0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:48:35 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:48:35 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:48:35 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:48:35 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 2) [ 956.705148] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 956.708130] FAULT_INJECTION: forcing a failure. [ 956.708130] name failslab, interval 1, probability 0, space 0, times 0 [ 956.709522] CPU: 0 PID: 11107 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 956.710339] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 956.711294] Call Trace: [ 956.711615] dump_stack+0x107/0x167 [ 956.712056] should_fail.cold+0x5/0xa [ 956.712525] ? create_object.isra.0+0x3a/0xa20 [ 956.713074] should_failslab+0x5/0x20 [ 956.713534] kmem_cache_alloc+0x5b/0x310 [ 956.714025] create_object.isra.0+0x3a/0xa20 [ 956.714551] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 956.715141] __kmalloc_track_caller+0x177/0x370 [ 956.715691] ? strndup_user+0x74/0xe0 [ 956.716147] memdup_user+0x22/0xd0 [ 956.716577] strndup_user+0x74/0xe0 [ 956.717012] __x64_sys_mount+0x133/0x300 [ 956.717483] ? copy_mnt_ns+0xa00/0xa00 [ 956.717946] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 956.718559] ? syscall_enter_from_user_mode+0x1d/0x50 [ 956.719167] do_syscall_64+0x33/0x40 [ 956.719600] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 956.720188] RIP: 0033:0x7f0b176ffb19 [ 956.720636] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 956.722774] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 956.723661] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 956.724489] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 956.725330] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 956.726165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 956.726992] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:48:35 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 956.754665] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:48:35 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0xb00000000000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:48:35 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:48:35 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 956.825390] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:48:35 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe26, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r2 = getpid() getpgid(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee01}}, './file0\x00'}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r4, 0x3) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffef9, 0x7) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x6, 0x8f, 0x1, 0x7, 0x0, 0x8, 0x80, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x40, 0x1, @perf_config_ext={0x3}, 0x40, 0x1ff, 0x5, 0x5, 0x1, 0x6, 0x163, 0x0, 0x7ff, 0x0, 0x81}, r2, 0x0, r5, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="2321202e2f66696c6531207472616e733d66642c202d7b5d7b2e287d2e1b28632c67202f262d2a0a0f76a967668fe936c5ef5bbc161a4c430ece22fa46d5ed3a8b483671d38dd5748ebc46fcbef40eb62c45"], 0x52) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r6}}) 04:48:36 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 956.878380] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 956.913396] sg_write: data in/out 1818846731/36 bytes for SCSI command 0x26-- guessing data in; [ 956.913396] program syz-executor.2 not setting count and/or reply_len properly 04:48:36 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x1000000000000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:48:36 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:48:36 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:48:36 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 956.966370] sg_write: data in/out 1818846731/36 bytes for SCSI command 0x26-- guessing data in; 04:48:36 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 956.966370] program syz-executor.2 not setting count and/or reply_len properly [ 957.000438] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:48:36 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x2000000000000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:48:36 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:48:36 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:48:36 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 957.117856] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 957.150562] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:48:50 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) 04:48:50 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$sock_inet_tcp_SIOCATMARK(r4, 0x8905, &(0x7f0000000100)) 04:48:50 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:48:50 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 3) 04:48:50 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) 04:48:50 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x2010000000000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:48:50 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:48:50 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 971.596983] FAULT_INJECTION: forcing a failure. [ 971.596983] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 971.598723] CPU: 0 PID: 11492 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 971.599732] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 971.600941] Call Trace: [ 971.601336] dump_stack+0x107/0x167 [ 971.601888] should_fail.cold+0x5/0xa [ 971.602454] _copy_from_user+0x2e/0x1b0 [ 971.603057] memdup_user+0x65/0xd0 [ 971.603594] strndup_user+0x74/0xe0 [ 971.604155] __x64_sys_mount+0x133/0x300 [ 971.604767] ? copy_mnt_ns+0xa00/0xa00 [ 971.605360] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 971.606143] ? syscall_enter_from_user_mode+0x1d/0x50 [ 971.606898] do_syscall_64+0x33/0x40 [ 971.607456] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 971.608232] RIP: 0033:0x7f0b176ffb19 [ 971.608799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 971.611529] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 971.612676] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 971.613742] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 971.614808] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 971.615865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 971.616919] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 971.626832] 9pnet: Insufficient options for proto=fd 04:48:50 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 971.677314] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:48:50 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) [ 971.820704] 9pnet: Insufficient options for proto=fd 04:49:03 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2200) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth1_vlan\x00'}) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:49:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:03 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) 04:49:03 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:03 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x8cffffff00000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 984.372363] FAULT_INJECTION: forcing a failure. [ 984.372363] name failslab, interval 1, probability 0, space 0, times 0 [ 984.373372] CPU: 1 PID: 11622 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 984.373945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 984.374618] Call Trace: [ 984.374844] dump_stack+0x107/0x167 [ 984.375150] should_fail.cold+0x5/0xa [ 984.375469] ? copy_mount_options+0x55/0x180 [ 984.375836] should_failslab+0x5/0x20 [ 984.376154] kmem_cache_alloc_trace+0x55/0x320 [ 984.376534] ? _copy_from_user+0xfb/0x1b0 [ 984.376886] copy_mount_options+0x55/0x180 [ 984.377238] __x64_sys_mount+0x1a8/0x300 [ 984.377573] ? copy_mnt_ns+0xa00/0xa00 [ 984.377903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 984.378335] ? syscall_enter_from_user_mode+0x1d/0x50 [ 984.378765] do_syscall_64+0x33/0x40 [ 984.379076] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 984.379497] RIP: 0033:0x7f0b176ffb19 [ 984.379803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 984.381383] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 984.382022] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 984.382603] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 984.383190] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 984.383771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.384352] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:49:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 4) 04:49:03 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}}) 04:49:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 984.406887] 9pnet: Insufficient options for proto=fd [ 984.429521] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 984.432308] 9pnet: Insufficient options for proto=fd [ 984.451260] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}}) 04:49:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 5) 04:49:03 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0xf6ffffff00000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:49:03 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:49:03 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffe, 0xee, 0x1, @scatter={0x1, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/50, 0x32}]}, &(0x7f0000000240)="ef1625326407bcf578693de81d56ae6c0dd4bcc58303a2e36a3c9cc0901b6e76d2f6cefebd60b277822f4e1284624c73717c1bd68ffbb6d4522e28cf338453f7cf2d69c194ef40892ce8f44b1f734f9aa7d922a9172eabc942745149a1f6d36527e1289378abc545f04a8dfe880abd074a9beaf93419d74166edaabc0c7bd1a306a6e6ef0a0a8bae84856df9bf808d50a412ac3cd668246c55d75ccd7f4db093a5f681f8784cbd685eed9e301e7c8790139d4312555f5672d73c844a036f6bceefadc47ebd3d239cd5ddafb0c08ce46670307ffdb8fe1a89c0083b7959a2bf9f6e697fcfaa0629e243f824c5109c", &(0x7f0000000440)=""/4096, 0xb68, 0x2, 0x0, &(0x7f0000000340)}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000001440)={0x0, 0x3, 0xfffffff9, 0x5, 0xfffffff8}, 0x14) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000046c0)=[{{&(0x7f0000001480), 0x6e, &(0x7f0000001740)=[{&(0x7f0000001500)=""/31, 0x1f}, {&(0x7f0000001540)=""/210, 0xd2}, {&(0x7f0000001640)=""/80, 0x50}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/81, 0x51}], 0x5, &(0x7f00000017c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x98}}, {{&(0x7f0000001880)=@abs, 0x6e, &(0x7f0000001c80)=[{&(0x7f0000001900)=""/104, 0x68}, {&(0x7f0000001980)=""/150, 0x96}, {&(0x7f0000001a40)=""/70, 0x46}, {&(0x7f0000001ac0)=""/245, 0xf5}, {&(0x7f0000001bc0)=""/188, 0xbc}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x6, &(0x7f0000001d00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000003e00)=@abs, 0x6e, &(0x7f0000004140)=[{&(0x7f0000001d40)=""/32, 0x20}, {&(0x7f0000003e80)=""/208, 0xd0}, {&(0x7f0000003f80)=""/115, 0x73}, {&(0x7f0000004000)=""/94, 0x5e}, {&(0x7f0000004080)=""/176, 0xb0}], 0x5}}, {{&(0x7f00000041c0)=@abs, 0x6e, &(0x7f0000004240), 0x0, &(0x7f0000004280)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f00000042c0)=@abs, 0x6e, &(0x7f0000004400)=[{&(0x7f0000004340)=""/130, 0x82}], 0x1, &(0x7f0000004440)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0}}, {{&(0x7f0000004500)=@abs, 0x6e, &(0x7f0000004640)=[{&(0x7f0000004580)=""/41, 0x29}, {&(0x7f00000045c0)=""/89, 0x59}], 0x2, &(0x7f0000004680)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}], 0x6, 0x12062, &(0x7f0000004840)) openat(r4, &(0x7f0000004880)='./file1\x00', 0x482000, 0x14) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 984.543046] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 984.565808] 9pnet: Insufficient options for proto=fd [ 984.585218] FAULT_INJECTION: forcing a failure. [ 984.585218] name failslab, interval 1, probability 0, space 0, times 0 [ 984.586920] CPU: 0 PID: 11814 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 984.587926] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 984.589137] Call Trace: [ 984.589537] dump_stack+0x107/0x167 [ 984.590075] should_fail.cold+0x5/0xa [ 984.590642] ? create_object.isra.0+0x3a/0xa20 [ 984.591315] should_failslab+0x5/0x20 [ 984.591876] kmem_cache_alloc+0x5b/0x310 [ 984.592480] create_object.isra.0+0x3a/0xa20 [ 984.593137] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 