716e49fdb89a324bd4e26b1cfa200c117faee66c7ce433ccde669492c91f2c70430a4ab07dea58b9ca02b655e2d958ac5b3af5fa358a233583bdbc7833ecb8af6fc9c644bd898fa579561610a1b5c832a63db402e4861c63e679439cb8babe569b20f5b02c7b119f0d070c2c61b3e04aefb0973fc5b31fc2c777259aca03da4afa685b3eb759a2c4e21d98f5e6d47cf6d9eeb022467a5aaa795c276d6b8ceaaff383f818cca5957417a29e3ed1e1ff598b5ef210ea5b15a45fc8cbf5f54a30e4f6db7d0c2baf8fa5c7eef362aa30489e56bd803181c4afb9dac96516b29abb40f0dba147fd09538fb6318aa50452e4069594e8eaf4b57fc5f937103439e5755d2634141818d5a49cb11fb3766083d3e28f1c8cf783c48bc5a7342fd7fd4daa9ebd2c23af74af643e968cbf92992a6efc0741121280aa19eee0387a4e1f65b1232ac8fa9b3e3e288ab891f0ef70fb4053372009328e2ee48f13991861a783752366db8d7972557820ad24969f2bad7a041033c9d155362a5eaf237b13b58c1548281aefe70141cd1f00dd194a0c7aa1eb2bf04490f64554e1097c8f51b6d0f4fb780704d1a852a5cf36f6129f92dcba6b455d669598817c07c74e63d4a08433dd98c565525ea90b5becfa5f082f7df8510afbe4141fac5da6ceaa642b2f53ddcd23"}], 0x23f8}, 0x0, 0x20000000}, 0x7) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r5, r6, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r7, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000}, 0x0) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r8, r9, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r10, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000}, 0x0) syz_io_uring_submit(r5, r9, &(0x7f0000000580)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}, 0x9) syz_io_uring_submit(0x0, r6, &(0x7f0000000540)=@IORING_OP_WRITEV={0x2, 0x5, 0x2000, @fd_index=0x1, 0x9, &(0x7f0000000200)=[{&(0x7f0000002bc0)="952749eea23e785f198b5f1e1187e141f4756139919de72c59b60b5e9526f7105d724861789f78e699bda49c2ec0a8d713b4ef87c01f88b08de91ca8410e45bcdec8350d8cac1478d15a3178b9d18c17bb3b84b3e133cc4dfaab64a7abd0d51be97df2ae0613e6d3daa22eba0ae6804a29ec9d383384fd6b2e78f2e4dd282d067abca99b3eb1e3ee64559dad7f4d2a61fe24793aff6dca0efc75664b55120e025a28a6b68921b95dc967898f7f4b4830dfe47b90910cade02f78842884a13a7298dbd1ffbce589b398fcf25454e28de7d98aa86f29cc57442abca4f05881fa0aa9734f7f99e696c3b1c9c2595633a402f8c908", 0xf3}, {&(0x7f0000002cc0)="a6b62d0d8794f0d2b11291fe383155fcd2bb5be8c057aede3c9225afa4c87bc62adc02f86b7fbbeeb081395d0488f442e523f58b85f5ac99620521fc84a28e5ec0bea422ab51d4b03290fae2e8f566298562a2ab52e72c59de180a1d0e7ef51ab2647d3ad42510c4107c4bf9bb005eaeb777cc47e7bd1ba1bbae3b326cb30de76aea3abbac1b3d4a1e0fbbcef4850b65f425bc627529077f524916edc0b5", 0x9e}], 0x2, 0x9, 0x1, {0x2}}, 0x7) 03:45:12 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 63) lseek(0xffffffffffffffff, 0x0, 0x0) 03:45:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x21000}], 0x2) 03:45:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x900, 0x0, 0x0}) 03:45:12 executing program 2: r0 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x13, 0xffffffffffffffff, 0x8000000) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000280), 0x48002, 0x0) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000380), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000740)=ANY=[@ANYBLOB="010000000100006318000000", @ANYRES32=r2, @ANYBLOB="00000000000000002e2f66696c65300015b54c2b61739da16f461656c1e25e78cbe98eb47b3bb5fabbc51eed8244b5e6e4cf7613ce3fb6afddd7553598166beb0138c027204097c5e9594c12b62033778f9e18c865123cb74fb079ba88bd99c11d6054fe59f0f26d18218e587e26cd582177dce2a0c061e683ca0838c4cddd62c16dba0697fe2c1cbdb7f9740be911b5dd4b40be17a9639b1a89c0599ada9f62d5233ef65f56bc6b132e0943572ae93ef614852e18b9aedc1c0970"]) syz_io_uring_setup(0x620e, &(0x7f0000000180), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x13}, 0x0, 0x2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000300)="a63a85f508c5", 0x6}], 0x1}, 0x0, 0x4008000, 0x1}, 0x0) syz_io_uring_setup(0x804ebb, &(0x7f0000001780)={0x0, 0x1b9b, 0x10, 0x0, 0x165}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x566a2, 0x40) syz_io_uring_submit(r5, r6, &(0x7f0000000240)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd=r7, 0x0, 0x0}, 0x0) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_FSYNC={0x3, 0x1, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r8}}, 0x8) syz_io_uring_submit(r3, 0x0, &(0x7f00000003c0)=@IORING_OP_RECVMSG={0xa, 0x1, 0x0, r7, 0x0, &(0x7f00000006c0)={&(0x7f0000000440)=@ax25={{0x3, @netrom}, [@bcast, @bcast, @bcast, @default, @netrom, @bcast, @bcast]}, 0x80, &(0x7f0000000640)=[{&(0x7f00000002c0)=""/15, 0xf}, {&(0x7f00000004c0)=""/90, 0x5a}, {&(0x7f0000000540)=""/205, 0xcd}], 0x3, &(0x7f0000000680)=""/23, 0x17}, 0x0, 0x40, 0x0, {0x2, r8}}, 0x7) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000400)=@IORING_OP_POLL_REMOVE={0x7, 0x5, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, {0x0, r8}}, 0x6) syz_io_uring_submit(r0, r4, &(0x7f0000000100)=@IORING_OP_WRITE={0x17, 0x5, 0x2004, @fd_index=0x8, 0x7, &(0x7f0000000000)="b3217d293ca4f9cf144d81e3806823fbd0f8e60191c22b28ebc3654aa1bb81552e807bc0cf3f7dab0945d93337d825184f8673165deb76067a0d836cbb48f3eb6e94344b3ca3a421e6e18d42d7684fa975b0572ff3b992fa01e97c95ca31a65e31d46b7b2ca3a627323ebfa8dca12319e9d994f1dc00ad40d836897ae12073062ce53d518238035dd8da81bd65e47dfb461dc5591b3138d868980820202ff94049bae36e6240d59236eea6b8c115c363db26d58a138f496926951c44fc782770e9b3b04bba9b9c379a8a1bb763bfe1eb76b3e426bcd9c0408ba8d45301d45567c8ffa87a7f51388a2aca503c03746411f9dcfe2e060aba2eef92", 0xfa, 0x12, 0x1, {0x0, r8}}, 0x105) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r9 = mq_open(&(0x7f0000000340)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r9, 0x0) [ 2256.637132] FAULT_INJECTION: forcing a failure. [ 2256.637132] name failslab, interval 1, probability 0, space 0, times 0 [ 2256.639953] CPU: 1 PID: 11285 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2256.641692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2256.643711] Call Trace: [ 2256.644368] dump_stack+0x107/0x167 [ 2256.645264] should_fail.cold+0x5/0xa [ 2256.646200] ? anon_vma_clone+0xdc/0x590 [ 2256.647197] should_failslab+0x5/0x20 [ 2256.648145] kmem_cache_alloc+0x5b/0x310 [ 2256.649142] anon_vma_clone+0xdc/0x590 [ 2256.650102] __split_vma+0x17c/0x4e0 [ 2256.651015] __do_munmap+0x365/0x1260 [ 2256.651947] ? arch_get_unmapped_area+0x450/0x450 [ 2256.653138] ? lock_release+0x680/0x680 [ 2256.654113] mmap_region+0x7c8/0x1500 [ 2256.655062] do_mmap+0xcdb/0x11e0 [ 2256.655926] vm_mmap_pgoff+0x198/0x1f0 [ 2256.656894] ? randomize_page+0xb0/0xb0 [ 2256.657900] ksys_mmap_pgoff+0x41c/0x560 [ 2256.658949] ? find_mergeable_anon_vma+0x250/0x250 [ 2256.660183] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2256.661471] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2256.662751] do_syscall_64+0x33/0x40 [ 2256.663665] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2256.664948] RIP: 0033:0x7f00b63acb62 [ 2256.665847] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2256.670374] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2256.672257] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2256.674002] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2256.675738] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2256.677494] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2256.679252] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2256.694676] tmpfs: Bad value for 'mpol' 03:45:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xd00, 0x0, 0x0}) 03:45:12 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:45:12 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:45:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x121000, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) openat$cgroup_ro(r2, &(0x7f0000000000)='memory.current\x00', 0x0, 0x0) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:45:12 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r1 = syz_io_uring_setup(0x620e, &(0x7f0000000180)={0x0, 0x440, 0x8}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000480)=0x0, &(0x7f0000000140)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000000900)={&(0x7f0000000200)=@l2tp6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000000840)=[{&(0x7f0000000400)="a63a85f508c579cda5b8581cb7825a1c0085157ee13b67e4508b0814c0f9587734c0a13022d132f0bc6ec8458f237f14f3ce657be1c5b4ed60810f1ab74c5f69b743c59736135ba967ca5e222dd11f8e8c6d9451487ddc779d219845a48868c7939aa9b6de7b10a0976b4b91", 0x6c}], 0x1}, 0x0, 0x4008000}, 0x0) syz_io_uring_submit(r2, 0x0, &(0x7f0000000080)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x0, 0x0, 0xfffffff7, 0x0, &(0x7f0000000000)="a4148345dc5464f7ca425da2ef48d80bb65f8e8a31860732407ce9fa63e5de56c5810323eec59a09f0ce6883aac1341ff9420834a469233e377a972ea102a2d1036e011e2ad59085fb4483368c5aab887bebeb7918982553027b654f9d8af1b136d0da9568f4d5f02f0a09fb4825f2dd92c6", 0x3, 0x0, 0x0, {0x3}}, 0xffff65b9) syz_io_uring_setup(0x2271, &(0x7f0000000280)={0x0, 0x4f85, 0x1, 0x0, 0x2a}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00000000c0), &(0x7f0000000340)=0x0) r6 = open(&(0x7f0000000300)='./file0\x00', 0x81, 0x1) mmap$IORING_OFF_CQ_RING(&(0x7f0000fec000/0x13000)=nil, 0x13000, 0x2000002, 0x190010, r6, 0x8000000) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(r2, r5, &(0x7f00000003c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0x7, 0x0, 0x0, 0x0, &(0x7f0000000380)={0x77359400}, 0x1, 0x1, 0x1, {0x0, r7}}, 0x3) mq_notify(r0, 0x0) 03:45:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:45:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xe00, 0x0, 0x0}) [ 2256.895345] tmpfs: Bad value for 'mpol' 03:45:12 executing program 4: r0 = epoll_create(0x7ff) fallocate(r0, 0x52, 0x6, 0x8) r1 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r1, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r1, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:45:12 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 64) lseek(0xffffffffffffffff, 0x0, 0x0) 03:45:12 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000003c0)={{0x7f, 0x45, 0x4c, 0x46, 0x3, 0xff, 0x78, 0x8, 0x8, 0x2, 0x3, 0x2061, 0x377, 0x40, 0x98, 0x6, 0x9, 0x38, 0x1, 0xffff, 0x0, 0x3}, [{0x70000000, 0x7, 0x9, 0x10001, 0x7, 0xffff, 0xfe9b, 0xaefc}], "6ad343c5cdc556518d23843ac1bc5cdcbcece24eaa88ff8097e42b639c562f4d0a1d871d9da2b328fe5c23b6ec6e2290c2f19612bc456977d9bc193e30f36b64", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7b8) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000340)={&(0x7f0000000040)={0x2f0, 0x1f, 0x200, 0x70bd28, 0x25dfdbfb, {0x3}, [@generic="45dca50e8539f4452ddd0dd85cbd76d5eed340ecf1c45c053698577d6c014fd4c5dbf33e3c192e8e4dcfc556546ac871a65d647eae16a2c65a320e7042c9bb37f2fbe42a60119b7787d079309f435d7ac00f5de0ae78372f16456bebfd7452a9cb10b4b55a8dc9f8a84ec4057b1f897a19c67a833823b9420bee6583ce025a99f3c3d179be7533c121556738668aeb94ef32da66b9a79cd9a3d2350a919601aea2b83e0172b62f12955db272107a11b1b72e1d3e6f54453105a4ff7c", @nested={0xf5, 0x3c, 0x0, 0x1, [@generic="5be673b25fd4305a27c57f6cb73251225b821d211a", @typed={0x4, 0x25}, @generic="e46a3fb332d7fbceb9c8ad835b046e851e212bf5406dfba875d93a0c4f2ffeffeca2156ab424940a5a1778b96d5cc03614c6a18ab4374d279bffdcb08e858c8cf4f6d622667016fdba3d29e51b10756ae247b698cc5bf7a421714cfd64e9106f73900eb367847c11218d05b1b4978393e983d4cf573825adf8d146673d1eed31c171109fd8346f80985d24308ab969800b8a347dc6e3a2dbfc07a32578df786a24f715f0a2994c01a155739ee515de270c2d35d762cf803a378359b0b01a312d6dfa34d49450d331dcd4f807ce8d8a75ad56abe145b32e29"]}, @typed={0x8, 0x85, 0x0, 0x0, @u32=0x5}, @nested={0x11f, 0xc, 0x0, 0x1, [@generic="f8ac", @typed={0xc, 0x75, 0x0, 0x0, @u64=0x6}, @generic="ee9ebd1802a70b49335687326dcca6187624986de4e5bd7b72c6d6740baff452ffaffb5a82fdc498e314ecc5fad1039f4944bbcf7a1ff377b597dd8eeb87ca057e", @generic="83ed34fcac091fe229a8994ba3158588c451738d177eb44273e7864b34dcd0a4ccb54f351d38a179c23eff9add0e720d5981bcc3c1c11b942be39029c4d43e6dc2f69c654fdcf163fdce67237b85f481da2669efb32cdd8568362f151468429ab05c20db4051b435c48871cfa33d287358e81c8b1685db07af507cee44ae256ddbf97daee92e211acbd92b98fd83ee16058e73d02f1a69", @generic="96a15fb889466ccaee8bb79357b2c3f522a0668f9166227b57e8bd018ce6dc9b7ea1a562bb57e90205c9ce91047dcd6bc3bdb4ff19"]}]}, 0x2f0}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) 03:45:12 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x22000}], 0x2) 03:45:12 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x1000000, 0x0, 0x0}) 03:45:12 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = inotify_init1(0x0) ioctl$BTRFS_IOC_INO_LOOKUP(r1, 0xd0009412, &(0x7f0000000300)={0x0, 0x1ff}) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x30000000) 03:45:12 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_GET_WPAN_PHY(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x14, r2, 0xd8499488957a772f}, 0x14}}, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000900)={0x0, 0xfffffffffffffffc, 0xa4, 0x44, @scatter={0x7, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000180)=""/116, 0x74}, {&(0x7f0000000200)=""/191, 0xbf}, {&(0x7f00000000c0)=""/28, 0x1c}, {&(0x7f0000000300)=""/58, 0x3a}, {&(0x7f0000000380)=""/178, 0xb2}, {&(0x7f0000000480)=""/225, 0xe1}, {&(0x7f0000000580)=""/74, 0x4a}]}, &(0x7f0000000740)="69889bc3adf6e38ccf7e682b95100c0da4eea803c8d17d9f6d7b44bd2afe62b639fcb66531824ff613074190e96b02e5b9cd16b5057702cee0df492c791a646323b15efcb44521f5917dd5c7b5403977434ffa45c15a192b1857119a6d9a80b70cc793e8b4bea61ebbcc42cc4afac9bd795c26e2281a5cbb510e57bd34a34d51bd31ed09c6136d50218755ac9d0a37ee84db8756b46e6c5c2fda0bb6d629a10f784d28dd", &(0x7f0000000800)=""/207, 0x1, 0x10, 0x3, &(0x7f0000000600)}) r3 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$IEEE802154_ADD_IFACE(r1, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f0000003000)=ANY=[@ANYBLOB="e228ce0e", @ANYRES16=r3, @ANYBLOB="10002cbd7000fedbdf25210000000c0005000000000000cec7000c0083eddbaf6ef72658af91306453cf8b35d5bf6539164f2e6101aaaaaaaaaaaa0c0005000200aaaaaaaaaaaa0c0005000201aaaaaaaaaaaa05000582f038000009001fef24448ddf54b4f126371a0eea823ebefbb47ac466ade7010000000000000017fa930efa2b52a71320b778695b321feca89629864567856df5a0276d43fcac28fba5d14b5f110d9959ad9683a14fa2dcd256fae003776177ecbba26e2f82f2bfd6e75aa55953a7c41f89725376f45f40478503aee9773185c23171148c9cf6be94f057d3fe0e358b8823f2511efacd041524190930d3cba3d334516bef63f53802c47354051cede67dd801d45c4207347a44bfbe2937be0fed10182bed618718dadb4fc901da8a590cfb08b1e2818b7d0cebe58c379f8ceb13a855993842dfeb8b4b546756b4166ec5f2e4ef747209c177623c0e51dcd6f15aa8d862f4c724d6afeb577caf1df08d7a94f62c1fcdc8323b274d96074b6747c5e662abb02168117d0e649caedd8f37c796beff095e"], 0x64}, 0x1, 0x0, 0x0, 0x8000}, 0x4008894) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r5 = fcntl$dupfd(r4, 0x0, r4) getsockopt$bt_BT_VOICE(r5, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SG_IO(r5, 0x2285, &(0x7f0000002f80)={0x53, 0xfffffffffffffffb, 0x1000, 0x1, @scatter={0x9, 0x0, &(0x7f0000001dc0)=[{&(0x7f0000000980)=""/39, 0x27}, {&(0x7f00000009c0)}, {&(0x7f0000000a00)=""/90, 0x5a}, {&(0x7f0000000a80)=""/172, 0xac}, {&(0x7f0000000b40)=""/102, 0x66}, {&(0x7f0000000bc0)=""/191, 0xbf}, {&(0x7f0000000c80)=""/4096, 0x1000}, {&(0x7f0000001c80)=""/28, 0x1c}, {&(0x7f0000001cc0)=""/229, 0xe5}]}, &(0x7f0000001e80)="abc9b71b28dac220da7278a92a375d2b8a321a8b6daebc2e87e3fb0c91b1d74f8621e5ea24e6d628e270a09a356c46eac5b3bd906276703174d308d8da93e9993c6b6b40dc23352d53c1623b755f76911f91200ff5eb666acc4eb6f4c3fc39229ac18af57a1d36495de5793012d4f4ea228e8adb1004116d6edae364bdc8beafdc95e822b27635828cdf570a420ef7fe827f7253fabe908e78efb3fc4578c359199f3b84b6f9209d01578e21aa18a9d43622961b327df229cc32876f3174f4ee97f62748aa83db8985e58f76db0caa3c31257bd9faa2fa6e7a4f6c7acca6eca537cf573fb048b3d20e3917d6fdeeabee523e2c8dd32e97dc3e51a20cffdde91f2f73cb87b76341b656a7f9b84b0f6967121247ef831d7ba244bc458929dfad31c7a118738c9f30ab07e4c98ddb5a4e16700b745e3421dc12f738a6dd77057413c8262cc787ee137e71a9c79ca6e500b86d6af34a73702263a37fa9a4da07cf1093367137226f5588cf4a2cd3d830049814b9c68957d4977a2da5667c6dd4035ec780298204519923c10452ceea72782ff0d9e6c15239f5d570d615a01507a12079ba9d93c0e63179f07b26275f6b4e2899190e5f1aa16fb4bb1faf3cae6a09fdd7b24ecb94d7f11cfb2a2564a98241470ada376fb2c5767a824eed8f488c64463d08dc2ef4b0392577df11e7bfa22dafa856ebd80f43af5cb40f05f57a538800ece1f9c9a170e34ae15725d3ce482a9a74139da541c5b1dcf7f1fcb84eb440928f9af15dfaf6f8cb6c3f886d5b77a344cc5894fd7df30675834040cbc861020df3a8e19b003122235b52cc3f8af824da23f2e5f1a46e2c439a569fadae21b0ab8124851b243690fcd51c29d3db37325943aec2dee6de9edd6ccb56bd85b07f8ab9f9a4ea702dfc79eace409be8b4bec81284108bf974820df6cadd2d62d30cb59b5b19c3e588674996d2118a008b98c0b19ac9937e2751fec8a76fe923988de9ea230e897d50ebcd993450c211a2542b8c628e5ecfa64560f7de8fe22d68321edcf2fde9e6e8470259d9582f9e3f8be6c6b05bd7ec853eb1152bdc576082fb474fe4dba1d130e0b1b44231af0d2428be2283fc2c479499af7c69c75647c337c2919c5c48281c4f36c18768d7c5f9f171b70b73ebfff465721ad9ba5414481ddb142398444631c614ae9b163eba734f544b1f36b4ca980d6075fe5ecc1d7317534def799c55e62483ea940feabd1888c2bec91409399fd8d5b91aa653b38868fafb5c214f7e168aa6c135593218d4c6f0952e58d80c4d3ff4b291acb7a15dc786ee3f4b987a0cf3f4b7be668312638c791f8fa58d3307eb0ac83f77eb92cf9b2cf723d2eb03d4af2149f47b47192730a2a2b0ad655d14ca197200b1bd9614011cabb6e492b069c9076549ad7954a69722f7c2b35022dcbdb7d86e796e363f6004a063431cbe1eff2f2c3b523bc2afaa95605e44f54341e49bd0637fdf191622ff71714e910438b095daa2cd70d9890a419cc80c0f0d9e97d185ae16b064293f2e799439679c381add512cc07af742f8c631fffca888f58d7b24b390919242743c3544e9d825ade2eeb79bd12d15480e8c67eb94bb6107c21c75e74c5d9ffdab185daf260e00316a4514418801cb57cd35528f5a9f42848b0de6020021931ae1ba9877c9580a2e719b467fd036b0c537eb79d330f006a6508e4b566c15a5c20e0e9ea5aac9c3c404c126f2135323c429dfdab902b8caa1b11beda0b200f899b2ea9c479b1e935a8eb5e7b29c9a7155dd13a0bc41dd073377c0d14276104c615b337d118698d88a25538aeaf97af9cf00119f6af6c2430f1dc7d79b2476d3509895b86fe7c1462f0e7ed0212690816e41ae61ffcf1e374998a7736984fbd80ba8e6339ab1f2f754a0f1aadddeb5f0ef0f05dfd56c26eddae92f082e8321fcf38947aa0ca1ced869a741be55639eb5ba0197bf3271316cbf5c5f587ef219f04c0a9f28c333bcd7b03e84a3ddbf1157906f6224d09b260365a4851ecf969d4ae832e159ead4a0d009983aa9fd40ba95e26f2ddacf2b94f1178ee699a54beea9c81984daf37086d62b2a3b225a41292e2d85cdd7b2aee4699c99bddbcc45c7dc8cbe243bfc0880cf5448735046d2cad4be894818f420a86bd24e4046936a3df739dccc52ec55bce9fa272e7f38c68873d9da7bc2229eb9a0c394ed9301d68b4995fcf7357256fa97f23066bb52e33e9d04f23b4565d545d61148817e82debda5828aed64469