984.593888] kmem_cache_alloc_trace+0x151/0x320 [ 984.594573] copy_mount_options+0x55/0x180 [ 984.595194] __x64_sys_mount+0x1a8/0x300 [ 984.595793] ? copy_mnt_ns+0xa00/0xa00 [ 984.596366] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 984.597151] ? syscall_enter_from_user_mode+0x1d/0x50 [ 984.597908] do_syscall_64+0x33/0x40 [ 984.598443] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 984.599201] RIP: 0033:0x7f0b176ffb19 [ 984.599744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 984.602407] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 984.603516] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 984.604556] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 984.605656] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 984.606698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.607726] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 984.609320] sd 0:0:0:0: [sg0] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 984.610719] sd 0:0:0:0: [sg0] tag#0 CDB: opcode=0xef (vendor) [ 984.611597] sd 0:0:0:0: [sg0] tag#0 CDB[00]: ef 16 25 32 64 07 bc f5 78 69 3d e8 1d 56 ae 6c [ 984.612841] sd 0:0:0:0: [sg0] tag#0 CDB[10]: 0d d4 bc c5 83 03 a2 e3 6a 3c 9c c0 90 1b 6e 76 [ 984.614120] sd 0:0:0:0: [sg0] tag#0 CDB[20]: d2 f6 ce fe bd 60 b2 77 82 2f 4e 12 84 62 4c 73 [ 984.615368] sd 0:0:0:0: [sg0] tag#0 CDB[30]: 71 7c 1b d6 8f fb b6 d4 52 2e 28 cf 33 84 53 f7 [ 984.615386] sd 0:0:0:0: [sg0] tag#0 CDB[40]: cf 2d 69 c1 94 ef 40 89 2c e8 f4 4b 1f 73 4f 9a [ 984.615405] sd 0:0:0:0: [sg0] tag#0 CDB[50]: a7 d9 22 a9 17 2e ab c9 42 74 51 49 a1 f6 d3 65 [ 984.615423] sd 0:0:0:0: [sg0] tag#0 CDB[60]: 27 e1 28 93 78 ab c5 45 f0 4a 8d fe 88 0a bd 07 [ 984.617471] sd 0:0:0:0: [sg0] tag#0 CDB[70]: 4a 9b ea f9 34 19 d7 41 66 ed aa bc 0c 7b d1 a3 [ 984.620585] sd 0:0:0:0: [sg0] tag#0 CDB[80]: 06 a6 e6 ef 0a 0a 8b ae 84 85 6d f9 bf 80 8d 50 [ 984.621853] sd 0:0:0:0: [sg0] tag#0 CDB[90]: a4 12 ac 3c d6 68 24 6c 55 d7 5c cd 7f 4d b0 93 [ 984.623108] sd 0:0:0:0: [sg0] tag#0 CDB[a0]: a5 f6 81 f8 78 4c bd 68 5e ed 9e 30 1e 7c 87 90 [ 984.624362] sd 0:0:0:0: [sg0] tag#0 CDB[b0]: 13 9d 43 12 55 5f 56 72 d7 3c 84 4a 03 6f 6b ce [ 984.625630] sd 0:0:0:0: [sg0] tag#0 CDB[c0]: ef ad c4 7e bd 3d 23 9c d5 dd af b0 c0 8c e4 66 [ 984.626925] sd 0:0:0:0: [sg0] tag#0 CDB[d0]: 70 30 7f fd b8 fe 1a 89 c0 08 3b 79 59 a2 bf 9f [ 984.628207] sd 0:0:0:0: [sg0] tag#0 CDB[e0]: 6e 69 7f cf aa 06 29 e2 43 f8 24 c5 10 9c [ 984.630519] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:03 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:03 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0xffff000000000000, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 984.684178] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:03 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}}) 04:49:03 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x16, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendto$inet(r0, &(0x7f0000000200)="1bce9b2556eca281a7480def9af2f8848001c6e01da8c8f5917764a43e925208cc8d03662746ea9c8c46c22cabd2b19791de944a1c0e3a341455d2eee656fa43b42345ec3b2f7a22c07f469fad8009015406ba061978b0327ca5264e9b88fee3125b80b7ac0759de686ea074e192eaefe806a1d9ee0399", 0x77, 0x840, &(0x7f0000000100)={0x2, 0x4e24, @loopback}, 0x10) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB="2c7f66646e6f3d", @ANYRESHEX=r1, @ANYBLOB="2cb59895794cb592fb03c900"]) [ 984.733627] 9pnet: Insufficient options for proto=fd [ 984.752514] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:03 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:49:03 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}}) 04:49:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 6) [ 984.821749] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:03 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 984.859337] 9pnet: Insufficient options for proto=fd [ 984.864822] FAULT_INJECTION: forcing a failure. 04:49:04 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 984.864822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 984.866000] CPU: 1 PID: 11973 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 984.866521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 984.867144] Call Trace: [ 984.867360] dump_stack+0x107/0x167 [ 984.867646] should_fail.cold+0x5/0xa [ 984.867943] _copy_from_user+0x2e/0x1b0 [ 984.868259] copy_mount_options+0x76/0x180 [ 984.868587] __x64_sys_mount+0x1a8/0x300 [ 984.868914] ? copy_mnt_ns+0xa00/0xa00 [ 984.869217] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 984.869622] ? syscall_enter_from_user_mode+0x1d/0x50 [ 984.870018] do_syscall_64+0x33/0x40 [ 984.870308] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 984.870704] RIP: 0033:0x7f0b176ffb19 [ 984.870989] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 984.872387] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 984.872983] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 984.873531] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 984.874073] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 984.874618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 984.875171] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 984.881280] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 984.985741] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 999.228185] 9pnet: Insufficient options for proto=fd 04:49:18 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x7, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:49:18 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:49:18 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:18 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:18 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 7) 04:49:18 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}}) 04:49:18 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:18 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000002c0), 0x2000c0, 0x0) ioctl$BTRFS_IOC_START_SYNC(r3, 0x80089418, &(0x7f0000000400)) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3da6e7d4fd975ced766d864548a976c69271b4e25e70a50f9101594368c23a6d3f7259cba3f0df5d9ae33641ba2f9d59898e1949eaaf574df57c3f618847a5e1f854e58382daf851faef1d9eeff2f20a75b3509494d5769b377c2371f33474a06e6a325717f8961b58d2b0c3d58941a29cb90491337b684af92febaf0997e49554ae346f8e8609450732c4a79c210000f0defa7435a0fffeb4655413ac5f2c05012581268e0fbac09f1f6b", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB='M\x00']) [ 999.256660] FAULT_INJECTION: forcing a failure. [ 999.256660] name failslab, interval 1, probability 0, space 0, times 0 [ 999.258390] CPU: 1 PID: 12000 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 999.259430] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 999.260671] Call Trace: [ 999.261087] dump_stack+0x107/0x167 [ 999.261617] should_fail.cold+0x5/0xa [ 999.262192] ? getname_flags.part.0+0x50/0x4f0 [ 999.262874] should_failslab+0x5/0x20 [ 999.263444] kmem_cache_alloc+0x5b/0x310 [ 999.264045] getname_flags.part.0+0x50/0x4f0 [ 999.264697] ? _copy_from_user+0xfb/0x1b0 [ 999.265332] user_path_at_empty+0xa1/0x100 [ 999.265971] __x64_sys_mount+0x1e9/0x300 [ 999.266580] ? copy_mnt_ns+0xa00/0xa00 [ 999.267174] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 999.267945] ? syscall_enter_from_user_mode+0x1d/0x50 [ 999.268710] do_syscall_64+0x33/0x40 [ 999.269283] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 999.270047] RIP: 0033:0x7f0b176ffb19 [ 999.270604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 999.273342] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 999.274484] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 999.275527] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 999.276577] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 999.277638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 999.278682] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 999.280516] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:18 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:49:18 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}}) [ 999.351327] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:18 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 8) 04:49:18 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 999.375818] 9pnet: Insufficient options for proto=fd 04:49:18 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 999.434444] FAULT_INJECTION: forcing a failure. [ 999.434444] name failslab, interval 1, probability 0, space 0, times 0 [ 999.435909] CPU: 0 PID: 12013 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 999.436768] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 999.437794] Call Trace: [ 999.438126] dump_stack+0x107/0x167 [ 999.438575] should_fail.cold+0x5/0xa [ 999.439045] ? create_object.isra.0+0x3a/0xa20 [ 999.439624] should_failslab+0x5/0x20 [ 999.440109] kmem_cache_alloc+0x5b/0x310 [ 999.440611] create_object.isra.0+0x3a/0xa20 [ 999.440638] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 999.441931] kmem_cache_alloc+0x159/0x310 [ 999.441963] getname_flags.part.0+0x50/0x4f0 [ 999.443096] ? _copy_from_user+0xfb/0x1b0 [ 999.443114] user_path_at_empty+0xa1/0x100 [ 999.443135] __x64_sys_mount+0x1e9/0x300 [ 999.444739] ? copy_mnt_ns+0xa00/0xa00 [ 999.445257] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 999.445902] ? syscall_enter_from_user_mode+0x1d/0x50 [ 999.446541] do_syscall_64+0x33/0x40 [ 999.447006] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 999.447635] RIP: 0033:0x7f0b176ffb19 [ 999.448094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 999.450363] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 999.451305] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 999.452186] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 999.453065] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 999.453932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 999.454803] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:49:18 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 999.541266] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 999.564879] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:18 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:49:18 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 999.748337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:32 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:32 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x8, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:49:32 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 9) 04:49:32 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:32 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:32 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x100000001, 0x5}, 0x50404, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) sendmmsg(r4, &(0x7f0000001c80)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000240)="13974ffdddfeeb6d3f3a100ab257a265a9851c3096dfa13f0c39f91357bce3e8ffb0b7fb4452879b879107dcbaba744d3974606fb29fab129f522227ed8762f295691a90096a0e1580f139d30f9f384959", 0x51}, {&(0x7f00000002c0)="312c56ca84955b80162079f218162168c1495c3bc407daa6bfa8f15d5c125e486b6fd5bc04f05e2db5b576bba3f38c3e16cd5ae776055ffdb0e624a74b2fb11ec32ae09b5f9d76365c41d1d919aff5a5fc9777115b953d3f8ad87aa44628af24bc9baa04aeff56a7cdfd47630d6f976990f4c588a6e12012346b8a93ff9c6839d685b802420b58c7229abb54c9f229d9f90d18dcfa2da61657efa3029b3a470ddde225eb", 0xa4}, {&(0x7f0000000100)="a6aa5be53be93b5d9a3f81beb8415a", 0xf}, {&(0x7f0000000180)="38c8e27546c6d10634651fb3b8344432cd29a0dbe9b05ab2", 0x18}, {&(0x7f0000000380)="63842b765b2e016a5b0a23233e30eb29282fd6e16dee2e2dc38f326ea3f3d745ec9ddbb332c610f8e2da39395f54026fda2f545ffc875fd7e72e29053bb80e", 0x3f}], 0x5, &(0x7f00000004c0)=[{0x1010, 0x102, 