280870050fef121e2d9a1702ea0a9e7ead4ceb40c7960244b14f450f4b06922f22a45ec0a166b5b6945d0a788eaa5ef02e50fbc0478a53d347db5d7b972080ec375691d54360226efcba2fb8ea76834d3415a6f81c333ba8d233b96bee9f75d38375e1d42f6b1df498edf42ae63e155925c965d84bdee398ed2fd0a1fa572c4a75041d40646816bd26036b854806f6faed18d99489f226fb8e027d946e27dfec0ae16d4e1aeff64ce101ea9c111b3959c4b045b622e76516865e5b67821bfe24d2ad7dc6d95bf17ca1a032e2555a083dc5c6339887285eb4d6b4b82e778206cec627ea484bbdfa754fa507274d7b0372a209b480d1d076e53dbd750ef8e82e183689f64c630341a1c4f1283962baaa62399b4ffc0224167322f3afca3abb12f80c25ef3089664599e45e4f462941b60e5353962b3e1b190d13d95683c40598db148141e3bd599ccceb6ebf7861b72d82cfabe02c4c89f8621c8d74ae1c1411927ca95fb602ca1116f7e124b9c9ebe64842511484d4a24340045816989597083236bc53d9f421251d8448dfea1dfd8e3f5130f9e345ec57384c3ac40587d44a32b8582cb1deb7ce1810f71963c6ab21824c414ba59007d960118f8508b1bfc87356c559d960b2cb70cfe4855e352f1eb763e4165c3073a0b0574e31cb3ff48100ab3878d74abcdc6157c99d050be2bcf5155fe17616087256e30860f96afd4b9b7fa75e4bc5e63d939279960980883a289ef3aeea50dc49e581489ee4fe917ff620d94db2d3f5a07f0a608157865cd50e92185f3e19c973ae5e7dae0eb9706715a7c286ac96f3394ce6f4288a382a62fd387595d9fb9577789743976e4ea620458b3fb0f00b5ea8260c33805ea8ba92beef57fa175c050ec2664ce07fb05c1b08ec9121c5fb9a58e79d1ed09532f4872683328cab5458047ce8d1c4771a9ed9b585e3164d43684b53f26be3ae7c0b217e486f5048e51a60a04bca5307f34c8eb4f83e156b00adfc724e15aa7b46d708fe4cbcad95a8445bb8a090868fa5616983bb81247ac44720c6b3b2c389d236ff6e1974ccf2d971a85a73c56e0b2cdbcec7e672ae0c561c555358dda48204a447005bc56d71233afcc3e1ede128257ebd1cc61cba88364248eb95b43ae44ef6df35bc5471c4eb22ba8733c28ef8e98d2bab267c50aaec143eb34355a4fb79cce3192f6c53588d1dd866fa5bf311725642a9772eb208ed3d474c79cf7d0a18e91859d0cb3bc31411d1cb19bc0dbb19cba2aee4de88737d91aef320a58319b1765a6e6c82cc5fd104977cb0f3a294aadbdf9bb7d5163a04f114ffdba84a263e38119961761f52c74bda67d1771a0fc28dad9e27a8255302f621588170741ce3e984c1161cb2fa1d53fe00da54ae40024f093faaa096a1c6dd61dff1707a947d2390cac4b5647a671b8f6d0187c84b5e1c79b7c64636abba9799b9418d2924a65e6e1b0922183e043f7c66e2edd65631cd27adc5a5aece33eeabbca8773c2657342620f0ec68eafbd702a039c77f7ae8c0077a7e353bcc81c7940250d0c79aeb9682310b07f276a36e6b21cbb45f1fe8b56862b08da8294ecaa16ae0906583a9ac8ed19d261902d53722c89508b47b9b98ef39331e8e0fc8c490ec2b9b138417feca44b7340ca24cf14ffd70dea44c8a189c0230e33f63431a517e60d97ddacf0dc908015dbf01df8c69bc33631688cc5e7dacd912662ab16f71d69b51d5c2ba654c8cf621cf715811c8979571f03478fef2715237e2be84763b9b1faaf9e13489759c72274beaf9db4a4aa1b5e7853356e926addb02b7d2b27f81d8e53634568f9ab217169f1bc61b47d573a4852c61251366492e9d28ec00b1ba8c9d591d3d4acb646a734b57028f974c5d2ef6e187c0b7e1a225673d321cadc652fd4141a1d83e20ff3b38053e2a1207d7bedbf466ba6e78a3a914588308c1b3ff604653b43fb5b4281dfedb543b8e9358c1b88b0256b944fe57be4f552e12c88ccfecf3727adeab9da4e37932735bd4aeba83fd113399f0b117eee8b67ba4935315ca2e197d21bb6e944bbc712b715bda63faf03101a74036c3569c4f26c8e38bb06d3f71d4a85e7804d58a4c933a8b92991cef8e5d04215b8ea53d12f714f93d288ba1aad35d5ef41e87b3b32be2ec8ec24f94cd14252d71886150dc1ecb15f2fbdc15cd44f05a9ccd3dca03ad2a40f8f2e508b1f41dc26a4c799211f773c955f7c16905f5e629830c28aa7cda018c1f3add5b6c368a6604f1250224645f98bcd7c37415188b8ca7169fce58c189af4e1b48af6e1b8ff46725e6e2acc7d3638500d38252d4c5679acbd71887ff6fa491d5b68820dbdd8b69d6dc32c9fff8270a94e80fbf3877ba215732aa2667ce5c9ffc3ac5c379f54cd0c9616530c685aca576457f93937494f8b38e924721ad6057a235b2e381dfe24906bd8a77129661ec3ff7949ccfe344764fd63bd371ef5dec303c08c8611deb7cf614ae4eed7f5616b62d24ee48a1cb656820e23e62f485c7e16515ca36d59e322371dace14aa53c60c9d0ea2961c368b209a30dd45dafe890984a8643af1d97cf2f7ff397583b5a2deb59f7e0e8103e429cdd1b3ea8f094b462c4a580867485165babd20b8652127091c11e4e1d2fc9d50ec2edd7ebf014ea46cf6cb0e3f3957a9ce7280c8436284845f9f2f08dda71af641ad0de4ad57180a2d44a7663b0e9637e4c31939b9fc31faf2f3c2ec40380ea52deeb2613c4555f1767fc0772a29ef889474c6c42e2159e14dec9df19ae48818deaf9f42ce5d5b817abc2a020c183e0d0c019b08e5acd09e05e9f2a936080047e211c5f5a5ef3394baf9eb5604d19c249f3b59f63a7c2dd933ae73970cbb80607f5711aab22e00aaa33e68783952d34440e76dd2f647ab921f8e82fbf244227deff3064f6074c7b0fcde0059e652f9e1cce967962956aee648f68d1c8969ee428d348263f1265ebfce33fc722fdc829966d0d8c8d3cc21d6f7d71db5576b56d9197dd903a4f3e366ade9260a1f4474fea1b83d9884b1fd2aba2a3bbb58dbf69573d21fab094c55799d11834cdb37e39498639471be035ee973333a9d8fbe0abed2619d2ac5c9270f465f3a5d52553923a7525311f9f91d19659b984bf3c1307f56ed4650637c4c9280bc082df6021a6f0b7b7762b6536e3f03cd80ef79a6e4152594010abd8772972626c5d034afdeec7aac01be2cb0742ba47a2263003638deceb5931842da6868aef72868d3ed84f1c5a02da7476794461a46c1dd0d321651d698090b434de9d144f30052de3b5ad00857059ca14cb4bf45999de39e5ca2d01d905b46f41586eaff0167aaf7f66ff2e0dc1201ba17dc7be4ac8c9e4d8544b37b9533cd5e9bad96ecb21df343999ed8b3e78273676af08075507f32309a751f3f8f0e08970dcb71d32e553d94c5ceee84bd47a360ac1b0b190b100450cf51a1665c4e238b09597b23db3ba1d5e113c56c031a024bfcd243112b310d49efb6154284c11223489d8a003099c", &(0x7f0000002e80)=""/183, 0x3, 0x10, 0x2, &(0x7f0000002f40)}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[@ANYRES16=r3, @ANYRES16=r0], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) [ 2257.083843] FAULT_INJECTION: forcing a failure. [ 2257.083843] name failslab, interval 1, probability 0, space 0, times 0 [ 2257.085806] CPU: 0 PID: 11323 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2257.086967] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2257.088596] Call Trace: [ 2257.089119] dump_stack+0x107/0x167 [ 2257.089834] should_fail.cold+0x5/0xa [ 2257.090582] ? create_object.isra.0+0x3a/0xa20 [ 2257.091485] should_failslab+0x5/0x20 [ 2257.092247] kmem_cache_alloc+0x5b/0x310 [ 2257.093048] create_object.isra.0+0x3a/0xa20 [ 2257.093919] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2257.094924] kmem_cache_alloc+0x159/0x310 [ 2257.095753] anon_vma_clone+0xdc/0x590 [ 2257.096549] __split_vma+0x17c/0x4e0 [ 2257.097173] __do_munmap+0x365/0x1260 [ 2257.097930] ? arch_get_unmapped_area+0x450/0x450 [ 2257.098869] ? lock_release+0x680/0x680 [ 2257.099647] mmap_region+0x7c8/0x1500 [ 2257.100428] do_mmap+0xcdb/0x11e0 [ 2257.101111] vm_mmap_pgoff+0x198/0x1f0 [ 2257.101874] ? randomize_page+0xb0/0xb0 [ 2257.102667] ksys_mmap_pgoff+0x41c/0x560 [ 2257.103465] ? find_mergeable_anon_vma+0x250/0x250 [ 2257.104435] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2257.105459] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2257.106313] do_syscall_64+0x33/0x40 [ 2257.107031] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2257.108034] RIP: 0033:0x7f00b63acb62 [ 2257.108752] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2257.112316] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2257.113796] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2257.115174] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2257.116469] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2257.117579] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2257.118648] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:45:28 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000080)={0xa, &(0x7f0000000000)=[{0x8, 0x3e, 0x1f, 0x2}, {0x1, 0x20, 0x3e, 0x2}, {0x8, 0x7, 0x4, 0x36f9bbb9}, {0x2, 0x8, 0x9, 0x4}, {0x1, 0x7f, 0x1, 0x7f}, {0x858, 0x9, 0x5, 0x4}, {0x2, 0x3, 0x69, 0x101}, {0x7f, 0x1, 0x2, 0x5}, {0x0, 0x2, 0x9, 0x4}, {0x6, 0x9, 0x6, 0xad3}]}) dup2(0xffffffffffffffff, r0) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r1, 0x0) 03:45:28 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 65) lseek(0xffffffffffffffff, 0x0, 0x0) 03:45:28 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:45:28 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x8008001, 0x22042) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r3 = epoll_create(0x3ff) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000000200)={0x20000001}) r5 = dup2(r4, r2) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, r1, 0x4, r4, 0x2) waitid(0x0, r1, 0x0, 0x8, 0x0) ioctl$sock_FIOGETOWN(r5, 0x8903, &(0x7f0000000100)=0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x80, 0x54, 0x2, 0x40, 0x7, 0x0, 0x1fc00, 0x5500, 0xa, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x1, @perf_config_ext={0x400, 0x3}, 0x8, 0x4, 0xffffffff, 0x6, 0xfffffffffffffff7, 0x1, 0x2, 0x0, 0x3, 0x0, 0x1}, r6, 0xf, 0xffffffffffffffff, 0x1) 03:45:28 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x2000000, 0x0, 0x0}) 03:45:28 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x23000}], 0x2) 03:45:28 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000080)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000000)=""/63, 0x3f}, {&(0x7f0000000100)}, {&(0x7f0000000140)=""/175, 0xaf}, {&(0x7f0000000200)=""/3, 0x3}], 0x4, &(0x7f0000000300)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xe8}, 0x12100) ioctl$SG_IO(r1, 0x2285, &(0x7f0000000640)={0x53, 0xfffffffffffffffc, 0x9d, 0x17, @buffer={0x0, 0x34, &(0x7f0000000440)=""/52}, &(0x7f0000000480)="05b811221326ecf71088ab0ded632265bd6ed53dc3efa62e4f9b4edb444c79066891e42af099202e168be43d7f16d6836a24caaea4a84b499fb839f875943ed30e4e0201dcfb691ff9ca4c961c9321b2a1be71582cc4981f1af6122e757ff3550aa3352bbcc353c7bfcaeb6561c0149497105fc9ddd3f525863d973e98a169f7066c1daf62652337dd1239a62203d2aa2b7ab138e7d3218e7a2dc21e07", &(0x7f0000000540)=""/180, 0x85f, 0x17, 0x3, &(0x7f0000000600)}) 03:45:28 executing program 7: mremap(&(0x7f0000e04000/0x2000)=nil, 0x7fffdf2c1000, 0x2000, 0x0, &(0x7f0000d3e000/0x2000)=nil) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) stat(&(0x7f00000003c0)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0}) setresuid(0xffffffffffffffff, r2, 0x0) ioctl$LOOP_CLR_FD(r1, 0x4c09) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) syz_io_uring_setup(0x4d4f, &(0x7f00000002c0), &(0x7f0000400000/0xc00000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0}, 0x0) syz_io_uring_submit(0x0, r4, &(0x7f0000000140)=@IORING_OP_SEND={0x1a, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)="b596742cc32c966a9fec7fe360d4a9a1af23a4645579f22ddbb58b6bfbb514e8ea4b1e4a87d3097aefb76023e8d36b6068eaf66d9b50ffa11e9983732c44ad6e7a09c66cf84c9cbe81d7137c918206aaaaefdd7e645691a7bd31b0743df9760e1624a405b2b8207af2f6de7abae46429de75e227477228b545490dbe65e19cd16c974c91434c9524ac3d0f7f8e153ecc78ea937c2d519706902e9b366c91daab03095298fc0112c02d66876fae3a41623b484e9d9d3d1149ed", 0xb9, 0x40000, 0x1}, 0x2) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @scatter={0x0, 0x0, &(0x7f00000005c0)}, 0x0, 0x0, 0x0, 0x10006, 0x0, 0x0}) mbind(&(0x7f0000d3d000/0x4000)=nil, 0x4000, 0x2, &(0x7f0000000000)=0x3e, 0x1, 0x5) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) mmap$IORING_OFF_SQ_RING(&(0x7f0000d70000/0x2000)=nil, 0x2000, 0x1000009, 0x40010, r6, 0x0) [ 2273.026496] sg_write: process 805 (syz-executor.7) changed security contexts after opening file descriptor, this is not allowed. [ 2273.046770] tmpfs: Bad value for 'mpol' 03:45:28 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) fcntl$dupfd(r0, 0x0, r0) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$selinux_attr(r2, &(0x7f00000000c0)='system_u:object_r:systemd_logind_exec_t:s0\x00', 0x2b) mq_notify(r1, 0x0) [ 2273.136714] FAULT_INJECTION: forcing a failure. [ 2273.136714] name failslab, interval 1, probability 0, space 0, times 0 [ 2273.139251] CPU: 0 PID: 11360 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2273.140725] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2273.142454] Call Trace: [ 2273.143008] dump_stack+0x107/0x167 [ 2273.143769] should_fail.cold+0x5/0xa [ 2273.144579] ? vm_area_alloc+0x1c/0x110 [ 2273.145414] should_failslab+0x5/0x20 [ 2273.146212] kmem_cache_alloc+0x5b/0x310 [ 2273.147063] vm_area_alloc+0x1c/0x110 [ 2273.147851] mmap_region+0x97e/0x1500 [ 2273.148667] do_mmap+0xcdb/0x11e0 [ 2273.149403] vm_mmap_pgoff+0x198/0x1f0 [ 2273.150222] ? randomize_page+0xb0/0xb0 [ 2273.151070] ksys_mmap_pgoff+0x41c/0x560 [ 2273.151914] ? find_mergeable_anon_vma+0x250/0x250 [ 2273.152953] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2273.154048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2273.155128] do_syscall_64+0x33/0x40 [ 2273.155903] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2273.156978] RIP: 0033:0x7f00b63acb62 [ 2273.157758] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2273.161616] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2273.163202] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2273.164693] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2273.166190] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2273.167679] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2273.169177] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2273.170503] audit: type=1401 audit(1741059928.603:16): op=security_bounded_transition seresult=denied oldcontext=system_u:system_r:kernel_t:s0 newcontext=system_u:object_r:systemd_logind_exec_t:s0 03:45:44 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x3000000, 0x0, 0x0}) 03:45:44 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 66) lseek(0xffffffffffffffff, 0x0, 0x0) 03:45:44 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x8, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="ff070000000000002e2f66696c65300033a3f43a8a9df9d85ba88f539dac512793ae2e6421e150cef6257517a4aae4e7761495e5890517da37b7b08df71b2022b33d1a22d4c4ace80d3d165e4972cba7cdae5b6996bb893c584c685cafbb5e7d090a66bcd9230169ac7ad55a023a0bd0f88848b9c4d2892f2f2470cb24d8f4a3b336805803c0eab6"]) ioctl$LOOP_SET_FD(r1, 0x4c00, r1) mq_notify(r0, 0x0) r2 = syz_open_dev$vcsn(&(0x7f0000000080), 0x3, 0x10000) ioctl(r2, 0x0, &(0x7f00000000c0)="8793b6f9420f3016ac0ffedcda8b2acc9d6d3f6e9d8a24446190e4a311193079e4d747e0d8dbcf825c88b50f957b62ea2ec111464873fe08c497a11dc199033170cc2de633bd971101a5b35a5c14c49186a62bafec987cbd3c5ef6de298c3ad9a8cb4c6f4c7750ceda2086b2afe8ad8688b09d4ed202948509ccc654d384bda1ab33e2001e8891793e3fcfcc657b70ac031ad73ec6ebb5f9af1ddd6147fa0f183783a88a587d15ae") ioctl$F2FS_IOC_RESIZE_FS(r1, 0x4008f510, &(0x7f0000000040)) 03:45:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = fcntl$dupfd(r1, 0x0, r1) getsockopt$bt_BT_VOICE(r2, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$SCSI_IOCTL_SEND_COMMAND(r2, 0x1, &(0x7f0000000080)={0xd1, 0x3, 0x10000, "f4d60677e40d3e7eabdd50b916f4f9734ae165d57eb3fa92c52abaf1f3fa52b0aeac232d76052d97d305e1f9b9e9e51e553081f882d434a0bd0a6b1b8d6ed76f20a4a103f06cf2c71fcce65a906af2b906cadc147294a3a5729cbab95902342740a586ef22bd4b06077f6ee062eeee0fac3ed7136e35b8a442764b9d5327de63bc6863f5c67fa2c09091a8a76629c6434bc6936355cda7b0518b44315376b32d6423df69b3c651beca28cbfc4c0aeb97d4ab8c55302b8cb7dde2b10123d4bbc4bd2df70688d8050cef10b49923ee10ed9a"}) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) 03:45:44 executing program 4: r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r0, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r0, 0x0, 0x0, 0x9, 0x0) mq_notify(r0, &(0x7f0000000100)={0x0, 0x41, 0x1}) r1 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r1, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r1, 0x0, 0x0, 0x9, 0x0) mq_notify(r1, &(0x7f0000000100)={0x0, 0x41, 0x1}) tee(r0, r1, 0x8c44, 0x2) r2 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r2, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r2, 0x227c, &(0x7f0000000280)={0x0, 0xffffffffffffffff, 0x0, 0x0, @scatter={0x5, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000080)=""/90, 0x5a}, {&(0x7f0000000140)=""/8, 0x8}, {&(0x7f0000000180)=""/24, 0x18}, {&(0x7f00000001c0)=""/84, 0x54}, {&(0x7f0000000300)=""/179, 0xb3}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:45:44 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x24000}], 0x2) 03:45:44 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) 03:45:44 executing program 7: io_uring_setup(0x5691, &(0x7f0000000080)={0x0, 0xa44f, 0x0, 0x3, 0x122}) openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000100), 0x44900, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x151000, 0x30) r2 = mq_open(&(0x7f0000005c00)='-@\x00', 0x42, 0x0, 0x0) mq_notify(r2, &(0x7f0000000000)={0x0, 0x2c, 0x1, @tid=0xffffffffffffffff}) mq_timedsend(r2, 0x0, 0x0, 0x9, 0x0) mq_notify(r2, &(0x7f0000000100)={0x0, 0x41, 0x1}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r1, 0xc0189373, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000010047db7a3373e539f3ae2cc2c381000018000000", @ANYRES32=r2, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) [ 2288.800786] sg_write: data in/out 65500/246 bytes for SCSI command 0x0-- guessing data in; [ 2288.800786] program syz-executor.7 not setting count and/or reply_len properly 03:45:44 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x7}}, './file0\x00'}) ioctl$SG_IO(r1, 0x2285, &(0x7f00000004c0)={0x53, 0xffffffffffffffff, 0x0, 0x7, @scatter={0x4, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)=""/152, 0x98}, {&(0x7f0000000140)=""/118, 0x76}, {&(0x7f00000001c0)=""/127, 0x7f}, {&(0x7f0000000240)=""/204, 0xcc}]}, &(0x7f0000000380), &(0x7f00000003c0)=""/171, 0x81000001, 0x10021, 0x0, &(0x7f0000000480)}) [ 2288.834478] tmpfs: Bad value for 'mpol' 03:45:44 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="000000000000b77a8aa5fdf981a63000"]) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, @perf_config_ext={0x4000000000000}, 0x808, 0xffffffffffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r1, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000a40), 0x442801, 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000a80)=0x0) sendmsg$netlink(r0, &(0x7f0000000b40)={&(0x7f0000000040)=@kern={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000a00)=[{&(0x7f0000000080)={0x1a4, 0x19, 0x200, 0x70bd2d, 0x25dfdbfd, "", [@generic="1ed2cf208278ced27087e6c2d7acd794bc8d32faac1923565b641827c30077e0a7546d1e4dca6b094fe81a1698e406c320632c4a9229498afc1293ab59321bb7e924637498c9ba15eb45f03fc018767f92d332815e7a62c31fd93865cab92feb0791171b1392d3c4e175fa68ec654538b0a278f23a25b6887466a54aa88c98a8647e9d4d323a8704199e83dfd760f95c87184b211cc284dcc285bbe43c54f4a52e10e617a7e7429a32b0875a766eb0b00b0422e69eabb0c4558fe8beeb3ee1eb07332fd72820a29d70394fc49c158bd32865b1b6f3491770b2ec95f509e850a032cb2dd74d1568266439b128dc97aa37c843f1cceaa91d7c", @nested={0x9c, 0x42, 0x0, 0x1, [@typed={0x8, 0x20, 0x0, 