0x5, "23d231a66880d23ebbb59008ba4deb0d3d5b9ab798a135ef88055567b2cc5c6cb9e3dbcfb6c9de2d8f9c27fb04f716fea51c72f6d78ec7be1d9d7afc2f1162b689435a1b1d4a85410ae6ed6b517725b6f32fcb8418fd35456d098099ad3782c052508ef93ef1b3619405c87393c33cfceb3bb8d2c176c69ddb07e157d13f6121225b5893192d0663fe1f9a608121147d55abcbfd9e5540c4095436ea2d390fd9d3ea6255658e69f4cba3dac877be8b3de0115d456112acae79df0c80ead6c2c5d24fd6082ec0ed9c90e178890aac4db774797b2250ad61ee858d056c4465a199b757a0a3f0e11fcf9b7517239032d816374bc242a9eb3907b79fec095d035fc0e4ddf71ae2bce33701e032322ac0ee3906ab6eb9376f5c8cf93002c97c1bbc9eace96d3909bbc82277eaf8ebd0cd5c65d6c8f85cc0f09cedcdc8e581201a9b482bfbe6f78b320edede968f9313517923ffe57f1e22f8f145e9fb434a7eb0bf9125c9ecd074762aeafbe4c4238d3a76998eac3805fe9eee6348b9ad14a345e20026ccd6176f38ad23deade1fa07c7e55db99a6db328576c913b78c4e0883046d019ffaf7afcf5fd0ec251b8435ac4a39fce9873093786a09d605537d965dff761c39913a051b9d9ce483433d67213b0bcd2eb2bd136d5d7448c34e413c451ba2a999a65334b5f530c4a6ac9efa8a100e11a760fe2fe640c370763578d695604de4b9c6a75fade2f6cd5e13fc8f30d5e1158581d5a9e0d333e66034a8d3c4de42d69f2d496e80e51ca7b275dc658ae895f92832e59d7e56ffae987e3dac50906bcbad938d38b154f99742d9fcdb0491fd70039a4a9c76c770b27110f998607059df5318be79ef436acfb7a03fd986abdfdecbf818571a966b2ef504b77f0e9a6307c697befcfdccb7eff70b4b10cb944871c99c2ada637f6cac059a9110c697d6ea113b58afeae99767729e41557ade639ffe583c877323b6a1743ea667bdc85f5ef5d92b1faeae835a329c9ca9da2dbe39d7b6cd5161757b5d6298c0516d435d2172b7e45fe3c38d66426946635d8cf0fd6659704898c245c618055f628b77bd3cb7dcb75716758d7dbe22bce4bf593e4efa9e2cb87a78ca94be2612a9eb5d330612f604b1b8ba9c420de8d553a890558a7e414244349fdd7578094a22bfa4840b633271e3bf6b40a7001aa740c9e203e077c1be2bec51d07396137fcd10f0a04b4f8548666aba378eb5a43395a74400b4964ebc257fb812fdcfe44801854086ae65af98a4039ccdd9de83c1b454d4f7df875c63cdf6bc99846e5f2d4cba7026f8303904ee0b515d56150edbc62868c7d542131d782eff48372ba7462c5163e0c03ecb5f83ea11c364edc6678a0f17613a22862904fe94d30ee503d6c107fa202b07393dc0dc43b3662b72493ccfc32ee6c84dfa79d6ace744e29061d977ba8e80e85df94f9869ae7ad19c4afbbcb56496b3e8602fb1105b92d12bc90ae4357577e034933856176d4dd7eb8d43e4e72a61b8d009621f3d035f805f251a6f4b49ff20c1860849756474120703c442cdb62b6c6152583472ebc6dc88e14cb107d6bda71f216c0ee31f2e878292a0a2f21625cd253f2949aea0a7b36e880873ea1aafd1efbd3d1a9c5fc563ac49d2ea2b49aee14b4d070b033b66481c201254b090956304851522f043ec6e6b3a21eeb7f02a927ad58ba57c03de770e973c4672482aedf08cfccb99ceffd75b80ccc83132bcb847126a2a4540c87995457614721f27d1e17326d1b674da0a20249265407bf9b72213a13048efb8f0cc931fd496bd301210fdd5636e1459e333e5ecb7eb5a8ce924d57c634f0b22a98803f8c41c146a6fdf081ede446a8e2f7dd5a338a26f4d2ead8604bdc164dfe6a83cea8732189d19ad3fed35ac9345c8d6b282976048a048910a2eca9f3b7c8971798f3bfffa7e0823b868ddc1f099f9996da0a5ff56d15bd3d79be4c977cd44aa3c8e0de608391bd1d6f7e3e5e0ae9088b230a8c97488f12433e1dce801c7deaddf09877e26bcd1633efc725baa4b70ff6cfa0458a10867213071770363e9ffde384b228f034fafdae14035ed0ac982aaa44e805736de69aa260ca4ee879ed41f5d160d4edf985c50fb15f6f82f2f4c3b599a4b1c41a67445bf69d37b4ae339376cef128c48ac32cc101ef29d9ef4b7dc92bb789c7bff533f991cd4ab95300129504750a8ab894838a8cf8e36a3f8f911120300255646e098e406b3a1434f91f63eddad58cd66866c6e5248612790423fe50cada618d0db0417069a1ce185d62aa03a3d25f1310e41e09288790a1d18c46d26449096be66684379893954d1c5b2a451d61b674705ff0c2db342175fb8c1fe11752847c1092543f624e74560fdc5a3218be2c8a55a872c7d57315c23ded26221c74d99931e33cb637f5e2286c4623c1e01db165827888d3f649621fb6c928edb4d48b4d064ef043afed694be280ab328389b0718be16e730a904a3fb3b2df2473146fdc0e39957f619325e674b7c5dae5adbb1a4bb095ae26a2757a94e63595b9702b6eb270847c59b067c06035f08d93db0c769efe02c54b693ab6c9b91e62878835563c05a92d314df0f2d9e3e8726752f5d283863bfb5cd288b5d7fb688a41e194284989a0dae9b382a285cd54fb9a35ae63ae1c8e97a64be76c4b9cc17681587a2da55d3be43e193aba3a51ccd3132690b068d7e8711bdf3c7744f9b55dcf4456885e48bf3c9ff28120e07f5bc75538dc5616e39127992c83d0e47b0483a81c483013654a5f71c92bdd5954861ae21b1bba1b6d6aca9256ff81c203202d20d68ac622bff246208dc637695a9109cc15571c0a24bd6e810df852546ea4b5bf1ad23f83ce208b428aacc82a91a3779b557f3cf241295ca51c38ddf56a8765206fbe418c5eb7ad1e5ce01577776be8beaaa4266b608588da295cffeb0b79d8930748f310405ecd1333e327f8bf8a7e377582bb1b4cb7099cb340e5b58e7d8d242c6c5c16de7cd9321080bc484ec95ab2066b57540b8b8f04c3a3cd1f4ef90b8461f5a396a7ae5be25f9fe87ee1a136800b110fb030ea34c8a958c94c4b72fdd6698bfebaf71853ac30143596a7e78f335c1bbeee252ee4c2b16b8643ded026a2b6c6ea065754fbc96744e1338e7ea756082f5915326f72e7016bfc6aa026eb64eb8602219fa5025d27a31bddec483e8fd64afa251282cd7b4103c1c3883ca85b509168ae5e631fbcf664082eaea0bc73eba428e7f696f6ff574de9b650b3c0eb75efb1202ff760528745a423192b6782d1d440b91531aef6807c97de9f6520bc49f7aa745ca4347643743f80973dfd624378d4d57eb4685d5e7396dad7e3fd93a75290f4b1cb199dc29ab49c7a69623adf47b80dac8ca27ca88a15a37ee383cadd741ec8d987e4406c8404030fdc8ce791d793a2996dfac51c1668a19d4428beb5614e145a5d1b82b89b31ad34bed94fcb3c0e84f6f2742635e6eb31ff322971c78465478f0018984454f15497d96a5c511a750695effa46b0d48f7df4040000d035d4b65116ae8c21bca54d36743a11f49cefd90911c1e2999ee815924a1882e55fa943e54e21bffd61e3411f5091e138a7a74c4086fc4b40c64884323249d8bc1cb88d325607c02b35a73e3c6b95db07300a1f8af98ab7510907a744474c3d0c97f600ac5b513bbcb7e6f270a83135136502cf31ca25426f96c9ad244cfc173583fca3f50af6f30a269d277d4f7f5313e345d11d0e7135d59f901e24df89d1f920d316c55aabff5dbd028c0f67a12d6f03e07f4e62620d9c6c700f7de870933084e7d40067812ea8440e272c1c7b9e41717d9acc63facfc29d50c02ac2e206bc2853ed01d02584a7f12f39fb59e42fdd1fd970d31e05db3c12733f4da35ecb51f5b01db5f0d159e59953711e2a850c12e0e605a186de57e4eb08f1bf334aa39cf356e7f15cbef1f7ce3590fd227d759ea34ecf72ca11d32b83a4c21245f348a722aeffa03b4f649021fad703da8851081531eafda43d082b27a0486527cf81620951aac48d56b15a6de6f3f082d7228807bd098279d7933f7e7b6f2e190482c77b14613251871ca778c5784de1c0e7bc5d6bf339ec094e41f4dceedb3d3af542c50474c97e60f87a79c3a94a8b615ba639dae94873502c7bf49ca2f12f23ea241a783c2382d8a582dbec074d7a4ab30c0459658869c5dfa13f1ee60b2ab022f0d1652e66e501bc69773acb298cfdc24d7435ff79a44ccd0fbc94ae1d7f24c2a4fbe7b2f8b75e71604016831cda8aefa3e4974a8ab0b6ee704e3af0b547e93b6e60f44062bd0996f316983daf998315e0ab784cda6682f3d8e20034c2269344f903ebddcf8a6256271cd83c9b7ca244621c2943ee9a810038209feedc03db5987ddcc8301ab305fc5d175d6bc9f39c31d52e35abb856fef504282783e0905bc82314ba258a439d4f423c09bbfbffa3d296ec754e72e9cc7e2effcf7aa97ba7c0374ea9d4940ac3484e8321959701941254de48e6d5435b202822107f196c96ef39c3a86449aaf0ce361e70c4a2265365027e9a90749c5473c4c8811544a927f3708a74f6f7f5dcf063e679c358b7ec30636a3833cd71bd65bfa955eaab35ef6e2218bfa5925a4a98b1148a315beac94c6847a35145ac5fbddd050946c8c6eba748ab998b20bde5f327e76670c31e62aacebfbc1a45c8dcb3444d6c3ff929f3f3e3398791c00eb29e5071cfb8ea7567064d374bffcd5669e699b5c25dff948f33a1339df34c0f467998c91be19620fed396de26e09e003154acdc2350a0743d6b6733ad5b67a7767be85d37f9bbb7ea360d000bd6d6977645799e5d2e1b308a25fd76d679037922ce9dcc7ffd233e9c292355fe7428749d85c2430974128f17c4a76f7a91bc4058f1fe875118ac8b95176b0a5bd001b2dee8a5fd015254fa42cb265881bfa8f656cbf01c4d6f214314edca2fbe13c79cd9ec4e32c42d97080c0890aaa6d019cd0964f1fa3e0e90c0f0430bd0ad36daa511f9e27b439d338a9d1ae3ec09db8ed0048d6cad89d0eb6407abfcef0410277eb7f9e50658291bd53d7fc121961a7a519f7436e0f0050fd54edb47333121e69cdfae57ab53a7ab369fa6b4c856c765b46c7df7f1e790069e9ebd8d15ec48febae64b6d47c4606029d7d4e2ead452b1277f62be30b71ce8d1d23812fc0143b396e504abfba95a62e0078a64cadd048cfc09e812fd6814e83f76abe881b5c021237cb4c88cba402ae8d70a05fb8619372e60ea9d1fbed377aec0ecf2ed0b32e8bb456d2a261b41b90843b82c153fd6139f022124afa90d51f8cce9b7aba6f4a9757485cbcf96f6ead9135c3c7404521e9ae5187f6fc85b3f3b1a60e6d9918c1364ed21871279576b37b02a06a444f6d1cb635818534ff5b396ffaf898e8c8e77d353c945fdc2ce7a1367783661d60c15f47f2bd06ec9b0d0f805a0da0955538c27b74f1d9ccb9b4aef3370e3f6d8d37c212590c2e1dcaf82747307ee6829ac63c5624982f138b056e245d75916910d06d4ae1e32c3c8978ec2d496949ef51a2b8deab3a01a70b036ecc5b5719a8dc142662545766bb493cfc9e644b1b0baaa5af6e2939de55b57a9676317ef8674f1cf679d157de46e406129cc7dd83cdc241968831dc6b0605f57b50a3820903872da6f273dca521fc6f9933e50b837ec067d89e47bcf71cdb43ddc1eca508e14aa6dcc4402423bbcba2576f236b23af82cc6bc10b76b88e3daea56ffc1c0516b4dcc7c66ebb8e83b25d2f04f1b34627"}], 0x1010}}, {{&(0x7f0000001500)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x80, &(0x7f0000001940)=[{&(0x7f0000001580)="4ce9f53d5836cf4019f0131a7f475ada8efe0bd5ea49c60b8ed00964b70e97f20959cb9494b9b6c6c3b223f41812da3788e2b181c067f103a2f9f66f3f843a88c7842def70cc224145e9e32b66d36b87bcece93149afcd", 0x57}, {&(0x7f0000001600)="2a5c82ab96f7bbaf211a4a02f708575b80ce8a2bc745e22148ce0da035fda6f70ab0d1878205ec774da85858561f64814e03dcbdf63acb5b30a6d4254de7a490ebf58bc8f8d4b88db315e8ddd592129fd1d2421d3ec09cf63c32973bc82a6f11da31b953c7902776207792786b5f3b478074c164e45cdea711c9f0c8be7a30c81082238443f5b37a6bdd71a5c5b89ab43f2aedb84540901d99101c429e42e26b87b20644897e5bbd1d8c90e37079dbce009c19f0fe7aaf9446b137c7a57cd14fb3db5b", 0xc3}, {&(0x7f0000001700)="88e08502d270fcb9bd34de77fdcfcfcd41db723dbb29306941c5538e39677ff7eebd6437b5bfc32a729cf28f58076bb8bd03198dcb9db4c378bd6d4a49c694cbceaeaa", 0x43}, {&(0x7f0000001780)="bcddc726d1caf1d8e4597330a0fae603b6a5fb8e6ac03c17628a583b2d76ecd8995d44d775f0326c4ebe5b100f7cbce35dc443c2f7e06cec8d6384ac3e5de25e9d3915eef934e5dd6ab1b364c7b5bcf3e1445f6df6ea7a1e326523f04ea3ede077c5c9d45df53c63f877fe50b0ffcd47f301d56dc679db1081dad6b0feef10d5cfd116f7a69350e6c5d97de557d7e3779b41083d36482e74e6ec3203fa3f3219b23775c7770a31c7ac611da37914a86c264d3bc774097d6497da3fefb9696d026afcebf5bad78add91d50593563e90101ea229b951e48eb2ac9794af9600c06d87606e32", 0xe4}, {&(0x7f0000001880)="7dd31a022f53b6d20e0ec38f94fb73433b5fb7a2b24171c39addcdb38bd8ec92a3a023c9da839439e5f04baed18a88d988cbedb23ec435b49dca79571f8382d2174eea6c0abdeededddb3b573b46b5746df4154388ff8049de25a3ae27ee5eb4d874494f6ede870cb0a569fd3f4a7ce07cd42661d57e11b7b3fc38a0e03c8015426414866bbe5c4423dd1ebcd3852e7dbe68e5ee4cf90857236758832470a236d24b4c350757d2145dbc736101ec315b49bb7e6631fa", 0xb6}], 0x5, &(0x7f0000001e00)=ANY=[@ANYBLOB="800000000000000001010000ff7f000036917afa44214950f9305df857d3d83d1a0b8d14cb6295bb3c356d62c0768250b9a9322c7d9bc5fb78de5bcdd32b4f7070c8e356c8b95668e43e9cd3f23db52dbfb3435faf6acbf5e57fde3ffc2ed71fbbe3994387e9929030156341b60e4ce86478396816af1c676633b1fce6290300980000000000000016010000fcffffff58a8560cc8257c7f5fe4060c3faaaebcea520e3ca8d04272ada1074ed849ca9fbddf26b1195c16cb1dfda29d611b72372448a343f7f95efd6cc98e6c8fce0a3b55c4d5475602cf64156e58f8c70aa0789777ccbd50b4e2aa34dd8022f532c3b79acb7dc4f5fdc9b6ecb4e8ab1a7b05dc8fc435d0f874643a30b297d1615b36d20ec6fa6ee22ee6b7a8000011699b9c51106a233700000000000000000000000000d2587331122372f2bf0df6a645359456705624883ce7528116a0cf5c351846ee3c9727813fc97f01fd93926b8fc8c421a7502ba647543f7f97d1f68cb112b383c02541af6df1ccf597253142ff16468aa119d15034644fc091c3b10799ae79fb1cf5fe0552d27ba46502a5d73ef11143d1ebbd5a8d6d6622d8c967d071d73b0540eabc5e253cede744743eb744653abe6c106cfb871581bcd8000000000000003a00000003000000645bced965fbcb56283a0804dbc56c6c1d7b8e97e25c143c3e1a57e3c421b188861a378402e0e7b0184b8d728fe66239c80ea2c0881019d75e3ce738258fe1c04df57d1295115896d208d9b9b4030d853ed7fc71ead61b9411abd8164ee3ed5c4360409e6a2fce9e495757dacdfcad59c4328d56464f107ce17bd5c3f4fd3b5ea21e91940abada99c53ffe6cea913b729e7e5354273b745f957f9cea127f9f0d8225e6fc0e492c78ab0605177fe806a3947740e8ec1017e0752b735d0f9d5e7956ec5bc1781a2227"], 0x298}}], 0x2, 0x20008044) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',gfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:49:32 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:32 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1013.363879] FAULT_INJECTION: forcing a failure. [ 1013.363879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1013.366098] CPU: 1 PID: 12150 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1013.367321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1013.368808] Call Trace: [ 1013.369302] dump_stack+0x107/0x167 [ 1013.369455] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1013.369893] should_fail.cold+0x5/0xa [ 1013.371729] strncpy_from_user+0x34/0x470 [ 1013.372332] getname_flags.part.0+0x95/0x4f0 [ 1013.372982] ? _copy_from_user+0xfb/0x1b0 [ 1013.373586] user_path_at_empty+0xa1/0x100 [ 1013.374215] __x64_sys_mount+0x1e9/0x300 [ 1013.374795] ? copy_mnt_ns+0xa00/0xa00 [ 1013.375378] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1013.376126] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1013.376878] do_syscall_64+0x33/0x40 [ 1013.377422] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1013.378176] RIP: 0033:0x7f0b176ffb19 [ 1013.378715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1013.381413] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1013.382517] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1013.383559] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1013.383878] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1013.384592] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1013.384603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1013.384613] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:49:48 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 10) 