0x0, @ipv4=@broadcast}, @generic="4fa5b4052d1ef7c37c5f31f1d051c3805244d342f4e0d56422f7560a338f46c61816db55c639e8f0b86bb8730911b2d343c7985dfea719b425f86f8b6de1041fcbacba3474d6697e00e842e40e44de847852a08a0a8f3114e896913301a02f53973b5d1c5f8ba9cb3b7f430c18d61ce774af54824cc14dd9fb2945fa8c014c7c965c6855e894a955ee05a3406e8f5fb6"]}]}, 0x1a4}, {&(0x7f0000000f00)=ANY=[@ANYBLOB="040200003100200027bd7000ffdbdf250c0066000900000000000000b5014e8004003300f06e1efd83b10bc7cea79355fada0790a0daf343edf5041f10c86250e63faefc77bb922edd5c21c7238c6207be8219e48af74a86d49f34fc80f9ec3819f360266fe89bf9d921165d39611d62020ead1b5e7ee14509c550be0cfc0037e5e5bb333699f1b71e17425a8d637cee9e1c421a36ad165595a4cf1609f0f8a8cfad04a23253328cc83de5a020eefabfa08a463675248ed1fea0a63862684630ffab6616f71b80f5b312695e00991636ab48ad452855c2cc6d987673f0edd918c56a642d02882cc5b653a0dd6cd8b6058e9d7d4184aa2ab50d69c5f3a60cf6f890b5d3f2dd90c0bff1531be6d16e74c5e8136323b9bd2b9353a0de2a19a64d2f73bfd3acee2caad465661a17bef472f5f67874f261bcd2d3ca7af3a58b21008ef04f8c19d42ef52933f638e904ee5679fec113d11d0205c2d37d17d57a78706fafda94e09b26076b61d4cd0f555e7d2c114e4c804530a164082a240a3bdec4e24e64534b90a9ef9b4af43daa5fe2cf76dd1232226bd8d8cf195b1eb322a2a34a6012f92a7587867521da89423c7b11a2e57897752ae2d37174e7e606109af651801e66ddf98a71aab8eb35ab0dc85caa0e00000008006800090000002800948010003400c06ff163abfc09eb4fe5aaf907002f002d4000000400040008004f00", @ANYRES32, @ANYBLOB="98957541aea6efe4df8fd3c693d9830fadbb87b7fadbd7c6cfff72c012f23593f70281f540c748da30c676839e2285f018183f52d012651c8736f21ee54654ba748c07ed3fa71d1fd7caf6f290401f7f868c2f31566a1c0934055d76e45e18fa741bb9f6737f5a386607833eb4e86e75ba00c0559c14fa2468d4c43f2a51f750a480a46884a165bce640163bb8f87119d7692f1b1d9f402337090c"], 0x204}, {&(0x7f0000000480)={0xe8, 0x38, 0xb01, 0x70bd29, 0x25dfdbfd, "", [@generic="7b5f04bb5419a456adb7ed86531e46cd9c2a9400574714d835ba020581b53ae655822857963986ad0fab13568e909f91cced99a56100c8fa9ff3a6be2671a5bc88d5585c7fff14bc83f51bc7c25b30db3811cd13904e4bf930abd60448091e4711affe00ace7bfdb30b6", @generic="91f2848fe0a721645f90a7990eaedf0e03df33faf231c5fceb4fde69b0ab4a1d35d9bdf1a84791a339003b8a7530077f107ba9e1722d7921e34ba051e40355be8052b328fab0c0ac3ffc6e4ae0b64984b118db83234d8fdb1ac9ae07ff5b63e86c031f955e194b49ad4a850824"]}, 0xe8}, {&(0x7f0000000580)=ANY=[@ANYBLOB="60040000220000032dbd7000fcdbdf25080085000700000038030b8090ba7fbf6d6cac5f7c7360e7c3149f8662131ae7a3afada790a2b6c8d6a40f412bc42eafe006e4fd5b7ce6198f8e016bc363068acd1c0a7c389ee2146b636939f8a606801d57c32a1c21d95dec875e4d59c0efb0025bcfe04027ce01957503499155d65a2524f45f4b50616961a212c98c3d385fc1f52c6102b1a72a930ceb5c3b8471c4004339ed8798477ca26a3fbcbb860c72b0715b36171a06cc2a00d90b73ab55f5583c1aaf6386ddfcc158a76300900033caa339ea6c70695974c18fa0bc7913f475890e9f979fc715e426e359f8c8849330ee91977095e43aba3339019e9e5fa12793cf3bb23aa99299dab12843f2257df8ca2527f19a2f96e79a431289ee2d36ee84a575e6379ea95c6a8d79dabd004ba08d3f6ba88e8811493efb1be4499d3ca8154e3b01e02409167957ea0c56a64504d72b45b84e00095d74701fbe529dfdb4380bdd164963ee75878187b5956d99246a046051967a0e2384becd99831703e506397b82f0eae12e56fb4773ca5437d75267b353d3a76d30ffec696b5c5040f5ba1b0afc49b774808e6f7dcf0a07803d1d8776a4403661177c280185f2338685ac0d288841550a6cdc69790b51c9b8188b678d0e1eeba88cc791f8c68f89c8d52014a391f7695dad215a8619c20fdb2214f71c64365e03da3bb10d51d1dc37c27ae89078b48bb4c6991061d3d2cca9fd1a5fdb1e070049002d4000000746311e4c46823832effaef5b559b53b758f4839e4e659c3f453076cd3fd120342a5372b946e051aaa42a9bf3e92f3507d752ba00984bda6ae168511cc9d69dd9e09d1fc8011fb079d25c6b21e46b5a8aaa4ab18a2608eac9af543cd318acf1f34d42e4c89300f95eb2c6e4ebea36d6fed60470bc58660ad6d0df04f45de3ecf2b5bcd9946925611263d05e4c7d46271d22146107ecbdd790fab78298ed68b6cc0e37f78d7f7292dbc88dacaaa06c73d8a2bf6c0eee3306488a29790db8c890c0c6163c99b2ee334a014ec9195a02e50017611742a0cf818c93702e347e3c2b2ddb14bc81fd27d28fff9498f4ff9187761f40029ae4514962ab1a7be8931c9e64f9e01646be515e40520e4c8970040029007816cf3cf633b0db15b187730b21d2c9b213e1d9b08c5dded32e8cc3e05e4ac97708005400", @ANYRES32=0x0, @ANYBLOB="080183800c003300000200000000000014006a00fe880000000000000000000000000001d5b630391531edfb13304ab32878fe0f1708692a948f8a0b979ce28f2a1e2187f93efe30db32bcb65a19f5a9deae94e525235c5eb9d015675662fd5b80627ce1c10b9b382ef61529021e4a848af608e423564be29fbf737095302249210c9f136ae054a855dc9aaeb484ac7f9d271dd94a0afe64df984b53649c69d5c938299ad43ca965f5f2a6a5d087277f54f6a043f2cd71e1a099dc93a0b4eca3b921a4b2ddaf8a5c2a24210ed36b7255fd42330aaa4faa6211dfea45cc475fd8551522e10c006000080000000000000051c8e706de9604004500"], 0x460}], 0x4, &(0x7f0000000ac0)=[@rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1, r2]}}, @cred={{0x1c, 0x1, 0x2, {r3, 0x0, 0xee01}}}], 0x48}, 0x0) read(0xffffffffffffffff, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x40082404, &(0x7f00000000c0)=0xfff) perf_event_open(&(0x7f0000000280)={0x0, 0x80, 0x5, 0xeb, 0x81, 0x3, 0x0, 0x22, 0x20098, 0xf, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xf6, 0x2, @perf_bp={&(0x7f0000000240), 0x8}, 0x41010, 0x1000, 0x0, 0x2, 0xffffffffffffff7f, 0x6, 0x0, 0x0, 0x8, 0x0, 0xd85}, 0x0, 0x9, 0xffffffffffffffff, 0x2) r4 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r2, 0xc0189374, &(0x7f0000000b80)={{0x1, 0x1, 0x18, r2, {0x188}}, './file0\x00'}) recvmmsg$unix(r0, &(0x7f0000000d80)=[{{0x0, 0x0, &(0x7f0000000c80)=[{&(0x7f0000000bc0)=""/171, 0xab}], 0x1, &(0x7f0000000cc0)=[@cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0}}}], 0x90}}], 0x0, 0x2101, &(0x7f0000000dc0)={0x77359400}) mq_notify(r5, &(0x7f0000000e00)={0x0, 0x23, 0x4, @tid=r6}) r7 = ioctl$NS_GET_PARENT(r2, 0xb702, 0x0) fsetxattr$security_evm(r7, &(0x7f0000000e80), &(0x7f0000000ec0)=@md5={0x1, "35d89cb0a37cda6d3ee98dd7cc01c13a"}, 0x11, 0x2) mq_notify(r4, 0x0) r8 = mmap$IORING_OFF_SQES(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1000000, 0x4080093, r5, 0x10000000) syz_io_uring_submit(0x0, r8, &(0x7f0000000e40)=@IORING_OP_FALLOCATE={0x11, 0x5, 0x0, @fd_index=0x3, 0x7, 0x0, 0x6, 0x0, 0x1}, 0x0) 03:45:44 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x8000000, 0x0, 0x0}) 03:45:44 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x25000}], 0x2) [ 2288.873775] FAULT_INJECTION: forcing a failure. [ 2288.873775] name failslab, interval 1, probability 0, space 0, times 0 [ 2288.876329] CPU: 0 PID: 11390 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2288.877880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2288.879738] Call Trace: [ 2288.880333] dump_stack+0x107/0x167 [ 2288.881167] should_fail.cold+0x5/0xa [ 2288.882032] ? create_object.isra.0+0x3a/0xa20 [ 2288.883067] should_failslab+0x5/0x20 [ 2288.883929] kmem_cache_alloc+0x5b/0x310 [ 2288.884860] create_object.isra.0+0x3a/0xa20 [ 2288.885850] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2288.887001] kmem_cache_alloc+0x159/0x310 [ 2288.887945] vm_area_alloc+0x1c/0x110 [ 2288.888813] mmap_region+0x97e/0x1500 [ 2288.889683] do_mmap+0xcdb/0x11e0 [ 2288.890472] vm_mmap_pgoff+0x198/0x1f0 [ 2288.891353] ? randomize_page+0xb0/0xb0 [ 2288.892262] ksys_mmap_pgoff+0x41c/0x560 [ 2288.893187] ? find_mergeable_anon_vma+0x250/0x250 [ 2288.894290] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2288.895463] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2288.896627] do_syscall_64+0x33/0x40 [ 2288.897458] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2288.898604] RIP: 0033:0x7f00b63acb62 [ 2288.899434] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2288.903561] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2288.905271] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2288.906864] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2288.908471] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2288.910068] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2288.911660] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:45:44 executing program 2: bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @loopback, 0x400}, 0x1c) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffc00, @empty, 0x8}, 0x1c) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) r1 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e24, 0x8, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, 0x1c) r2 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) read(r2, &(0x7f0000000080)=""/53, 0x35) ioctl$PERF_EVENT_IOC_PERIOD(r2, 0x40082404, &(0x7f00000000c0)=0xfff) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f0000000100)={0x1, 0x200, 0x6, &(0x7f00000000c0)=""/6}) 03:45:44 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0x9000000, 0x0, 0x0}) 03:45:44 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff248"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2289.045805] tmpfs: Bad value for 'mpol' [ 2289.634539] sg_write: data in/out 65500/246 bytes for SCSI command 0x0-- guessing data in; [ 2289.634539] program syz-executor.7 not setting count and/or reply_len properly 03:46:01 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x802c0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x37, 0xa20, 0x70bd2d, 0x25dfdbfb, {0x18}, [@nested={0xc, 0x60, 0x0, 0x1, [@typed={0x8, 0x66, 0x0, 0x0, @uid=0xee00}]}, @nested={0xc, 0x28, 0x0, 0x1, [@typed={0x8, 0x27, 0x0, 0x0, @u32=0x80}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x885) 03:46:01 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x26000}], 0x2) 03:46:01 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x321d02) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4000000000000}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = getpgrp(0x0) perf_event_open(&(0x7f0000000100)={0x5, 0x80, 0x5, 0x1, 0x1f, 0x4, 0x0, 0x89e2, 0x2, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, @perf_bp={&(0x7f0000000080), 0x919ab6ca53051249}, 0xc002, 0x9, 0x4, 0x4, 0x1, 0x8, 0xe90, 0x0, 0x1, 0x0, 0x1f}, r2, 0xf, r1, 0x1) ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000001500)={0x0, 0x7fffffff, 0x6}) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000240), 0x80000, 0x0) read(r1, &(0x7f0000001480)=""/67, 0x43) ioctl$PERF_EVENT_IOC_PERIOD(r1, 0x40082404, &(0x7f00000000c0)=0xfff) unshare(0x30000) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)={0x90000019}) r3 = epoll_create(0x3ff) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={&(0x7f0000000300), 0x8}, 0x5}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, 0xffffffffffffffff, &(0x7f0000000200)={0x20000001}) dup2(r4, 0xffffffffffffffff) perf_event_open(&(0x7f0000000340)={0x0, 0x80, 0x7, 0x8, 0x2, 0x4, 0x0, 0xb78b, 0x10a83, 0xd, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000000), 0x2}, 0x9130, 0x3, 0x0, 0x7, 0x5, 0x6, 0x0, 0x0, 0xfffffffd, 0x0, 0x2d21539e}, 0x0, 0x4, r4, 0x2) waitid(0x0, 0x0, 0x0, 0x8, 0x0) kcmp(0x0, r2, 0x6, r1, r0) finit_module(r1, &(0x7f0000000000)='$}/\x00', 0x0) 03:46:01 executing program 1: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f00000008c0)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x227c, 0x0) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000080)=0xfffffffffffffff8) r1 = dup(r0) write$P9_RLINK(r1, &(0x7f0000000000)={0x7, 0x47, 0x1}, 0x7) write$binfmt_elf64(r1, &(0x7f00000000c0)={{0x7f, 0x45, 0x4c, 0x46, 0x8, 0xff, 0x33, 0x4, 0x3, 0x2, 0x3e, 0x3, 0x337, 0x40, 0x1e, 0x1000, 0x5, 0x38, 0x2, 0x81, 0x3, 0xffff}, [{0x4, 0x80000001, 0xfcfb, 0x5, 0xffff, 0x6, 0x8000, 0x1000}], "a99a5db3385e6ee7c03ff85e76a7834acf9e50eb95a78f9124c3a7fc5ddcf4504b16dfa86f1ff4d451b44c6f9e61b0dd4e4ade6d3112184ae15e5dfb324c1ed32832a498fbcbd15e477b573bbcd3971fc0872e956b485d24e6", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x7d1) 03:46:01 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xd000000, 0x0, 0x0}) 03:46:01 executing program 2: sendmsg$IEEE802154_SET_MACPARAMS(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, 0x0, 0x20, 0x70bd25, 0x25dfdbfd, {}, [@IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x1}, @IEEE802154_ATTR_FRAME_RETRIES={0x5, 0x28, 0x6}, @IEEE802154_ATTR_CSMA_MAX_BE={0x5, 0x27, 0x6}, @IEEE802154_ATTR_DEV_INDEX={0x8}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x8}, @IEEE802154_ATTR_LBT_ENABLED={0x5}]}, 0x44}}, 0x4000) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x1}}, './file0\x00'}) read(r1, &(0x7f0000000140)=""/206, 0xce) mq_timedsend(r0, &(0x7f0000000000)="7d5f2acf074c605e73603aad7d6852fac14b7554c6460eb8459140cc364770b403b8cd1b8afe032a5b1938ea2f2752dc5577a897ae6dc50cce80ae59b2616a4e175368f13f0c5dfe564e311faad5843437a73cc35f32269be4ae90a78e369862bae808e9162e0ec44dd3d0b965d7abfee0e7db377424a055aecd6c68e6ea3c06421a63b0b2f7b4969012ce59d2d692d0ad6ef0d76308fc3290ea7db8140fa44f95f66f399caa7949157f2cdbabe3a59d7da83433ba0cfef987", 0xb9, 0x0, &(0x7f00000000c0)={0x77359400}) 03:46:01 executing program 3: r0 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x0, 0x13, r0, 0x0) openat2(0xffffffffffffffff, 0x0, 0x0, 0x0) mmap(&(0x7f0000a5f000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) ioctl$AUTOFS_DEV_IOCTL_FAIL(0xffffffffffffffff, 0xc0189377, 0x0) syz_io_uring_setup(0x8003a75, &(0x7f0000000080)={0x0, 0x0, 0x10}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x2000)=nil, &(0x7f00000002c0), &(0x7f0000000100)) (fail_nth: 67) lseek(0xffffffffffffffff, 0x0, 0x0) 03:46:01 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff248"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2306.607184] tmpfs: Bad value for 'mpol' 03:46:02 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) dup2(r0, r0) mq_notify(r0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000080), 0x4, 0x98040) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e23, @private=0xa010101}, {0x1}, 0x0, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x30}}, 'vlan0\x00'}) 03:46:02 executing program 7: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) r1 = syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000100)='./file0\x00', 0x2, 0x4, &(0x7f0000000480)=[{&(0x7f0000000140)="9c07ed3e066feb34509fb87fbcb1580b36dfe9598252cb12af584c168d241524d25381a54d612cf016547c2cd3e67cb6e5b44346cdc89aa5e978dca18517f4d1b59781c3b6ad003f73c0d5e0ca0e77392fbcd5548eb5e1d05350556ac0cd8fe66d5ec598dc59bb326c3bd7ba7c45c298bb969d68f488ceb081b5b6c2eebc4e0fba06", 0x82, 0x1}, {&(0x7f0000000200)="0d0d69ba1cdd8fa9b89cfd9cec5eea51ebd98377535f8cbaea", 0x19, 0x6}, {&(0x7f0000000300)="e4a0606dcddf2693d0863067c8ec263e2e674ae4571e9bc95901f148a1bb416f3bbe4cd52fde092954faa2464c83ca3ae7f708c956772f1faf611597e8ce1859d4208590d28be523f4c211386b92965d0265a362b7adb29d0b011869055e0e7f4e4debd867dd8f2eee66989fe14caeddab99decaad40fe1c0dcb56d05abdb762a8894fbd7050c41ede7c8edce31fab17693a35ed604c7593ea5d7b93edf2730ebf5a2602b8e09388d1fe62a7c8a8e0f1de3ff91b73433696", 0xb8, 0x1}, {&(0x7f00000003c0)="2dee0b86052e4ed667065ea4e463bf8b608ab3eca841f7caa7a314715e451d7c235f4956bc3c8f1d5a8310ab82cea5a6709c67cb32e35af3c3559c8318cd74d37661a782b2db119b49de2a31337ec7ebafcaf2eed3d2b788b05fbdfa7910c2103aa9323f96f182d8c98d5e2c72282d69776383cee09300ffbf00fa1d8bdc284ceeaaa5cf2a1035bf13c9cbe4560cd230a92e1bffe06a34", 0x97, 0x800}], 0x10000, &(0x7f0000000500)={[{@mpol={'mpol', 0x3d, {'default', '=relative', @val={0x3a, [0x37, 0x2c, 0x2d, 0x36, 0x35, 0x38, 0x2f, 0x3a]}}}}, {@nr_inodes={'nr_inodes', 0x3d, [0x65, 0x78, 0x38, 0x74, 0x78, 0x6b, 0x31, 0x70, 0x78, 0x31]}}], [{@dont_hash}, {@measure}]}) sendfile(r1, r0, &(0x7f0000000240)=0x4, 0x8) r2 = signalfd4(r0, &(0x7f0000000000)={[0x4]}, 0x8, 0x800) ioctl$SG_SET_FORCE_PACK_ID(r2, 0x227b, &(0x7f0000000080)=0x1) ioctl$SG_IO(r0, 0x2286, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:46:02 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff248"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2306.754116] loop7: detected capacity change from 0 to 4096 [ 2306.765259] tmpfs: Bad value for 'mpol' [ 2306.768626] FAULT_INJECTION: forcing a failure. [ 2306.768626] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2306.771252] CPU: 1 PID: 11443 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2306.772773] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2306.774549] Call Trace: [ 2306.775121] dump_stack+0x107/0x167 [ 2306.775911] should_fail.cold+0x5/0xa [ 2306.776748] __alloc_pages_nodemask+0x182/0x600 [ 2306.777760] ? __alloc_pages_slowpath.constprop.0+0x2170/0x2170 [ 2306.779061] ? walk_mem_res+0x170/0x170 [ 2306.779920] alloc_pages_current+0x187/0x280 [ 2306.780878] pte_alloc_one+0x16/0x1a0 [ 2306.781695] __pte_alloc+0x1d/0x330 [ 2306.782478] remap_pfn_range_internal+0x9a3/0xf60 [ 2306.783522] ? lookup_memtype+0x5b/0x200 [ 2306.784408] ? apply_to_existing_page_range+0x40/0x40 [ 2306.785535] remap_pfn_range+0xcd/0x160 [ 2306.786390] ? remap_pfn_range_notrack+0x70/0x70 [ 2306.787406] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2306.788540] io_uring_mmap+0x398/0x530 [ 2306.789394] mmap_file+0x5e/0xe0 [ 2306.790134] mmap_region+0xc49/0x1500 [ 2306.790983] do_mmap+0xcdb/0x11e0 [ 2306.791752] vm_mmap_pgoff+0x198/0x1f0 [ 2306.792617] ? randomize_page+0xb0/0xb0 [ 2306.793501] ksys_mmap_pgoff+0x41c/0x560 [ 2306.794394] ? find_mergeable_anon_vma+0x250/0x250 [ 2306.795462] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2306.796637] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2306.797763] do_syscall_64+0x33/0x40 [ 2306.798461] tmpfs: Bad value for 'mpol' [ 2306.798577] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2306.800541] RIP: 0033:0x7f00b63acb62 [ 2306.801380] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2306.805388] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2306.807055] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2306.808659] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2306.810248] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2306.811819] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2306.813394] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 03:46:02 executing program 6: perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='pagemap\x00') readv(r0, &(0x7f0000002a80)=[{&(0x7f0000000740)=""/216, 0xd8}, {&(0x7f0000000840)=""/4096, 0x27000}], 0x2) 03:46:02 executing program 1: statfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)=""/241) r0 = syz_open_dev$sg(&(0x7f0000000380), 0x0, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000180), 0x3, 0x408800) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, &(0x7f00000001c0)=0x1) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'bridge0\x00'}) ioctl$SG_IO(r0, 