04:49:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:49:48 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x9, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:49:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:48 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:48 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:49:48 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:49:48 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$security_selinux(r3, &(0x7f0000000100), &(0x7f0000000180)='system_u:object_r:memory_device_t:s0\x00', 0x25, 0x2) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1029.098726] FAULT_INJECTION: forcing a failure. [ 1029.098726] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.100510] CPU: 1 PID: 12263 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1029.101524] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1029.102720] Call Trace: [ 1029.103119] dump_stack+0x107/0x167 [ 1029.103651] should_fail.cold+0x5/0xa [ 1029.104227] ? alloc_fs_context+0x57/0x840 [ 1029.104851] should_failslab+0x5/0x20 [ 1029.105428] kmem_cache_alloc_trace+0x55/0x320 [ 1029.106102] alloc_fs_context+0x57/0x840 [ 1029.106701] path_mount+0xaa3/0x2120 [ 1029.107252] ? strncpy_from_user+0x9e/0x470 [ 1029.107887] ? finish_automount+0xa90/0xa90 [ 1029.108527] ? getname_flags.part.0+0x1dd/0x4f0 [ 1029.109194] ? _copy_from_user+0xfb/0x1b0 [ 1029.109813] __x64_sys_mount+0x282/0x300 [ 1029.110408] ? copy_mnt_ns+0xa00/0xa00 [ 1029.110991] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1029.111761] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1029.112513] do_syscall_64+0x33/0x40 [ 1029.113064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1029.113803] RIP: 0033:0x7f0b176ffb19 [ 1029.113829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1029.117003] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1029.117023] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1029.117039] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1029.117049] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1029.117059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1029.117068] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1029.142072] audit: type=1400 audit(1721710188.282:25): avc: denied { relabelto } for pid=12273 comm="syz-executor.2" name="UDP" dev="sockfs" ino=27119 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:memory_device_t:s0 tclass=udp_socket permissive=1 [ 1029.152439] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1029.191433] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:49:48 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:49:48 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 11) 04:49:48 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_RM_DEV_V2(r0, 0x5000943a, &(0x7f0000000440)={{r2}, 0x0, 0x18, @unused=[0x4, 0x8, 0x2bdb, 0x1], @devid}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = fcntl$dupfd(r1, 0x406, r2) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f0000002fc0)=[{{&(0x7f0000000240)=@l2={0x1f, 0x0, @none, 0x5}, 0x80, &(0x7f0000000100), 0x0, &(0x7f0000001440)=[{0x88, 0x110, 0x3, "57060a8aef449684a8d543d037b124bdab98abfd987705dccb3d9992af5556f2fedb5ef9b4a160db55a21c1daf82bc9a0ef869bc2a228346624ae000aa893f8fb3857cc041f04aa532fb728e4573e722a5c7938a63d6faf633bba442fd4a07a17e0cea9d27f15904eae16c4170e755b6402222c56d6cb527"}, {0xe8, 0x115, 0x7, "2fc62a83069ccf8e7e25f427d8d8767fc16af6a8538b1aba25d0b8d79b478b171e05d2cac80686dc2a9ef507c41074d9753b5ce84f7f5badd901e7bceef0a95bcdccc3597bd30f4de967eced7327790220c4162f3a52756c736426bcf5580bd422653dcdac3c0c35290cf848d4691b2d5420ccc01adccef842446f836426d61e68c17765ebc92f5baf31c10c99a15c06550db39ac3ab9b74419414358d53dc6b8608ce93b8ac38a21e0854cc6e2e07e3f0f7c75cd040430132797698fe7508c1dcb10849f8e025f7e34ca6ff7c4d1e7eb0e09c356a"}, {0x58, 0x10e, 0x8, "69cdfb23f0344c7e98ae45d45a2478a2f24e4d9507817e42efa9cf3d5b288ce18da02649c7356152474c8f32c564ed885e552fc8eaa8298534997d7e36b442d9876ec1b40304"}, {0x98, 0x116, 0xfffffff8, "f60a0a6004fcae8bf79a281e86476ab9947a01b78979a4d90ea1688a7f743d8d38745f9ff437943280cd8911c694daeae876b781005bcbd41b611d4723b799a5743d7ee508e7fb56cc213e582e2d212be2cb1ca03332ebc1eb3335ff3162d90a62891879052ef325e745dbaec9c5fe5894382043d4df2aaacc5afa4f7608ac8b90702bfa8591"}, {0x108, 0x102, 0x1, "15be373c337c1234f2c343c1b8f6ef3b43a33d8f2760e5370782c63d77d4532908a02433b9135ed007a777f049bd26f266667228ccff8a182a5d9b2a4d225301eb02eef5e2d6205e0d5951f9f536844b49ca49cd0d97ac3248f71871541873051e971f138fda25f8c2dff065585a0a6c12d297affa371c6ff44d331ba77d832c241efb6464eede1acc68827dd4c66a8d7f01e6b6de70a987e205179eaf064a6c5362f7663bc4c6135874f562e93c139c55de1e0b0c1a15f0a4d339b98fafceb8aa460847ec8ec426f5c1290369a30697663eb46b208fdfc4c3d3f023efdabda7d626e3934d157bdd8cd4334fd643c71f1caa675a95494b9d"}, {0x50, 0x10b, 0xfffffffe, "d73691c688aa6370cafa2d535218e27f5119017554786247a7e88e1557fcba09295957bb9468c88e5fdfd4daa836bb3ae8df55889f651bdd05442529acfa"}, {0x20, 0x3a, 0xffffffff, "58540644f8b35ebf36"}, {0x108, 0x10a, 0x0, "61fc521342ae338f8f7feef794bf739624e5bbcc8a9b1c1195be8f6b03f49fc3d86736c3cbfb78cfcab4c8a757944a70d179b9257de2a7de88ea09c4aa0ab6530bb3c9c81c1730b8f51614cb7c8c38659f9c1c4da08fc1f85f90d6aba9a4c2c4825d0ae2226cd6cc66d9b9d93830d036c4c2b5a60c439b19bcc01ee0af4bd45d9a1267f63ee4c568ee662b5e70972c67f61c36c5d8cbe147fbaa16e5fae4b12eb095d42c68b6611d66ff2c3b3aa64127500c6eb346bf31e893aae9bb9ef71c58361e3583b28304c36188ae62780ac19877e115340e584d7ca2da43775825dd2c6ee156ff0ec7090055fa5f6a540ef0b1b91d252f7fbc34a3"}, {0x50, 0x88, 0xe561, "4859ca161b45aa475e393b043ae13ba2936a9611452c6f69129c9ec409ef869ef9ed183d3680b5c11a912a3fda5e8fcb8591fa274ff3f57ae84b5cd4"}], 0x530}}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f0000000180)="ebe13c02b9e1", 0x6}, {&(0x7f00000002c0)="d5fc96d6b4c36301ed2e861f95ff3d8337bb2fdc7bb4b9bb3f803c0404ae2fd754f5b9dd5a8945c1b30cd481b6b4fd5ae3be190bfb21b6e525439cb476b661dc9bf81ed4af8d4c4af37dc90d76e199ba59149c019c91f49f70a078cf36f74d838fb3e03882cc52c23938e5caea74f9d29715b69fd48458de55d3ec2442fdb3bf75d3a1a34263c9863478d15152c8696f9dc5a88123d32a09770d934e9c", 0x9d}, {&(0x7f0000000380)="1949b1945812a70f48114e12d6eabfa1875bfd651083bc4d703fe10b6883a965fe82820a93b19dd22d5ec32d385cb635f50d643a925d27d25ea0a50b4343bbd25afff2cedc26995233", 0x49}], 0x3, &(0x7f00000019c0)=[{0x80, 0x101, 0x4, "2db17a51584b49802d44103227e52d2c56de6fd48d71b7d9f0fdefe93e45094353e2efe4c345922c24223f0446cbf98c4a784aaa8330a3c787970d17c1b5552a53fa8a5b6369cb27857614083cfcb2d9aaa0efe9eda66acac114a5641536056883625fbefa5645db8135d7a6b4"}, {0xa8, 0x1, 0x0, "fb7aab8d72d64d0f4f332b7b1371169b2039bc883d21f93bee4019fc358238f8a098c5276b118668aa512fb193e8697ebabe85a5639d74636bcfd5205c0877ffca9d921d45b168f67578a63c834cf553fd3bcc103aa1bc97f91666362bded927c0b9c89b8135060f561325808fd6cdefd1d4974a2a1cbc880f000216d6f9cae970b19c29590db9d8dc7b93b19e6f4ab58c"}, {0x110, 0x29, 0x1, "c88b8d88a2969c307400c4632e87f76cf9b47ed4cff015f438d025e1d874d964281c542c572fcae92c2e8be5c4e6a587afcb60454b35f1c6716ca78c3ae7257b4a7d50dd51168359dfc31090ffb8c58bddf2a3cf356b6797113c3bc9fa69697191e5de8f56835fb9f107822fe07d503005b1204eccc1d2cfa0474f31d65511e737509527ca987b1c7ba2491d1bf1d3655c98eaf9ee5a7c34be4540c014b5f545ad7ba05e4b1875179942653a05580a4075992b3e6f4d4e2c46fe7e34344838b2df224e37694ccfd2e1c7da7641f0d76b3a235021d6db802e9b3c257769d8dc479e52e129955840725cf3ac4090b2197710aa2595b7e6b9cae6dbee66cc"}, {0x108, 0x109, 0x6b65, "c9442486eb3daa96f50b4cfc9bb3f60a5815cc5924cabde1b73185260a029c0bb83e00473805ce27976f130225e81efd670b5d38d8a2ec903b2f12c151ff769f3dfa68989fcda2c99a5d7e5a938c07a93ebc559634606a635aa9256957805082450d4d4c5856552a71bb7aa59fbd38d27cbc2af69bdb89e2c4155358dfe762fca45b2a509b429bb9604f500f8f25b79efbf6c692c24f4a3f54c3af6f2299d37c452898175404a8d1e63acd4d4cbd4e6e28cff6dc805cbfb6bd3ae9f8dc9e1c4b8d836773b3c65138e957a208571003c016648109d4a1bd5b49c16fa0a799adc38e22ba088eda86bc60e453dee5d5fa680fab5f87"}], 0x340}}, {{&(0x7f0000001d00)=@pptp={0x18, 0x2, {0x3, @empty}}, 0x80, &(0x7f0000002040)=[{&(0x7f0000001e00)="262948f2f5034270413f66e26c8cc25b8bbc161c83beb6c414971de8fc1aae28f1dab4a18ad188051d71351f5893c83f025e0ffe98100721b02c7ff6d8d54387f1e9771136", 0x45}, {&(0x7f0000001e80)="f773e0b73807767465612a5a2b6b30faafcf94516ad8c5b4c190e9de3f334bbe1aa128a6325ab9e7b27474aa8182a08664d1ce481d976261b2a5663bce2dfa0719ca4b8fee378b80a59a1893780b77d2aaee5236479db4bc516fb4f21974c02b46805fd49d76af9109a939e237276999873f53407e4fa62027e2327d0d827f0cb99923ee4d21e3944eab045b790382d2bf83f95920dc0737e7656c8bb64aa33ea35fecd96dd7431700b6097be50778596b78283b346d67b6a0fdd300579172ae82bed58ecc782d14f8064b96295e5012432206", 0xd3}, {&(0x7f0000001f80)="7d9ac6c5e0673d5a9936f3b0d4426065f28b708f2c96cb2029c8777a65e15fe846e2b71208349450f6c1ec96076e5ca455304c97e928576cbaf5fe3823d5807c2bfc5fa30bc14f36b82c9562c59fa980a41ed98c4dcb9670b972c81d3d335f715b011fb7429c41f195a2ac4cf0cbb028f59a3a5491f676fd40bc581840ebcce89f2420723de12dd68ad26636f5fb7404f24af0b2da184dc29a2a82c7d1e119aac4fbea5ffe6453f3a20f394477", 0xad}], 0x3}}, {{&(0x7f0000002080)=@in6={0xa, 0x4e20, 0xf4, @remote, 0x200}, 0x80, &(0x7f00000024c0)=[{&(0x7f0000002100)="61e43b985517a299fa36b0abdf79f912613c33691f966f5b6b045edb621fd5c5a528c6966404644436fdbc89be917a6b8a21db211c4fe0a0c8be5784808101596a5426c757bc2e866e67823bb0ffc93add8d5d97d18220fb1a4b16e8f6af7407ae4d74cdf10a48ce1c8b2b2959f4a56e99fc2e4b5238ea7b599489de2c9addfc35651b8f6242d7b7b976bf8e7f06fbccc4", 0x91}, {&(0x7f00000021c0)="b958a996f98d2ed79c1f76d7e3fe3c96c727b05e5f2eb6dbac491345ce2b43c8a0f4b0e684b166c83c3ed1383039d079f2425d05864bcd684d5ed13aa2fb8860d439b9b4dbd990194c9880b4ccaa6d033cd391766f5f0a80e6f37a06e0078d94bd1e9b2c42223d3a423d2aefa2382fea571e29f1cd4825bfca349bfd80b41b833509d3f409af28c920a0a44093c111d0dfce287905a4e69502ccb95c04f96944e60a248b27697bc90c3d9e3404ae0f2842ffe42f4ccc1ad0880254c1dc64ad46a35e", 0xc2}, {&(0x7f00000022c0)="daf23885543d6d99ca67cb6f149920b123c6fbf06e08df7fd788a93b59c1e8cbf08c82bacba2272d6e8bfac4804de281a52ab23d7cac201f3ba6733cdfdc9e7c99defde8183cee7c99f5ac28ace319252524f9f8c5e8ee5149df9c7e0e09677167634a2ca30b00dcd699a06df624fc7d6dd9bd34f634cf70530e50f61e3fbda9910c1d9e058b669c679a31e17858924128a5278a060b49d109decc7497d4b12eb2fb4c727c962652d0d23ebcb2b9d581d418b43882f98308e224fbd3f74349640a2a53955406013476b08f872854c4a6e4c8758cbacb270764a22a7ba3c912d904093989a4dbf2a17b1f26", 0xeb}, {&(0x7f00000023c0)="df8e937dbdece2158ad4ffcea2d28e3314c1928ad799db93b5a618fc035d46f8ef4c9b86d2b27f679fa9cc338661df7005240fff291bc634ae08466dedada09ef7e587794b1335362c49088fa74aa42115a1d929ab343fd517744502fd306b654b06ffd58efcb1521a7cda30c62e49a7fd643c0e1aa96ccd963bc616d1a7c6dc26f39c91bc3fd212a4fc0a21ecd957717e91074c055711f369348be27093cdd5f83469208c2399", 0xa7}, {&(0x7f0000002480)="e82a54898a0e51206f00414600ddef470e9fa6f425f633e0", 0x18}], 0x5, &(0x7f0000002540)=[{0x98, 0x88, 0xda, "e79c55f209ba29bcd85c163e30fdca94317277b2668ea8fdbcd684c941dd2f9e37fe150e0d6e97d17568dffe0d1a3972e385ef2d03abbcfa2f10dc441a8de901cccdbffa16d1b7c303ea26c1fb7f005ce651540b34d9146ac19b320c313b019f7565a67357bffa60ba9d1355895975aa0ba502f6d52239a8718b54f7d22cc56060508688b269"}, {0xf8, 0x107, 0x4, "bcaab2ad8800b27b228ca65c25815125f8385be33a1fece5e3a5a0dbc86959212b37fe89b14b4d6dc470522a68afa716801e4c88e1fa40138705e56d2639f323bcba8a82043212a4dbff1e4f706c5192126608a560884fe90e9452016da434774469f8072eee2f3827aa1eb4fe8c679b432fba4ca1869e3aec370669566a16ab60a5d14c26d92b7cca2952347eeea65ba14e117d3dcd2b1098eeb8fc21d31e57435f881b195640a0b042dc77d2be48eb6e2ff76cc32afe8dcc6dcc8efef00ebd1a800542f499da9ae7ffbd1d0445e30b863ae7a912360e8a1a50225b61f5e2e667"}, {0x30, 0x103, 0x1000, "9c327ab3452fa7d1c8c4b5c7970ab49fb2ba58de1e3c689e3c3e3ba9fa0360"}, {0x50, 0x11, 0x8, "a6ca7826eaed5414ceedaccbeada4ad9c8b8196a077f4bcd8e68215553c4be605393dbb11ef2c85f942f90cb3282be0e4348a32f4f8a8e3cdbcc4d67eec9"}, {0x68, 0x107, 0x10001, "67a163baf77b05291ad4c29ba86a0870855f1264d4c52af54ff852e5912480032c006e8c5f4683a85cd8105ddbd4fb1ef866fde33f8f0db75e3bbc200a7722107c2d71ab4f8ee6133bec77420b73f38e58"}], 0x278}}, {{&(0x7f00000027c0)=@nfc={0x27, 0x1, 0x1, 0x6}, 0x80, &(0x7f0000002880)=[{&(0x7f0000002840)="409f3a273c77f65a6f720ffd1d55b3f6fe3eee1bceda147efeec4e38bb33cb619f1963389093", 0x26}], 0x1, &(0x7f00000028c0)=[{0x68, 0x10d, 0x1f, "0f15ffa37232528ec2f3c5a4dc254188b486269e19533a56004225cfbbffe0dba07c51c19f776754a86765aa321b2856b44452533e429a453983562cbf91d8c1779a0e234b29e7f708c41f2fa9f01e8dc0f5801654e4ecf9"}, {0x88, 0x111, 0x6de296fe, "c90a98cae44d34550b06e16b89c2849ed9e460e8cfbab08b05028c34a884e9c4b02133ef66a122ba94393b0022788850869f590bad41463797cef8b7d882e801155133e8b67d8b2c8c5c09357785d2d2349e77f4a78dede5e63feb38f7518bd4772841c6f95f0b358ed4a1e35d34646704cb6268cb2c"}, {0x38, 0x110, 0x1, "9920dc4933bcdcc22a7b638f7b2a1b63cccbb9199c3b3756e8d7796c9813551076017fa559b6e519"}, {0xa0, 0x0, 0x9, "619232da155046ce062ce00ded14f1e841e2edc044c3e627b6396bb1ae76dfc3b8880693110b3c1c2f44b47dc161a53c696fe3de2e0b3b2bdf3dca1df1abadd05c2ae448a2d8e69f13bd7ff2212a3492957dd6b0c1f4fb8a2abb8d55b570d410f0ce3a896adaf38d37739dcf77a29d7953d63afc59946aad89fb48a72403b50fa08493eb1a2868cbcc55fb465ecae8"}, {0x60, 0x107, 0xde, "401dbda9dac1e60740e8ffad70d6da3fca4d39c791c96a299650efaf70980ab66099a21e90be4b449c590fd8cee3cbc1c3ad8774be41dc8a84cba05cdf3e990ffb28f5dff85c99693d33ff"}, {0x48, 0x88, 0x200, "5ca7af2be5405b1ff5911cf45fb757b5a7c7bd8446be950b743d5dd9e542cf00cc5a178c47a13e793bde2a42c8e8e680d0"}, {0x58, 0x3a, 0x1ff, "4062d2ec3e24a525219929438353119e6d1f4d95b4373d213ace51701cabb49f7374394f26d1565f0c3d2d10b949216c5961517cb68b61704d4cca33f5aa5dd839"}, {0x28, 0x116, 0xffffff57, "b126f3a6126713bdd12e79d1d424309f2dc8d53f4a"}, {0xf8, 0x6, 0x5, "4047656172107b2ad091091245333e154ab6878d27f63c1347c96b36335b7919aeae22964c79f62f98dc2457f481ce6682cd918431e106d8d59510fa476b1c48630692220087132153c3583561279b254d5cde9675e7c6f5993d34492b7ca76f682ff61f95a51643e69a63dd92e7f36db95dba581662ea369c5f67a3f3f9727909c041b06f78f77198fe64e3cdfa122306c463a431193daccab99a3bf5a1cda30738acfb59fe0e23950c7c9e8d313d9993c9131d1279037ace7bbb6631dd87cd6dc7430005a6146577182566381e3afdce3b0aae3c4f11c17a71882786b77be16b892091c2c1b7"}], 0x3e8}}, {{&(0x7f0000002d80)=@pppol2tpv3in6={0x18, 0x1, {0x0, r5, 0x0, 0x4, 0x3, 0x2, {0xa, 0xf, 0x80, @private2, 0x80}}}, 0x80, &(0x7f0000002f00)=[{&(0x7f0000002e00)="f36a37dc3108c4cd20013d61dc5042b27b124b03cd1fcc5b8793ee0977fdad67b9e2f636a07d7d28ae", 0x29}, {&(0x7f0000002e40)="0b246b46f4a930c1bf8abe3c6633960bfbe748478d0fd7ed79a45aff4445742d4b6fb4bc1f017d7f828dfafdc212f4dea27cddf63a19e6bcc03d9a5771ac9c604310306b85a57e40642cb6a5bd4e7a4dd8bd83c25a8ef3816ad2ba40c1fe153a5071a61ae5a6520a1201d2002bf1beba64df73fc64409623f02e0c57a0e053d6aeca0e5ae8c2adc98363aeffdba0933dd478cf19468936280edcf73e28d34034ca6027b89dca7bc0715e4f4965", 0xad}], 0x2}}, {{0x0, 0x0, &(0x7f0000002f80)=[{&(0x7f0000002f40)="5d7d7ece3b4d5b004b9e8e1968fe00c832515e58829a45c45fc50c81", 0x1c}], 0x1}}], 0x7, 0x50) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r6, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r6, @ANYBLOB='-wldno=', @ANYRESHEX=r2, @ANYBLOB=',\x00']) 04:49:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x0) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1029.319878] FAULT_INJECTION: forcing a failure. [ 1029.319878] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.321701] CPU: 1 PID: 12287 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1029.322718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1029.323918] Call Trace: [ 1029.324314] dump_stack+0x107/0x167 [ 1029.324848] should_fail.cold+0x5/0xa [ 1029.325411] ? create_object.isra.0+0x3a/0xa20 [ 1029.326077] should_failslab+0x5/0x20 [ 1029.326640] kmem_cache_alloc+0x5b/0x310 [ 1029.327258] create_object.isra.0+0x3a/0xa20 [ 1029.327914] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1029.328656] kmem_cache_alloc_trace+0x151/0x320 [ 1029.329350] alloc_fs_context+0x57/0x840 [ 1029.329952] path_mount+0xaa3/0x2120 [ 1029.330511] ? strncpy_from_user+0x9e/0x470 [ 1029.331151] ? finish_automount+0xa90/0xa90 [ 1029.331786] ? getname_flags.part.0+0x1dd/0x4f0 [ 1029.332470] ? _copy_from_user+0xfb/0x1b0 [ 1029.333099] __x64_sys_mount+0x282/0x300 [ 1029.333724] ? copy_mnt_ns+0xa00/0xa00 [ 1029.334309] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1029.335076] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1029.335828] do_syscall_64+0x33/0x40 [ 1029.336372] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1029.337131] RIP: 0033:0x7f0b176ffb19 [ 1029.337691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1029.338548] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1029.340347] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1029.340368] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1029.340378] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1029.340388] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1029.340398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1029.340417] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:49:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1029.373403] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:01 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:01 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:01 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xa, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:50:01 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:01 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = open$dir(&(0x7f0000000100)='./file1\x00', 0x400, 0x188) fcntl$setstatus(r3, 0x4, 0x46400) sendfile(r1, r2, 0x0, 0xffe3) ioctl$F2FS_IOC_PRECACHE_EXTENTS(r0, 0xf50f, 0x0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d66642c7266646e8929", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) 04:50:01 executing program 1: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), 0x0, 0x0, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:01 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 12) [ 1042.491173] FAULT_INJECTION: forcing a failure. [ 1042.491173] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.492272] CPU: 0 PID: 12412 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1042.492880] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1042.493616] Call Trace: [ 1042.493855] dump_stack+0x107/0x167 [ 1042.494189] should_fail.cold+0x5/0xa [ 1042.494529] ? legacy_init_fs_context+0x44/0xe0 [ 1042.494941] should_failslab+0x5/0x20 [ 1042.495286] kmem_cache_alloc_trace+0x55/0x320 [ 1042.495691] ? lockdep_init_map_type+0x2c7/0x780 [ 1042.496114] legacy_init_fs_context+0x44/0xe0 [ 1042.496521] ? generic_parse_monolithic+0x1f0/0x1f0 [ 1042.496975] alloc_fs_context+0x4fd/0x840 [ 1042.497360] path_mount+0xaa3/0x2120 [ 1042.497715] ? strncpy_from_user+0x9e/0x470 [ 1042.498109] ? finish_automount+0xa90/0xa90 04:50:01 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1042.498498] ? getname_flags.part.0+0x1dd/0x4f0 [ 1042.499036] ? _copy_from_user+0xfb/0x1b0 [ 1042.499414] __x64_sys_mount+0x282/0x300 [ 1042.499788] ? copy_mnt_ns+0xa00/0xa00 [ 1042.500154] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1042.500626] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.501112] do_syscall_64+0x33/0x40 [ 1042.501449] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1042.501917] RIP: 0033:0x7f0b176ffb19 [ 1042.502259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.503904] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1042.504603] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1042.505254] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1042.505888] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1042.506528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1042.507176] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:01 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 13) [ 1042.569483] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1042.599297] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1042.603442] FAULT_INJECTION: forcing a failure. [ 1042.603442] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.604456] CPU: 0 PID: 12423 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1042.605041] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1042.605786] Call Trace: [ 1042.606017] dump_stack+0x107/0x167 [ 1042.606336] should_fail.cold+0x5/0xa [ 1042.606665] ? create_object.isra.0+0x3a/0xa20 [ 1042.607054] should_failslab+0x5/0x20 [ 1042.607380] kmem_cache_alloc+0x5b/0x310 [ 1042.607732] create_object.isra.0+0x3a/0xa20 [ 1042.608108] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1042.608552] kmem_cache_alloc_trace+0x151/0x320 [ 1042.608948] legacy_init_fs_context+0x44/0xe0 [ 1042.609340] ? generic_parse_monolithic+0x1f0/0x1f0 [ 1042.609771] alloc_fs_context+0x4fd/0x840 [ 1042.610135] path_mount+0xaa3/0x2120 [ 1042.610465] ? strncpy_from_user+0x9e/0x470 [ 1042.610829] ? finish_automount+0xa90/0xa90 [ 1042.611196] ? getname_flags.part.0+0x1dd/0x4f0 [ 1042.611591] ? _copy_from_user+0xfb/0x1b0 [ 1042.611958] __x64_sys_mount+0x282/0x300 [ 1042.612306] ? copy_mnt_ns+0xa00/0xa00 [ 1042.612646] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1042.613086] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.613527] do_syscall_64+0x33/0x40 [ 1042.613846] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1042.614280] RIP: 0033:0x7f0b176ffb19 [ 1042.614594] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.616138] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1042.616773] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1042.617370] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1042.617988] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1042.618580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1042.619175] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="2c00949f7f09a11b50866a2a3fc917024396f87c32a80390f1aee0e58cbfb7a0d4b59b9dd50943f98c58b258e0c0b1f17cb7484c98cdbdf0dd2066b92d4ae42023a5e7037a8bf844992956a1885ff2970329a43b550a6bb9225a7a8ecc4f97b162216ea8238271d295e81c32cb05b568ad109c533b87e0720da48fa666a8e7f425650e7cc51872b4c07e9350a4d6991a43b3ea98872c0b8a5e1d7abc26b6a0207ae1"]) 04:50:01 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:01 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:01 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:01 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000380)={0x53, 0xfffffffffffffffe, 0xee, 0x1, @scatter={0x1, 0x0, &(0x7f0000000180)=[{&(0x7f0000000100)=""/50, 0x32}]}, &(0x7f0000000240)="ef1625326407bcf578693de81d56ae6c0dd4bcc58303a2e36a3c9cc0901b6e76d2f6cefebd60b277822f4e1284624c73717c1bd68ffbb6d4522e28cf338453f7cf2d69c194ef40892ce8f44b1f734f9aa7d922a9172eabc942745149a1f6d36527e1289378abc545f04a8dfe880abd074a9beaf93419d74166edaabc0c7bd1a306a6e6ef0a0a8bae84856df9bf808d50a412ac3cd668246c55d75ccd7f4db093a5f681f8784cbd685eed9e301e7c8790139d4312555f5672d73c844a036f6bceefadc47ebd3d239cd5ddafb0c08ce46670307ffdb8fe1a89c0083b7959a2bf9f6e697fcfaa0629e243f824c5109c", &(0x7f0000000440)=""/4096, 0xb68, 0x2, 0x0, &(0x7f0000000340)}) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000001440)={0x0, 0x3, 0xfffffff9, 0x5, 0xfffffff8}, 0x14) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000046c0)=[{{&(0x7f0000001480), 0x6e, &(0x7f0000001740)=[{&(0x7f0000001500)=""/31, 0x1f}, {&(0x7f0000001540)=""/210, 0xd2}, {&(0x7f0000001640)=""/80, 0x50}, {&(0x7f0000001e00)=""/4096, 0x1000}, {&(0x7f00000016c0)=""/81, 0x51}], 0x5, &(0x7f00000017c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x98}}, {{&(0x7f0000001880)=@abs, 0x6e, &(0x7f0000001c80)=[{&(0x7f0000001900)=""/104, 0x68}, {&(0x7f0000001980)=""/150, 0x96}, {&(0x7f0000001a40)=""/70, 0x46}, {&(0x7f0000001ac0)=""/245, 0xf5}, {&(0x7f0000001bc0)=""/188, 0xbc}, {&(0x7f0000002e00)=""/4096, 0x1000}], 0x6, &(0x7f0000001d00)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000003e00)=@abs, 0x6e, &(0x7f0000004140)=[{&(0x7f0000001d40)=""/32, 0x20}, {&(0x7f0000003e80)=""/208, 0xd0}, {&(0x7f0000003f80)=""/115, 0x73}, {&(0x7f0000004000)=""/94, 0x5e}, {&(0x7f0000004080)=""/176, 0xb0}], 0x5}}, {{&(0x7f00000041c0)=@abs, 0x6e, &(0x7f0000004240), 0x0, &(0x7f0000004280)=[@rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}, {{&(0x7f00000042c0)=@abs, 0x6e, &(0x7f0000004400)=[{&(0x7f0000004340)=""/130, 0x82}], 0x1, &(0x7f0000004440)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xc0}}, {{&(0x7f0000004500)=@abs, 0x6e, &(0x7f0000004640)=[{&(0x7f0000004580)=""/41, 0x29}, {&(0x7f00000045c0)=""/89, 0x59}], 0x2, &(0x7f0000004680)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x40}}], 0x6, 0x12062, &(0x7f0000004840)) openat(r4, &(0x7f0000004880)='./file1\x00', 0x482000, 0x14) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1042.703561] sd 0:0:0:0: [sg0] tag#0 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK cmd_age=0s [ 1042.704408] sd 0:0:0:0: [sg0] tag#0 CDB: opcode=0xef (vendor) [ 1042.704930] sd 0:0:0:0: [sg0] tag#0 CDB[00]: ef 16 25 32 64 07 bc f5 78 69 3d e8 1d 56 ae 6c [ 1042.705620] sd 0:0:0:0: [sg0] tag#0 CDB[10]: 0d d4 bc c5 83 03 a2 e3 6a 3c 9c c0 90 1b 6e 76 [ 1042.706328] sd 0:0:0:0: [sg0] tag#0 CDB[20]: d2 f6 ce fe bd 60 b2 77 82 2f 4e 12 84 62 4c 73 [ 1042.707051] sd 0:0:0:0: [sg0] tag#0 CDB[30]: 71 7c 1b d6 8f fb b6 d4 52 2e 28 cf 33 84 53 f7 [ 1042.707753] sd 0:0:0:0: [sg0] tag#0 CDB[40]: cf 2d 69 c1 94 ef 40 89 2c e8 f4 4b 1f 73 4f 9a [ 1042.708466] sd 0:0:0:0: [sg0] tag#0 CDB[50]: a7 d9 22 a9 17 2e ab c9 42 74 51 49 a1 f6 d3 65 [ 1042.709175] sd 0:0:0:0: [sg0] tag#0 CDB[60]: 27 e1 28 93 78 ab c5 45 f0 4a 8d fe 88 0a bd 07 [ 1042.709901] sd 0:0:0:0: [sg0] tag#0 CDB[70]: 4a 9b ea f9 34 19 d7 41 66 ed aa bc 0c 7b d1 a3 [ 1042.710591] sd 0:0:0:0: [sg0] tag#0 CDB[80]: 06 a6 e6 ef 0a 0a 8b ae 84 85 6d f9 bf 80 8d 50 [ 1042.711301] sd 0:0:0:0: [sg0] tag#0 CDB[90]: a4 12 ac 3c d6 68 24 6c 55 d7 5c cd 7f 4d b0 93 [ 1042.712003] sd 0:0:0:0: [sg0] tag#0 CDB[a0]: a5 f6 81 f8 78 4c bd 68 5e ed 9e 30 1e 7c 87 90 [ 1042.712703] sd 0:0:0:0: [sg0] tag#0 CDB[b0]: 13 9d 43 12 55 5f 56 72 d7 3c 84 4a 03 6f 6b ce [ 1042.713427] sd 0:0:0:0: [sg0] tag#0 CDB[c0]: ef ad c4 7e bd 3d 23 9c d5 dd af b0 c0 8c e4 66 [ 1042.714147] sd 0:0:0:0: [sg0] tag#0 CDB[d0]: 70 30 7f fd b8 fe 1a 89 c0 08 3b 79 59 a2 bf 9f [ 1042.714826] sd 0:0:0:0: [sg0] tag#0 CDB[e0]: 6e 69 7f cf aa 06 29 e2 43 f8 24 c5 10 9c [ 1042.758311] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:01 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe26, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r2 = getpid() getpgid(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee01}}, './file0\x00'}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r4, 0x3) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffef9, 0x7) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x6, 0x8f, 0x1, 0x7, 0x0, 0x8, 0x80, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x40, 0x1, @perf_config_ext={0x3}, 0x40, 0x1ff, 0x5, 0x5, 0x1, 0x6, 0x163, 0x0, 0x7ff, 0x0, 0x81}, r2, 0x0, r5, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="2321202e2f66696c6531207472616e733d66642c202d7b5d7b2e287d2e1b28632c67202f262d2a0a0f76a967668fe936c5ef5bbc161a4c430ece22fa46d5ed3a8b483671d38dd5748ebc46fcbef40eb62c45"], 0x52) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r6}}) 04:50:01 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file2\x00', 0x200, 0x10) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) ioctl$TIOCGSID(r0, 0x5429, &(0x7f0000000480)=0x0) clone3(&(0x7f0000000500)={0x201000, &(0x7f0000000300), &(0x7f0000000340), &(0x7f0000000380), {0x20}, &(0x7f00000003c0)=""/54, 0x36, &(0x7f0000000440)=""/61, &(0x7f00000004c0)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, r6, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x9, {r3}}, 0x58) sendfile(r4, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) syz_io_uring_setup(0x160, &(0x7f0000000240)={0x0, 0x2890, 0x10, 0x1, 0x123, 0x0, r5}, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000100), &(0x7f0000000180)) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000580)={{0x1, 0x1, 0x18, r1}, './file2\x00'}) setsockopt$bt_l2cap_L2CAP_CONNINFO(r7, 0x6, 0x2, &(0x7f00000005c0)={0x2, "8d79c5"}, 0x6) mount$9p_fd(0x0, &(0x7f0000000600)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1042.801642] sg_write: data in/out 1818846731/36 bytes for SCSI command 0x26-- guessing data in; [ 1042.801642] program syz-executor.1 not setting count and/or reply_len properly 04:50:01 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 14) [ 1042.886125] FAULT_INJECTION: forcing a failure. [ 1042.886125] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.887054] CPU: 0 PID: 12445 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1042.887623] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1042.888299] Call Trace: [ 1042.888525] dump_stack+0x107/0x167 [ 1042.888822] should_fail.cold+0x5/0xa [ 1042.889141] ? v9fs_mount+0x5a/0x8f0 [ 1042.889451] should_failslab+0x5/0x20 [ 1042.889772] kmem_cache_alloc_trace+0x55/0x320 [ 1042.890156] ? v9fs_write_inode+0x60/0x60 [ 1042.890496] v9fs_mount+0x5a/0x8f0 [ 1042.890791] ? v9fs_write_inode+0x60/0x60 [ 1042.891143] legacy_get_tree+0x105/0x220 [ 1042.891483] vfs_get_tree+0x8e/0x300 [ 1042.891786] path_mount+0x1429/0x2120 [ 1042.892117] ? strncpy_from_user+0x9e/0x470 [ 1042.892483] ? finish_automount+0xa90/0xa90 [ 1042.892837] ? getname_flags.part.0+0x1dd/0x4f0 [ 1042.893228] ? _copy_from_user+0xfb/0x1b0 [ 1042.893596] __x64_sys_mount+0x282/0x300 [ 1042.893917] ? copy_mnt_ns+0xa00/0xa00 [ 1042.894245] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1042.894672] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1042.895103] do_syscall_64+0x33/0x40 [ 1042.895416] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1042.895834] RIP: 0033:0x7f0b176ffb19 [ 1042.896134] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1042.897630] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1042.898257] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1042.898857] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1042.899454] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1042.900025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1042.900607] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xb, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:50:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:14 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:14 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:14 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r0, 0xc0189378, &(0x7f0000000100)={{0x1, 0x1, 0x18, r1, {r3}}, './file1\x00'}) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$NL80211_CMD_DEL_PMKSA(r5, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x44, r6, 0x100, 0x70bd2d, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x9, 0x49}}}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x1}, @NL80211_ATTR_PMK={0x14, 0xfe, "104f48480099e72f51e3efb821afd1c2"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x45}]}, 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x20040055) sendfile(r3, r4, 0x0, 0xffe3) sendmsg$nl_netfilter(r5, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x3000002}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x1c, 0x5, 0x9, 0x3, 0x70bd28, 0x25dfdbfe, {0x3, 0x0, 0xa}, [@typed={0x8, 0x25, 0x0, 0x0, @pid=0xffffffffffffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2044840}, 0xc0) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}}) 04:50:14 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, 0x0, 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:14 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:14 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 15) [ 1055.769824] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1055.804130] FAULT_INJECTION: forcing a failure. [ 1055.804130] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.806163] CPU: 0 PID: 12568 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1055.807353] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1055.808781] Call Trace: [ 1055.809244] dump_stack+0x107/0x167 [ 1055.809893] should_fail.cold+0x5/0xa [ 1055.810541] ? create_object.isra.0+0x3a/0xa20 [ 1055.811340] should_failslab+0x5/0x20 [ 1055.812004] kmem_cache_alloc+0x5b/0x310 [ 1055.812696] ? cred_has_capability.isra.0+0x152/0x2b0 [ 1055.813583] create_object.isra.0+0x3a/0xa20 [ 1055.814363] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1055.815234] kmem_cache_alloc_trace+0x151/0x320 [ 1055.816032] ? v9fs_write_inode+0x60/0x60 [ 1055.816785] v9fs_mount+0x5a/0x8f0 [ 1055.817395] ? v9fs_write_inode+0x60/0x60 [ 1055.818167] legacy_get_tree+0x105/0x220 [ 1055.818806] vfs_get_tree+0x8e/0x300 [ 1055.819367] path_mount+0x1429/0x2120 [ 1055.819929] ? strncpy_from_user+0x9e/0x470 [ 1055.820554] ? finish_automount+0xa90/0xa90 [ 1055.821185] ? getname_flags.part.0+0x1dd/0x4f0 [ 1055.821892] ? _copy_from_user+0xfb/0x1b0 [ 1055.822511] __x64_sys_mount+0x282/0x300 [ 1055.823111] ? copy_mnt_ns+0xa00/0xa00 [ 1055.823702] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1055.824475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1055.825228] do_syscall_64+0x33/0x40 [ 1055.825797] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1055.826546] RIP: 0033:0x7f0b176ffb19 [ 1055.827090] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1055.829787] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1055.830889] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1055.831920] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1055.832956] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1055.834005] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1055.835039] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:14 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r1 = socket$inet_udp(0x2, 0x2, 0x0) fallocate(r0, 0x10, 0x2, 0x24) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) r3 = openat$null(0xffffffffffffff9c, &(0x7f0000000440), 0x545580, 0x0) preadv2(r3, &(0x7f00000006c0)=[{&(0x7f0000000480)=""/144, 0x90}, {&(0x7f0000000540)=""/162, 0xa2}, {&(0x7f0000000600)=""/154, 0x9a}], 0x3, 0x61c, 0x3, 0x1) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB]) 04:50:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1055.865809] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1055.879595] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:29 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x10, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:50:29 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 16) 04:50:29 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:29 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000340)={0x53, 0xfffffffffffffffd, 0x4e, 0x34, @buffer={0x0, 0x44, &(0x7f0000000240)=""/68}, &(0x7f00000002c0)="86faff73c3203e167523b559412c3398172b73d52e706341e1a438723e936103836d5cb730d0ca9d9ab21207e07de528ef67b69b8a952137286219cdca597b2e96385b7115a5a33d3ab9ec8ab81d", &(0x7f0000000440)=""/211, 0x3, 0x20, 0xffffffffffffffff, &(0x7f0000000100)}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:50:29 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:29 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1070.727047] FAULT_INJECTION: forcing a failure. [ 1070.727047] name failslab, interval 1, probability 0, space 0, times 0 [ 1070.728775] CPU: 1 PID: 12692 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1070.729793] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1070.731008] Call Trace: [ 1070.731404] dump_stack+0x107/0x167 [ 1070.731952] should_fail.cold+0x5/0xa [ 1070.732530] should_failslab+0x5/0x20 04:50:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1070.733102] __kmalloc_track_caller+0x79/0x370 [ 1070.733919] ? v9fs_session_init+0xa7/0x1680 [ 1070.734562] ? kernel_text_address+0xf2/0x120 [ 1070.735247] kstrdup+0x36/0x70 [ 1070.735736] v9fs_session_init+0xa7/0x1680 [ 1070.736371] ? lock_release+0x680/0x680 [ 1070.736964] ? find_held_lock+0x2c/0x110 [ 1070.737584] ? kmem_cache_alloc_trace+0x151/0x320 [ 1070.738305] ? v9fs_show_options+0x690/0x690 [ 1070.738966] ? trace_hardirqs_on+0x5b/0x180 [ 1070.739644] ? kasan_unpoison_shadow+0x33/0x50 [ 1070.740324] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1070.741075] v9fs_mount+0x79/0x8f0 [ 1070.741602] ? v9fs_write_inode+0x60/0x60 [ 1070.742232] legacy_get_tree+0x105/0x220 [ 1070.742839] vfs_get_tree+0x8e/0x300 [ 1070.743392] path_mount+0x1429/0x2120 [ 1070.743978] ? strncpy_from_user+0x9e/0x470 [ 1070.744622] ? finish_automount+0xa90/0xa90 [ 1070.745263] ? getname_flags.part.0+0x1dd/0x4f0 [ 1070.745955] ? _copy_from_user+0xfb/0x1b0 [ 1070.746581] __x64_sys_mount+0x282/0x300 [ 1070.747194] ? copy_mnt_ns+0xa00/0xa00 [ 1070.747780] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1070.748568] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1070.749337] do_syscall_64+0x33/0x40 [ 1070.749904] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1070.750671] RIP: 0033:0x7f0b176ffb19 [ 1070.751226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1070.753909] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1070.753928] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1070.753937] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1070.753946] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1070.753955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1070.753965] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:29 