0x227c, 0x0) r2 = io_uring_register$IORING_REGISTER_PERSONALITY(r1, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000340)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x1, 0x0, 0x2, 0x2, &(0x7f0000000240)="5488fb67e2f3dc610ca79c0479dede28c6d8e18dda50d1e0e57dd5bf090193f5d9ebf28e2d645f1be02f64f7bfc54be86e2b40a639df8beacc036eb819be141f4fa031e6f4890ac265d974e1b1b68ac6d4b7aa8998e71f9b1e42c46bb7ceac8ad6956dda514de21fdfdd146cbc531cf088944a823f3fb04f61c5dab64baf78ea9ed9c8ec3bb9229b68c5a42516acf0024c91c0bc94a0df4e76a67a9bd41a61ff745901f556338eb86c533bf9e9119deb06ca1fbbbf82ce1023f4f5f9003d3fd15e58f9b54562bcab978a542dfbd177c40a7478a09fdb7579820c37a9", 0x5, 0x0, 0x1, {0x2, r2}}, 0x1) 03:46:02 executing program 2: close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = mq_open(&(0x7f0000005c00)='\x1f@\x00', 0x0, 0x0, 0x0) mq_timedsend(r0, &(0x7f0000000000)="500971c335b1fa9faa00b342f0cfb90d8a069e9f606692966ddae727f58914afc3c661646ed35db1a6691c542bf733d2dae73aebc44ebc0fc2a88439c81fa72b1786bbd2b2ed0e043f7dfc70a0810865f6853162d73be2ac21c4d8904b1e73de009bf1e03175633eab03c2219862c0bffcaad17a39f9e8bbd2951b7dd9f4b11df6cf4e75aa23a0f5c7ba6b00b3cf6bbab443d3068835465665213130eded5d5d3b575254a182d038a6bff2af59a3a329a5d7b00414e5bffba223290ce20f0c9013de59e560ea135da0d71da7f29fecc6f6140eda96c66b896a54ec797bb1b4dea17ae0ac7d565807f0607059c82c4879aa4c63ef51119c863b5f6ee896984e34b7e2d2b91c52e6ba5fc277752f326a7f10272c416957dcae597188d38b031cad2cfb016958897bec3c371b3d33dcbf42e30f5d18a52fb00ee78f81d8918e541977e2a50952702fee29bfd87530e190d1061e011a14d438e3e879226bcb3aaad456187d45faac5d463f827352ecb551f9732fc25489df63003f7530b62a10236e0fb948cd5af344e8a85cf07519368b89801620d236970eb500f84e8f0ac277bfcc6d458bb3fdb0cf6a953a2908e74068a68d522f552546ca11b12a46aacbcc7c41ba39feedeecf79dfacd87d6851386e76a29e407f13976a18ee93397c1c4262412bc6b1503ebd9ce23739dda448028e78e10bbf2e2005a8c0020e99b3dd53f24e027da211d00b8c7c8e3580fa9e72229265f1b77601b5963090f9c002cc20914aaa84a791b015a840fb3d7806fd4d2ce1dbe2c84ca67dd4b42b38777abed945b4275fd79ff892b23ce55333c5de8edd3336a02548815a17ddc4ed1e2b064be0db77e237cb0f73e3e39cbc123a854734dbf4b8deab8c43cb2126aa68db006514bfd5933128e690096a5bc95bae5ee2fd554aa50c1b160207902c96b994c061a2103ce9d3bf449b4d33fd69ef1112286e44fecf1dc695a9d194432685487cc64003976e83a5b963f1cdd4d2c2a96b8bc927133572f7d5aaa10efa29b1721a6f2f3dc41849631f085f2584ee4708e7d7f6a615314fe7979523bd136827cb01a53ee5cb36ac42fe58ac68b3b2683d5606f9caff069188d0ccadafa59a178f062e8600ec4a52a18a5f556e4d37eb5fef9317a658841a6efd397ffd2d74b929badbefa7c2885f1ea5ae6d35248401a3c33883921716b1e93b7ece11abceeacc141246c005efbc772f3cb9da553a1c5095865b0707b84c8ea8bdcd546c70471557337330dd5d106826787f023d64de449b4348241ded3860d8f57799eb345aea02785ae0fb53f77d4b052cc769a2c69b249267c11256fda7f82884c755683529bbe77e87c243caca24dce8540796123b99753a6fc5ecf86209b9a267fe8bfdd3ccd99a826fe08f663cbd52feff7043e7fda3f0455d964ee072d509587414f90a80a6a364eca0e54c9767ffb9f83d710e0b694bcc37fb8cd288c96a5d92fa5d340ad348b303fdf380574aac5987230369c875a4289f2cca6539f577440286b308a152d4426c0ad5592c9a1cb7370b18012c4954d1b382b67f244e6f7044be38def7b687850fba2781f4c7fa5c472bc9883e36a5abb2bc66be2dc56c4ad3153ce97127d1068baf4afda351fdc991e576446384154f12a5aab7e5fb2daa3ab4de9d1ee1f76f84f48c31f38b325ded1ff93879e0ab9080219c78d762e3f0b487cdcde6056ddea449220c1bdb0c208368a3bb70f0c3733fa1ee560deffd0fff707112a0ae340f03f714def31324fe3059395cb6ca2fe4287cfca569444e7e94b9040349a0b42c2f3156937bc00906c163250c32efeba13409677bf569fb43df7d85edd54c6ce33bbba146357a973e3055a3c8bfd3fa5ce876f5c82bf959a68339951dd8f7b26941e88fea6d991bfc32498f9bdf98f8e974bcf26dee4f57301f5ed719a66a2e1f0860c4b5d8d1b62322acfc8fe4f080878ba142f84ea277a0f75fbacfb7c43791f6045df11d8334b981bf752c7c88cd2a8aa51d4736234f2b3e4a0e3120532bd8d772c44f655330522f3b58a2d5a1730e8635ddc8afc29ddd2bd7eb0d4bbfa1b0803d98cbb4913c382ad1d76353420d7497f0d7cbc9e9307990cb7efaeee420a0d14f0914cf8cf13a73ddb40d56e9d351fd3c57edd46aac0f328b443bd410ab2b381ff947aa950bb7215b542995b061c6832cd94fbcff875e6ff68ce0f3b176ade5fed38b58debe03d9f2b91f6210bc32cf331eaa00d8e195c92e286fa25a566a3c77dc31867df85917c62193c1c83d100090c901c077f18f102c53104283fde48a5a0889d4ee09506e906de383f136661b95324c7e422f491d7fe006622da384847f229a42fafcffc4fac883455bedd7bec06996e695c7364035c7177e51cb3a3460ff49e153da8636564c3a7a7425df5a8df2e99dd5c3741067194f585c2783c8adb7d290aa1ee408f4602a44f06a536ce6fbc69120db104e67ba488a25489824e2ed7b1dc7b3c15e060fe17e043333467b07ef0ffd372cef527ad3ee4d595746896d4b7806c79a2f2cc4bd1c7fa02b4cd498d1a98d86bf3fee283b2f038f060fa638f42bc8200bc612b1fcd1b724b54fd355e17a56eebd734b0559ce9720c029e41211bd24d712ef038bde3ad23e7fe6391d4676d4fc8d121bca6a3375f56c41562344c2c97eb2f2353885ff2e2531eef1d6fef3d031e8cef37e432fefd57121bcdb68c716815f9ec047a0da5d898cfa7a484d939ca17f385a18a17af7c42fbf4dabd72f0291fa7fd0d1a7af763b40f627ceed993983fae40d70f2a5a8942d3f1e42cbba54f8e5200cf6fe3fd8e4b3240ba50575074b1543c3c417ee7c826057cad81949c5da5dcfc39436d1574fd33e4129249e6cf2f10c6d372f35aadc0ba50aca6c423f4f666847f44f75625cdf8d24521d0d15e3f3711a3a0f7dbd302069e59f4d63e6c6b09116517c7d3c7727f7e77202de5b42b0d6440da0e0f157f50558e7256d6c90619a28595b43a2e91dfc81d2e67b6a34099d343e5feee5fd769ee080c7db818c1de86745601b953b79981aa6df444927eda97f162c3775dc0a2fc27c2eddb1d40adb8713e053ec21a5a43f66db41a8ac4b8ec730eafa31c7c604d7abcecb8cf5b84659edd96ab707c5bf894f6b4e2191a126d3e0142aad5bc59bfeb0a3dba289f18a52f0f3e4db0eafc2726bc10de99d15640113592ce35c683347a5e800710610100c460972dc534021c161beae10fc1b9296da12889d9184343d8b0b7779f2294858a8b2a45a89369998f4684205b45fce82964cac9ce5258d44f6e2c82cfaebe7d1447f00e8109c0765ab316d3ff614184b5fdba1c6d49c09e5628fc9911da0b7e6268ca414249d710c47f722a5997fb314fb48a99dfa2fa76acd4aec4304633661f25bdf8f114a4a37b12a556141cb0b10a27463aa9b4a20d10fd2a86455ee005b7be7e35b2b2bdd84a3f784cb6e4756e0e1e27873ad4b8ab750240018bb9c4e19a56abc39b0adff211d21a3c71908d410c4214e5f23481ce3ce1134ccd484d65e59df424fde49b671fca4730c8b57e5089520e3b94d306b9eda32d88e493cd6aca2edb6b56f57e27b953984a1f03f6a28adc000370b138ecc9890c03f0a7ceb643e8a89c3de87ab022a2445fb73d736b84b4d5a3888c854db63aebc3aead46cc581d52490500a30324a6bea13423daface933fb83486866df7ef5f7489cc5d7ac823132f09913dd330900fcbc832a0eef155b36801fcaa73b798a37710b01c7a86471aa057c8753f987da60d037767e70716f180faf7a2fea8414111c12d2e25d8d20b0dad1933293d3ed2dea152b330efb5cd83a513083c5a91164152c096faf3b24846191a9cd5c9dcc8e342158d08d799450bab04f8d7fe9f9a330e401701970dfb78ad9bc62c2c3125b5cba7d03ed8b90551e5a0d0b33a0d955471766dff9e9e80d045ff26fd27a1cdb84dad80306979c1e7e7b742e8e4a60c57a5a37995802177808fdcb9cde38e7b252e1314fcb786937e48879865ca506c6cfecfe2927ac2f2969e84b3abf9d719859504fd67f1eadb981f98352d61b4adcf1235249f5b55c0f4fc36a29c79e2c05f3632f5cb2bf0acfc475cd51683e8179eee5cb83b6a1bab6bfb7b8639ca4bb8febd1d9845df4110e8f2b09cb4adc4f065abc1f48c3ef725729acb7e0da1cf25407302a1e42382ee68576db7894229d7f4b8bcd12599aa070fdd7c23ccbbcccb6fd95e01e6bf7e5c17e9138149aa78a10939758bac2e859236104fb863faa3e5be4fcf012128ed38a53d5fa8d71946b77b14abbd97ed46eec80493792ae2a25a5c48f6d46c0db625cba50e9a9c0f67a34962028f1a97153d5ce2c7b954cb0ee28de832e485d7950779b5119ae6af06cb386d6b890a9abbab9152d3eeb830019135227d207bf488fe9769953e915f17500e29626fc786dd56229d8dcffe70fa0eccd308e7bf6b6b6931b625236c2585f6c10704e939a3c48cdad4b20d07c8d847cedc61c83ce03fcf23e870b94c74a60f67abf3e9e053319a25e9a5c3c15b6c76348986bcb31f6ebf5a09113965ed0133bf0cd08d7a1736b1f8098540e82941e5a02769abc27b5d02090c87ffeb555f43dc1ff5c8983dca1eb3e05e5329b75075b470916c92c320068d3dc33e50b54bb5a6db7de4d9f333fae5ce6078d615fc2568ddd7dc9d4dbada83db0cdfd3cbf8f3bd1cdff1c82e460c4ed641d45478c84ae56eef1b56b3dc10d851db9fb7e46531e0de0f348b83c31da5058b4db717d4cc86d04daa51b3901d9132339728c5c56612bb806ccf0a85594486809256331ccfadaba992d93158b53de9d076b4948d51b4605cae67d0e2ebf91e6ff306ea90bb14d41bf1a0c03732d5627d27c7582545369ebf04430fe2c66da89c2cb3238e3ba46ca96bdbdb2ec9a9ce2ec32586093b8879be161818d063ab90abbdb358bd5079e202aba96ab422f944eeabd4d030e0d40cdf9505de16c8fd7482b1ba271e5df0f9b83ba7d94ea311648d1300eeb7c62176751d9b99e8929158abc0e01fda8c38b98d62186cd1ac425375e9bb0fedf0ee25aefd763744bab8000ed99ba08768cd0b2ec6b1367a6de552578b8ecd19d1746aea9b39dc460221180a4f9a5bda1381afef206d78cc784af4ae52670ddf5fd1329dd5979892582224ab5e79cb1011af098ffc6a7530410e53112c91bdd65631b02ab429ee7eb5a7f5933531b3770b49e754d2760ce85ca10aa956a20db5d918805d168c6c6bc895b9513557c8f96a67a3cf2af8cbfe7a3002e73d8bda838c5506dc60e2b9214167378e1d442f84c61e91617d8173821229d0b417d3394f7e677edb3c5f6df79f07bb41e664bd180fcd45c51c8545ad4ab17e3ddf36603675f9f4d3989ed973749cb7284e7e6d54fc5fa823283cfa4932aba28201ade15399990936f7795f2ed9a5d7a45e030cf58e1847c17178d3495db7300ffa3eeae46388c2d3b6f47b552e4e43b57132df42de4215c77d5e69d2c33ff4566af4d61180ef0f94c9139163b236ab6d84685333383da90f2b13427326333f048f2a72bedd3e8f0b581ab0817f17402775956a08cbc520cb7167f60f470783954b29a6f557e9491bd066491a9d622c48606e86ca3ca9562aaeca2c79fd0ac94079fb2d2f0c15f8108e357e2542f0b0954d70a8aa2137fea9a5a23b7e5f3b37ae32a1c18139266b3fd94e746f7b2099c3bb0273e4544273608bfc86a0cd0174e3194e99f24eae7c4a181c681c0af34daae0f2b4abeae29350bf63bda32d32bb8", 0x1000, 0x5, &(0x7f0000001000)) mq_notify(r0, 0x0) [ 2306.820761] ------------[ cut here ]------------ [ 2306.821921] WARNING: CPU: 1 PID: 11443 at arch/x86/mm/pat/memtype.c:1019 get_pat_info+0x216/0x270 [ 2306.823906] Modules linked in: [ 2306.824624] CPU: 1 PID: 11443 Comm: syz-executor.3 Not tainted 5.10.234 #1 [ 2306.826118] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2306.827928] RIP: 0010:get_pat_info+0x216/0x270 [ 2306.828951] Code: c1 ea 03 80 3c 02 00 75 71 49 89 1e eb 8e e8 91 81 2e 00 0f 0b e9 97 fe ff ff 41 bc ea ff ff ff e9 77 ff ff ff e8 7a 81 2e 00 <0f> 0b 41 bc ea ff ff ff e9 65 ff ff ff 4c 89 ff e8 75 79 5a 00 e9 [ 2306.834211] RSP: 0018:ffff88804794f898 EFLAGS: 00010212 [ 2306.848293] RAX: 0000000000015c8a RBX: ffff888047412500 RCX: ffffc90001ffb000 [ 2306.850218] RDX: 0000000000040000 RSI: ffffffff81123696 RDI: 0000000000000007 [ 2306.851827] RBP: ffff88804794f950 R08: 0000000000000000 R09: ffff88804794f820 [ 2306.853536] R10: 0000000000000020 R11: 0000000000000001 R12: 0000000000000028 [ 2306.855324] R13: 1ffff11008f29f13 R14: 0000000000000000 R15: ffff888047412550 [ 2306.857098] FS: 00007f00b3922700(0000) GS:ffff88806cf00000(0000) knlGS:0000000000000000 [ 2306.859031] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2306.860466] CR2: 00007f2a69244000 CR3: 00000000470ba000 CR4: 0000000000350ee0 [ 2306.862265] Call Trace: [ 2306.862964] ? __warn+0xe2/0x1f0 [ 2306.863808] ? get_pat_info+0x216/0x270 [ 2306.864874] ? report_bug+0x1c1/0x210 [ 2306.865867] ? handle_bug+0x41/0x90 [ 2306.866801] ? exc_invalid_op+0x14/0x50 [ 2306.867828] ? asm_exc_invalid_op+0x12/0x20 [ 2306.868972] ? get_pat_info+0x216/0x270 [ 2306.870011] ? get_pat_info+0x216/0x270 [ 2306.871043] ? get_pat_info+0x216/0x270 [ 2306.872075] ? pgprot_writethrough+0xc0/0xc0 [ 2306.873236] ? finish_task_switch+0x126/0x5d0 [ 2306.874415] untrack_pfn+0xdc/0x240 [ 2306.875367] ? track_pfn_insert+0x150/0x150 [ 2306.876480] ? lock_downgrade+0x6d0/0x6d0 [ 2306.877564] ? uprobe_munmap+0x1c/0x560 [ 2306.878606] unmap_single_vma+0x1bc/0x300 [ 2306.879685] zap_page_range_single+0x2ce/0x450 [ 2306.880913] ? unmap_single_vma+0x300/0x300 [ 2306.882029] ? remap_pfn_range_internal+0xc56/0xf60 [ 2306.883313] ? lookup_memtype+0x5b/0x200 [ 2306.884381] ? apply_to_existing_page_range+0x40/0x40 [ 2306.885735] remap_pfn_range+0x139/0x160 [ 2306.886794] ? remap_pfn_range_notrack+0x70/0x70 [ 2306.888030] ? memcg_slab_post_alloc_hook+0x17a/0x430 [ 2306.889379] io_uring_mmap+0x398/0x530 [ 2306.890393] mmap_file+0x5e/0xe0 [ 2306.891284] mmap_region+0xc49/0x1500 [ 2306.892289] do_mmap+0xcdb/0x11e0 [ 2306.893231] vm_mmap_pgoff+0x198/0x1f0 [ 2306.894248] ? randomize_page+0xb0/0xb0 [ 2306.895299] ksys_mmap_pgoff+0x41c/0x560 [ 2306.896356] ? find_mergeable_anon_vma+0x250/0x250 [ 2306.897640] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2306.898985] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2306.900312] do_syscall_64+0x33/0x40 [ 2306.901090] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2306.901939] RIP: 0033:0x7f00b63acb62 [ 2306.902532] Code: 00 00 00 00 00 0f 1f 00 41 f7 c1 ff 0f 00 00 75 27 55 48 89 fd 53 89 cb 48 85 ff 74 3b 41 89 da 48 89 ef b8 09 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 66 5b 5d c3 0f 1f 00 48 c7 c0 bc ff ff ff 64 [ 2306.905482] RSP: 002b:00007f00b39220f8 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 2306.906712] RAX: ffffffffffffffda RBX: 0000000000008011 RCX: 00007f00b63acb62 [ 2306.907400] sg_write: data in/out 926365459/246 bytes for SCSI command 0x0-- guessing data in; [ 2306.907400] program syz-executor.4 not setting count and/or reply_len properly [ 2306.907882] RDX: 0000000000000003 RSI: 0000000000120140 RDI: 0000000020ffb000 [ 2306.907892] RBP: 0000000020ffb000 R08: 0000000000000005 R09: 0000000000000000 [ 2306.907910] R10: 0000000000008011 R11: 0000000000000206 R12: 0000000020000100 [ 2306.914587] R13: 0000000020ffc000 R14: 00000000200002c0 R15: 0000000020ffb000 [ 2306.915749] irq event stamp: 1867 [ 2306.916324] hardirqs last enabled at (1877): [] console_unlock+0x92d/0xb40 [ 2306.917695] hardirqs last disabled at (1886): [] console_unlock+0x839/0xb40 [ 2306.919070] softirqs last enabled at (1324): [] asm_call_irq_on_stack+0x12/0x20 [ 2306.920505] softirqs last disabled at (1281): [] asm_call_irq_on_stack+0x12/0x20 [ 2306.921769] sg_write: data in/out 926365459/246 bytes for SCSI command 0x0-- guessing data in; [ 2306.921769] program syz-executor.4 not setting count and/or reply_len properly [ 2306.921936] ---[ end trace 27b4b430e252f3bc ]--- 03:46:02 executing program 4: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYRESOCT], 0x120) ioctl$SG_IO(r0, 0x227c, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, @buffer={0x0, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 03:46:02 executing program 5: r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x101002) write$binfmt_aout(r0, &(0x7f0000000080)=ANY=[], 0x120) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000280)={0x53, 0x0, 0x6, 0x0, @buffer={0x0, 0xde, &(0x7f0000000080)=""/222}, &(0x7f00000001c0)="9e203b930b00", 0x0, 0x0, 0xe000000, 0x0, 0x0}) 03:46:02 executing program 0: ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000003c0)={{0x1, 0x1, 0x18}, './file0\x00'}) syz_open_procfs(0x0, 0x0) pread64(0xffffffffffffffff, &(0x7f0000000340)=""/70, 0x46, 0xfffffffffffffff8) r0 = syz_mount_image$tmpfs(&(0x7f0000000080), &(0x7f00000000c0)='./mnt\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)={[{@mpol={'mpol', 0x3d, {'prefer', '', @val={0x3a, [0x39, 0x30, 0x32, 0x39, 0x0, 0x38, 0x37, 0x2c, 0x34, 0x38]}}}}]}) mknodat$loop(r0, &(0x7f0000000240)='./mnt\x00', 0x0, 0x0) setresuid(0xffffffffffffffff, 0x0, 0x0) mount$9p_unix(&(0x7f0000000300)='./file0\x00', &(0x7f0000000440)='./mnt\x00', &(0x7f0000000480), 0x115549713482a633, &(0x7f0000000700)=ANY=[@ANYBLOB='trans=unix,rootcontext=system_u,smackfsroot=prefer,fsmagic=0x0000000000000004,uid<', @ANYRESDEC, @ANYBLOB=',dont_measure,fowner>', @ANYRESDEC, @ANYBLOB=',fsmagyc=0x0000001000000006,\x00']) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005080)=[{{&(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="18b22a00890804ac7b7d1cf73ff24879bd311414bb00"], 0x18}}], 0x1, 0x0) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/fib_trie\x00') preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000a00)=""/229, 0xe5}, {&(0x7f0000000900)=""/209, 0xd1}, {&(0x7f00000001c0)=""/89, 0x59}], 0x3, 0x5545, 0x16dd) open_tree(r0, &(0x7f0000000180)='./mnt\x00', 0x1) [ 2306.948201] loop7: detected capacity change from 0 to 4096 [ 2306.950962] tmpfs: Bad value for 'mpol' 03:46:02 executing program 2: r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r1 = fcntl$dupfd(r0, 0x0, r0) getsockopt$bt_BT_VOICE(r1, 0x112, 0xb, &(0x7f00000000c0), &(0x7f0000000080)=0x2) getsockopt$inet_mreqn(r1, 0x0, 0x20, &(0x7f0000000000)={@private, @broadcast}, &(0x7f0000000040)=0xc) r2 = inotify_init() ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r2}, './file0\x00'}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r4 = fcntl$dupfd(r3, 0x0, r3) getsockopt$bt_BT_VOICE(r4, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) bind$802154_raw(r4, &(0x7f0000000100)={0x24, @none={0x0, 0x1}}, 0x14) r5 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r6 = fcntl$dupfd(r5, 0x0, r5) getsockopt$bt_BT_VOICE(r6, 0x112, 0xb, &(0x7f0000000040), &(0x7f0000000080)=0x2) ioctl$BINDER_FREEZE(r6, 0x400c620e, &(0x7f0000000180)={0xffffffffffffffff, 0x1, 0x4}) r7 = mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) mq_notify(r7, 0x0) [ 2307.007195] tmpfs: Bad value for 'mpol' VM DIAGNOSIS: 03:46:02 Registers: info registers vcpu 0 RAX=ffffffff85a2a13d RBX=0000000000000001 RCX=ffffffff85a2a13c RDX=0000000000000000 RSI=0000000000000000 RDI=0000000000000001 RBP=ffff888044a9f4b5 RSP=ffff888044a9f3a8 R8 =ffffffff85a2a141 R9 =ffff888044a9fdb0 R10=0000000000032042 R11=1ffff11008953e7d R12=ffff888044a9f4c8 R13=ffff888044a9f480 R14=1ffff11008953e7d R15=ffffffff85a2a140 RIP=ffffffff811076b8 RFL=00000097 [--S-APC] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00005555559fa400 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2f6debb3a4 CR3=0000000044aa0000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000 XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000036 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff822dde81 RDI=ffffffff879f3140 RBP=ffffffff879f3100 RSP=ffff88804794f2a8 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000036 R13=0000000000000036 R14=ffffffff879f3100 R15=dffffc0000000000 RIP=ffffffff822dded8 RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f00b3922700 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2a69244000 CR3=00000000470ba000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=0000ff000000000000000000000000ff XMM01=736c00727474617865766f6d65726c00 XMM02=00000000000000000000000000000000 XMM03=00007f00b64937c800007f00b64937c0 XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000 XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000 XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000