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1070.809285] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1070.826613] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) ioctl$BTRFS_IOC_LOGICAL_INO(r2, 0xc0389424, &(0x7f0000000180)={0x5, 0x20, '\x00', 0x1, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0]}) 04:50:30 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:30 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:30 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 17) 04:50:30 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1071.004546] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:30 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1071.038581] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1071.059374] FAULT_INJECTION: forcing a failure. [ 1071.059374] name failslab, interval 1, probability 0, space 0, times 0 [ 1071.061092] CPU: 0 PID: 12719 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1071.062111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1071.063307] Call Trace: [ 1071.063700] dump_stack+0x107/0x167 [ 1071.064235] should_fail.cold+0x5/0xa [ 1071.064796] should_failslab+0x5/0x20 [ 1071.065356] __kmalloc_track_caller+0x79/0x370 [ 1071.066031] ? v9fs_session_init+0xa7/0x1680 [ 1071.066673] ? kernel_text_address+0xf2/0x120 [ 1071.067346] kstrdup+0x36/0x70 [ 1071.067824] v9fs_session_init+0xa7/0x1680 [ 1071.068453] ? lock_release+0x680/0x680 [ 1071.069053] ? find_held_lock+0x2c/0x110 [ 1071.069648] ? kmem_cache_alloc_trace+0x151/0x320 [ 1071.070370] ? v9fs_show_options+0x690/0x690 [ 1071.071018] ? trace_hardirqs_on+0x5b/0x180 [ 1071.071671] ? kasan_unpoison_shadow+0x33/0x50 [ 1071.072354] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1071.073100] v9fs_mount+0x79/0x8f0 [ 1071.073627] ? v9fs_write_inode+0x60/0x60 [ 1071.074243] legacy_get_tree+0x105/0x220 [ 1071.074850] vfs_get_tree+0x8e/0x300 [ 1071.075403] path_mount+0x1429/0x2120 [ 1071.075964] ? strncpy_from_user+0x9e/0x470 [ 1071.076603] ? finish_automount+0xa90/0xa90 [ 1071.077237] ? getname_flags.part.0+0x1dd/0x4f0 [ 1071.077917] ? _copy_from_user+0xfb/0x1b0 [ 1071.078545] __x64_sys_mount+0x282/0x300 [ 1071.079141] ? copy_mnt_ns+0xa00/0xa00 [ 1071.079716] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1071.080485] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1071.081258] do_syscall_64+0x33/0x40 [ 1071.081823] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1071.082581] RIP: 0033:0x7f0b176ffb19 [ 1071.083130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1071.085820] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1071.086954] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1071.087989] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1071.089021] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1071.090080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1071.091120] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:30 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r0, 0xc018937c, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x8}}, './file1\x00'}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:50:44 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:44 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000340)={0x53, 0xfffffffffffffffd, 0x4e, 0x34, @buffer={0x0, 0x44, &(0x7f0000000240)=""/68}, &(0x7f00000002c0)="86faff73c3203e167523b559412c3398172b73d52e706341e1a438723e936103836d5cb730d0ca9d9ab21207e07de528ef67b69b8a952137286219cdca597b2e96385b7115a5a33d3ab9ec8ab81d", &(0x7f0000000440)=""/211, 0x3, 0x20, 0xffffffffffffffff, &(0x7f0000000100)}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:50:44 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x700, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:50:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x0, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:44 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 18) 04:50:44 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:44 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() ioctl$FIOCLEX(r1, 0x5451) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r3, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0) ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000000040)) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r3}, r5, 0x4, @inherit={0x58, 0x0}, @devid}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000440)={{}, r5, 0xe, @unused=[0x1, 0x7, 0x400, 0x7], @name="1b3079cbec45ae682c347b2e9dd42819076d19ff9868a9292cf67a972a64231874712fc46ed8891c4be9db3aa6ec54a116be89a756ccf0cb5f7a4b967a7433171a9b31e8105b950ee904a002a8461df1ee5ce2d7c5ea43d72a718f1bbb8aa0c357ea9178d4d02277076b8671d9b3b7f08da2c1a34ac738a08c37befc7478e5d39880721d67098abc65913483a3ac1c3e648bbd228e9c2376114e4809850556472b5260676bd5d9b96a4afbd9e034f4c1ee0dfcaf224f7e5d8aa9246964ce145cb6d29bb8ea19182c707495bb5278ea635a31f8e147028c0892c2eb011193dd0b5e0fc0f9fe6ad8c6f839db324c5773b82c24df0b9863e295ec10bc31bb3b2090880a3a6429124a77a204e539254ed4321442ef34fafd62e28c1244cdff79bd65e1d7e91a85a273daa517972b0d46546859c647d2503476d8a6017a51e9005bc93d18ce56d38f62457689400115d9a185bb8e25503f49decea11f03e697644022a91ab856802df1d9d57e361bb6bef501a17276bbb251f861ff2994d25043380acedb73d95256fa5ed84d9d59ae92063a116513961f6a297326fb0ceb404b4422d8f3da0637d87f50042c515e26e227e3fb5d1f90b0d3e8632d482859c8c2187485fcc00e5b56da3a107cdd958974aa211405a80f38ca036c5e25475cafe044acaf8171c4a981988f68d79031890bc1790cd26b284c0faf3585654aa71fda97c6936bfcaa6872076c80a1891708a49869b837711883abb624f7f25af4f78c623ba1f739263676ee6c78a1a45e8ae8a9fa29040a956f67f6ea200426ce020e7be2f9ea23c139079b9456582a2d19708eb4a2ed7909c8ab06ee9f6ee1c1a1f539bcb6345a1296eeb10a031c4ea1bbbf7d488fc31a50be2a571dcf4f16607fd9d76973d136e4933b6d434bda643bbea5e44ec85882caa543215ad924e418cee2a920d5434e23f2b4791278c7feb5315d3d327ebbca9ff17bb0aac193480ce9c6a57fcd8dd5f461d34af0cfb4ba020c80b2a61747a00ad694f66671ce79520d6e4743a186220f18c38668fe93a9eb09cc1fa9376da4ff61ccf7aaddb1e01537e053edcc6c39d6fd26c8197f803e2adc139c86d4901b1ffae7cf9216a50bede51c004f3c53f05b319bd827988cadad6de2f0bd6c9ad98029c37e802e63a3b6f267f4070ae9fe08ff472def24fb36722675c6a707d8f6bc251b9d88a41389e568390116bfdd52a21c1323a8f285a8061076274effa5695410f9d03e1d48ea4d1b78245e1f79dea0f33204fc35677b24a6d4423030bba487190a131444c62c4d3b1a6e226697ae555a088897e41926faf26f6864aefb948d6dd0831a327bad95197280e74d36114bcde2548529f8aefecbdec846f14348884659354a1963860a46448a81818b20f360d0f2cfb40e2728e414a959a8b41c427a4237ad640b7eea364eeef79c1174dbd8e11cfbd62f0f06f75fc34e4aebfdeaaae68af662a8d907ecf5882183949f7676d421df0ff33a9561903e1454e46328263508374ce0e95d8db18ea03fdd5f8201c252e758be952dc1b3e100d976114b18af7db2546ea3554dbe3c5a1303835e2e2d881e2a2d2a928a01a3ba4e30f5d54ed3371a9a4d79a09372b1c94538cca0cafe6548dfc1a67435c4734d632a0e4d07ea1d25015b357d3322b73b1b537dde8eb49f6a6c6ff345bec9cf110fdfa0770160f62806c5dac8ef2b2c1e99080e2a7b1eda8736801d695496ba0faa6787d075250024d53f582ed8a2483b182728dcc3b39d80247e9e45b02b9353d90455c636822bcbf39827f50a8d347f9cf6d80ff7f354af7463c0b04774816cb267b16557888bde8f1e3cf8cd9dde91dc20df5ebdf4d659aa1daae6879e9b9f69239f750b6c3a92ae88464804a9d3e09b77f47cecad9e06cbf6cbf329ad5ac50ee3ddc04ef86c309838d4cc0d14a0ad6d134d0f71e1c8fc3393987f69ea4410ea2e237e46fdbf9fc3351b10af8a50df0d3e8c277127fad0a648fae78283301e631fb8f664497f93ab837898dc29cc7d3662330e9535d9412037ce5cf2f9c9be14110fa2f92b3d447ef6545c7fbfe08eee6282bc8b2508e9adafccea3e177a2cc4035c1e234c5cf7cf20cd39e179f5da8989077b037a22358c5064ff031ad378f7bcae41e7d7c8e14751cbda601e4df9ea885aafcebf1a0fe41a93196572f2e37b308445df7b0d862b22f8d922c85bcfa3c4b27f48ac0db4d63e1d07d795e4cfd424a926b8f33ff0bd3128f12a12201d2a89170046fd3cefa1d6b12a5cae037c94b7ba6ebe235b021249e0024217a4f6d782bfb5a16bf4435fa83fcc2cd163eb996afdf7f5fcd72ba50d9b8475f10bc7a589a5995267ddce92fecb7ca0ed9ea5c47167b35c795e46b190a5889810246ffcc2a1bab8b630d75141b03a4bbd2aa5f348ad4bbd12e82eafc48d1b1a2f54dcc298703ed082496771a989de5d22792ebfe437d08fc23fa2372750605df0e0bf6490a4271d88953cb9759403fd54c6590597d60f65209f2391c2ce9721ba56eecb759a3df6874235503a968aa42f2f5dd98bff5c0fc5e721d4bfe2834591918cec8a5b0064ba024307498b4c70dcd805362a9528a448d1e3f42f6cf5aa1fd1fcf7fd016cd95573636e5b77d81cbe65f922804f4d8371c83087c8ccbbb8912e9f736dc7b26213d3cf65d2f92876c383575e89e8163e2d4984619ba00c690a623f0c79c9bbeccc55824850f32223109175eb45feb0068dfa8c57d847cf2673cd391db8ed5461fb80293c7c83ce35f3d63252d983f0b224e6c90f250dbe4eec6b97b940571f2d860f1cc24844f6065e403e0ae516b73b90210d9d8cb93869ae02876d4c0ca9f78993e6eb310ed2e48d0f44df1d8608709c1b40bf310e712dc9d2fdbb38a56c443e61c05a5f1ec091eb786a00db18946833cbc12ca596164a84bd1dbf5b488a8117ae95d1a1aa219abfbd558f49a87e4cc1b2d164d5826dc665b6618e3da598a2c67e5d34592e700f7d97c8b8a63ee944a237bab43a35d7f669b74f827c2f1e0d9e80ad4a1ae2312eaa74a9d0f7b3a72d6f9afef15eac1cf0d192271c100830c24ce120c27ea277a14dda3764b59f81ae2bbc13b470411e34432dbbfe024644ad437c9b620803a47e29ef62f1d727ac77bcfd92731c7fc5e5daeaaeb5118f245ba76745714ff23a8fb2d70502b6384d1b04b1b5295dccb9e71126e5c7af7f691e195fb40c680959250754c6f9d5ff692356d0447690baa7e308fc0b0780d73fbea0736d81706b5a2f576fc6466884627f2d6c1184e77b38f0e5c73b027119e817b29a3c6ab584f439c4b37d02f72cd84dc1bae5bd210108127b7f22e53470c607e1fd6b47f9d87fc28cbebbf8654d0bb942e9101f02f0502a656c633e52e3347086d788f54bc4da0725c691db82d93ee3f5bf556c2d9d27c3bf3660332bf7186130b3a1477dab1cf8c8d7c952b239ad79932fd64f2f744c977349d135652179d7228f2b6e2b495ddc993d4f3b4e50cab6767304642ec4bb36acc963d0b8898abf4a8c63656d45f689693248379e27cd51a52bc9e0125c5b44f2f2e47fcb7224197187fa051d80f0c97886112bc66086f618a5b68d543830cdf241717fe6296164a3800dc1f95ff09aba3b4fe58a708a64a56a83938f2eba469bee29079d87b1e98e492e59c8dd81973023d2211928557839c037c924ededa33b4c21c90ea12461e1a7a517ccf4e59521bf5e406c3ce0622222bd9d556a0649948a7af49ed291491b02446f3dc2813ba3d06c3e56e74c683b47032e8b610e5ec54386ed230c5a56928b90f6174e38e78114c6a9dca944d913011876caea7182af296607f84bdc74f8f1632f7d9f84ca2e3b0278734f661b0edd4466a4033fc794e9c0cc6b6c5d683623be1f4760f265ab56995a835fb7f959497ec1128a35c81b914f5940ceea1a33c5ed488389fea91e2a56991e4d204fd6843b6a463bb434f7348514720b0ec973b408bf90f8b659bd553349a692a01d6136f42a40bf44ca8468f16075aecc31ccebdbd285c9be6d1ea0f0df3feba3b69a44738c2681c593bd16eb82a082466fd7edcca0d37d13f5f70145f6c877c47b32261e36d273d7ed922cc7df17abfb81d690a42d09af995db95bd0e2790051bfb62c872ceb76b36703ded3dd583efeff0378b2b8b2809ad31242467d19fb5a1b107848b1f81f60b367a4fafb1aa3b026d67f49114f49adfd416b21cc5403041e5d0810651fcdcaea369279555ba8bfedf397d28f2a7e0a658d25c442a5a95053278b90ebbd6e24b29c0c8ac4529bc1e7adfa91fb6c2e82fd9fe5e30192ed487e4909141dbcd02171f3f05fbcbb982443df02f367b4a4184e724770d3643cc1843d771937834b2f62232025ecd23152ebaac59c626f3748aefdcc9f8f884300715d95cced2ee10eb05f021fbc526305143d9449900c174b3d1acf41b1e226795f148e7b21d8034b063768802b1f2adb68fb3fe71795c20e9129e212514fa210a0eb5923345cc4f6344ce2626e6a2ae9e009e5854f0a6c0ee38ad500ec06adb737bf3b42d6a6a023d61f330b541f3e5d3cc2b69015a5ddb48173c5e46637fa05d348941d9e7b55934288bb5fc09ee64c2021a2784e28a1096dbaa3d0d03ca811fa34f6c55ef139ddcfa91412e74f00ffe3deb882a73af556a6c663b6676e9775d5e9c5715be6deb1322606ecdb4c6f61416fad3992bc419b4fadf568d30b21b433202368986af36bad383213db40c2a4f7a8fb96609876b1dab9bc7ba94c8a2aab352887aeeca4ff643f4c25df5e725d34364bde4f772c8a2ddbb59b3e0972b3dc9979ff90ccc04b4272a0e4b4bdf0f0ec141d4d0c198e5d085b6bb227bec0473d9ef06a28d7da8c92f91a4287001bd3dc8bc72ca9fe1a3114d53dc2a1590de184247c71acd1cf00ccf97658a06f4d1c8e258cdb1554b9961ad8642ad4cce3b98f62e0ec62897dcb47ae3aa4fc12327cdb64ecc2264e15b34d9d589ed9c0efa5034ca8ce63c5db080c4c8e81280e3aa71473e7af78df8c0def11ef922ce2a91b105c276a7ac69aa8bd4ac15ed00a1fbd4b5432d7c1a593dbf29d48d240de518dbf4980125960862bd1e1274bc47ccb0ea7caf3b393167459f9d2fc74b9859115cc8339e654cfbc284ee64381cd440d71d8a6c723f4dd6ea29f49234db8cda6f1a63e4b689b20989e7e1d3b7256d62eb692de8ce0b335e40fbe89e27348f07e752d642d54d15749f181288057855810acf2033b52d95f1f89895f99a9caca008c317158b45b8a0ccb9016f4f914055f221f196e0c7dc31c0d1a9b3b283ac7e8ac311da0adb3199fbfce83589049fea84bb5cf49f88125970ff529c18bf49e22d3683587211eea454a002fffc60803aacfaee8d2f8d9d0d3be93e14c7a87d6c672674fb5bd561902632c231d44b16a3fe6dec6ed3c0f587b1c1c832f2896cb0ff306e072d1521739d663aefd0871262b71af62c2ce3bfb69f4e575b2f7876d8dc5439e9051a4cdf444030de5e4c3b98474f48405e120492563efb29caaf065b9e35b9e18220ad28ea1c9a535fe9a272fe8605477dd24dcbbe84b74860f7d788a61d6b547244aa7a09248f19dbeb40b95761d28fb8dec480923aa3ea329a30f83bce11a8ae93e7e5f83c8d58579083d2735c37c50a72c881539a746b2330387b83bbc9818fed83e0f5e7fbb7fefe52bb8d4c04e6aac"}) getpgid(r2) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x20, 0x20, 0xc1, 0xc2, 0x0, 0x3, 0x80, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3f, 0x4, @perf_config_ext={0x81, 0x7}, 0x40, 0xa, 0x5, 0x2, 0x6f, 0x0, 0x9, 0x0, 0x40, 0x0, 0xbd4}, r2, 0xd, r0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1084.955853] FAULT_INJECTION: forcing a failure. [ 1084.955853] name failslab, interval 1, probability 0, space 0, times 0 04:50:44 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1084.957726] CPU: 0 PID: 12850 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1084.957735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1084.957741] Call Trace: [ 1084.957764] dump_stack+0x107/0x167 [ 1084.957782] should_fail.cold+0x5/0xa [ 1084.957807] should_failslab+0x5/0x20 [ 1084.957825] __kmalloc_track_caller+0x79/0x370 [ 1084.957841] ? v9fs_session_init+0xe9/0x1680 [ 1084.957863] ? kernel_text_address+0xf2/0x120 [ 1084.957887] kstrdup+0x36/0x70 [ 1084.957903] v9fs_session_init+0xe9/0x1680 [ 1084.957923] ? lock_release+0x680/0x680 [ 1084.957938] ? find_held_lock+0x2c/0x110 [ 1084.957961] ? kmem_cache_alloc_trace+0x151/0x320 [ 1084.957988] ? v9fs_show_options+0x690/0x690 [ 1084.958014] ? trace_hardirqs_on+0x5b/0x180 [ 1084.958035] ? kasan_unpoison_shadow+0x33/0x50 [ 1084.958055] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1084.958078] v9fs_mount+0x79/0x8f0 [ 1084.958099] ? v9fs_write_inode+0x60/0x60 [ 1084.958118] legacy_get_tree+0x105/0x220 [ 1084.958136] vfs_get_tree+0x8e/0x300 [ 1084.958152] path_mount+0x1429/0x2120 [ 1084.958174] ? strncpy_from_user+0x9e/0x470 [ 1084.958191] ? finish_automount+0xa90/0xa90 [ 1084.958208] ? getname_flags.part.0+0x1dd/0x4f0 [ 1084.958225] ? _copy_from_user+0xfb/0x1b0 [ 1084.958249] __x64_sys_mount+0x282/0x300 04:50:44 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 19) [ 1084.958264] ? copy_mnt_ns+0xa00/0xa00 [ 1084.958285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1084.958303] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1084.958322] do_syscall_64+0x33/0x40 [ 1084.958339] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1084.958350] RIP: 0033:0x7f0b176ffb19 [ 1084.958366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:50:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1084.958376] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1084.958395] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1084.958405] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1084.958415] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1084.958425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1084.958435] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1085.002469] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1085.109327] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1085.125448] FAULT_INJECTION: forcing a failure. [ 1085.125448] name failslab, interval 1, probability 0, space 0, times 0 [ 1085.126403] CPU: 1 PID: 12859 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1085.126984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1085.127690] Call Trace: [ 1085.127932] dump_stack+0x107/0x167 [ 1085.128261] should_fail.cold+0x5/0xa [ 1085.128614] ? create_object.isra.0+0x3a/0xa20 [ 1085.129013] should_failslab+0x5/0x20 [ 1085.129345] kmem_cache_alloc+0x5b/0x310 [ 1085.129686] create_object.isra.0+0x3a/0xa20 [ 1085.130070] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1085.130509] __kmalloc_track_caller+0x177/0x370 [ 1085.130904] ? v9fs_session_init+0xe9/0x1680 [ 1085.131285] ? kernel_text_address+0xf2/0x120 [ 1085.131664] kstrdup+0x36/0x70 [ 1085.131939] v9fs_session_init+0xe9/0x1680 [ 1085.132307] ? lock_release+0x680/0x680 [ 1085.132639] ? find_held_lock+0x2c/0x110 [ 1085.132989] ? kmem_cache_alloc_trace+0x151/0x320 [ 1085.133395] ? v9fs_show_options+0x690/0x690 [ 1085.133770] ? trace_hardirqs_on+0x5b/0x180 [ 1085.134146] ? kasan_unpoison_shadow+0x33/0x50 [ 1085.134533] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1085.134964] v9fs_mount+0x79/0x8f0 [ 1085.135269] ? v9fs_write_inode+0x60/0x60 [ 1085.135620] legacy_get_tree+0x105/0x220 [ 1085.135966] vfs_get_tree+0x8e/0x300 [ 1085.136292] path_mount+0x1429/0x2120 [ 1085.136632] ? strncpy_from_user+0x9e/0x470 [ 1085.136997] ? finish_automount+0xa90/0xa90 [ 1085.137366] ? getname_flags.part.0+0x1dd/0x4f0 [ 1085.137751] ? _copy_from_user+0xfb/0x1b0 [ 1085.138108] __x64_sys_mount+0x282/0x300 [ 1085.138461] ? copy_mnt_ns+0xa00/0xa00 [ 1085.138790] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1085.139227] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1085.139659] do_syscall_64+0x33/0x40 [ 1085.139973] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1085.140395] RIP: 0033:0x7f0b176ffb19 [ 1085.140702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1085.142227] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1085.142864] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1085.143452] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1085.144046] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1085.144638] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1085.145223] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:44 executing program 2: recvmsg$unix(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000100)=[{&(0x7f00000002c0)=""/244, 0xf4}], 0x1, &(0x7f0000000440)=[@rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x70}, 0x2000) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xf6dd}, 0x0, 0xffffffffffffffff, r0, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:50:44 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1085.160377] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1085.236493] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:44 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:58 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x900, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:50:58 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:50:58 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:50:58 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:58 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:58 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.cpu/cpuset.cpus\x00', 0x42, 0x0) io_setup(0x3, &(0x7f00000001c0)=0x0) io_submit(r5, 0x3, &(0x7f0000000340)=[&(0x7f0000000180)={0x0, 0x0, 0x5, 0x1, 0x0, r4, &(0x7f0000000040)='\x00', 0x1}, 0x0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x1, 0xffffffffffffffff, &(0x7f0000000240)="a75ea6d9666205d520bcecb9c8366064642a6b3eb9f53849bc2b83c88f23357ebf7cbc452238f824172e991c59a47a026f34b36302aa19d6710571b7926594dda198f218b7614e5cfde1baadf50b9ee6e179c88a6c3bfad7d47eea94477671d8438c29", 0x63, 0x0, 0x0, 0x3}]) r6 = socket$unix(0x1, 0x5, 0x0) r7 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000940), 0x8000, 0x0) r8 = eventfd2(0x1, 0x80800) io_submit(r5, 0x7, &(0x7f0000000d00)=[&(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x200, r0, &(0x7f00000007c0)="943764817934b5b8908fa564077fb6e41fc962487932", 0x16, 0x0, 0x0, 0x1}, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1000, r6, &(0x7f0000000840)="4b70a9fbdbcdd843185e66dbf24ddeb1d977289cb2f7bc33b660185c6eaaac6a230eb61a975a6dcca86eacd632de8555aba2ff7057729d84efcc5704122cdef591085bfadf458faaf15301fabf47992f5f44ef10de0397e91579a0b1f098b51ef903a280ac532cce0d61ccbe5d651b233f4a2465168b62e3f5a3ba3d7473b6c83de3bb239119f4bee0aa109a0a9c1115f711dab297e8a11d01f3638f5066a3cc99dfd8dcb8b11408eed5e7131a88e865402e85bdd6616a894c6c212ad009c49cb3baa9223ad8d526aabf49a330db71e5e80f2fb863e99862106dfc9760ebdd34a83d91661f0c6f8b1cacad41", 0xec, 0x7, 0x0, 0x2, r7}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x8, 0x0, r0, &(0x7f00000009c0)="b092b13daa20", 0x6, 0x8b, 0x0, 0x0, r2}, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x5, 0x5, r0, &(0x7f0000000a40)="3220890234442bb71e2ee08e02f7e330a65d36f86ebacd8c8b5bdbd4d36b21605e7a96fbddf55d113221102c409d06c30e567f79bc92dab2f434b6497f0b5554f9ae3ac651cb0a6c1df98430475a5c78686f0f818563242102f76dfdc546e49f980cb9e2baad0b9418bd92993b55ad0723f371", 0x73, 0x401, 0x0, 0x1, r8}, &(0x7f0000000b80)={0x0, 0x0, 0x0, 0x3, 0x7, r0, &(0x7f0000000b00)="a71f800b17a49cf18aaf2e10bf079e43d15f16df0c1b79125fdb416f80cdb53cc144026a65c8e3dcda1c50b32f2ae2e3d4ff882ac766f53bb058a6d93058b72f2f60070daa620117bdfad3b22d70b87f6b887edc8a39d543eb3a1280692ab647973baa5fb8b0", 0x66, 0x7fffffff, 0x0, 0x2, r2}, &(0x7f0000000c40)={0x0, 0x0, 0x0, 0x8, 0x3f, r2, &(0x7f0000000bc0)="fe965c2650ee80c469efc7150d167504f12c455f7644e3881c97e55197200eb96e8231f073a60ac6741e6f51b5a03dec3db0984da46d74c8af0ed0a1d548a0f51ef687e5b7e823d7996db3969c02f5e8eaaa53a89fee29d74ffa05404b4476247d0499b0b864b2227f4fc7692a547c0793269f8d", 0x74, 0x1000, 0x0, 0x2, r2}, &(0x7f0000000cc0)={0x0, 0x0, 0x0, 0x3, 0x101, r1, &(0x7f0000000c80)="19c345f341fc1f8bb24429e4ede90cf83cc8434bdc0e", 0x16, 0x8, 0x0, 0x1}]) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_ZERO(0xffffffffffffffff, 0x0, 0x48f, &(0x7f0000000100)={0x73, @broadcast, 0x4e23, 0x0, 'wlc\x00', 0x4, 0x3ff, 0x80}, 0x2c) sendfile(r3, r9, 0x0, 0xffe3) sendmmsg$inet(r1, &(0x7f0000000740)=[{{&(0x7f0000000180)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000380)=[{&(0x7f0000000240)="7875ddebb5ee32e067d13dab078dca72bf4b", 0x12}, {&(0x7f0000000280)="322cca68db3bbf019a6444655643452161f9570f4f5ca9715809eebf716eb1815c62a83e7ec7ad20fecceb233d46ae2ece730ee4ebc8c4269357e2b80909313e4a1a4878cc34bd4ecde8622ec8e063a1e539eea33c041032f8d09b91bbd95fb538e925f713d1efe53b89a2b937128d9ca371b7e4bdbb2c04ac70143707a67f3804486237d742e6", 0x87}, {&(0x7f0000000340)="f33174b5d181247237a2dee4b0d07ea1942097f0b9dfd99f91b834755c9d18ed8ce21cc95d9cb021df14c18365b3cbb6738255da74307b17905109", 0x3b}], 0x3, &(0x7f0000000440)=[@ip_retopts={{0x20, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0x4e, 0x3, 0x5}, @generic={0x94, 0x7, "be57fed823"}, @ra={0x94, 0x4}]}}}, @ip_retopts={{0x44, 0x0, 0x7, {[@timestamp_addr={0x44, 0xc, 0x14, 0x1, 0xf, [{@remote, 0x7ff}]}, @generic={0x82, 0x8, "b8190fcbd0bc"}, @ssrr={0x89, 0xb, 0x4f, [@loopback, @loopback]}, @timestamp_addr={0x44, 0x14, 0xc3, 0x1, 0x0, [{@multicast2}, {@empty, 0xb27}]}]}}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x40}}], 0x80}}, {{&(0x7f00000003c0)={0x2, 0x4e23, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f00000004c0)="8194931400616dc374d44f96be8520e2d475dabf0e347b8f840e34dd3673c434ca5d1b9752730f35913173ae110f1cc1753ac2601fc1", 0x36}, {&(0x7f0000000500)="d165abf222483b8f5fbaf49c61611016514535a7bbe316a06da64273dde4691f5c58ebb7d7146fa1369fca7fd80488912786a62859d46e2c3b5dfbdf831033fa9fbfd309a9", 0x45}, {&(0x7f0000000580)="c0a424a6710f1bb2c8068ea0917ad852a521cc711cb9fab4d150cf97556549e5a0d79c720e0e1d8cfce7a3658f08136f80b15b1b88428031bb88e8ce7b13e44a68371bbd811b43b9d01ce061f9586f09cebb48f61ec54d3f821459f7475bf197e45d8b31d480e0ec8b65b9", 0x6b}, {&(0x7f0000000600)="4ec0f92ecd6b705493e7fed68dfc1d78c7a91b", 0x13}, {&(0x7f0000000640)="89bb29b4ce1178e3c7297e7f08c7c0df693ca982756fb4db24db6327f6d6d4161d84d838f5663ecbf6e533e64bba7e4091f2d6e3b22f3f9a354d6370a409356f03ac27d56b65bd8eab2b526dcdaad43d152e95ce641f2d98d584c37a4252e0301619e97a525528864892eecf566e89f0", 0x70}], 0x5}}], 0x2, 0x8004) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r9, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB="2c06"]) 04:50:58 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:50:58 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 20) [ 1099.126651] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1099.132850] FAULT_INJECTION: forcing a failure. [ 1099.132850] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.133909] CPU: 1 PID: 12992 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1099.134550] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1099.135273] Call Trace: [ 1099.135513] dump_stack+0x107/0x167 [ 1099.135843] should_fail.cold+0x5/0xa [ 1099.136183] ? p9_client_create+0xaf/0x11c0 [ 1099.136569] should_failslab+0x5/0x20 [ 1099.136915] kmem_cache_alloc_trace+0x55/0x320 [ 1099.137318] ? find_held_lock+0x2c/0x110 [ 1099.137682] p9_client_create+0xaf/0x11c0 [ 1099.138046] ? lock_downgrade+0x6d0/0x6d0 [ 1099.138436] ? p9_client_flush+0x430/0x430 [ 1099.138812] ? trace_hardirqs_on+0x5b/0x180 [ 1099.139199] ? lockdep_init_map_type+0x2c7/0x780 [ 1099.139622] ? __raw_spin_lock_init+0x36/0x110 [ 1099.140032] v9fs_session_init+0x1dd/0x1680 [ 1099.140434] ? lock_release+0x680/0x680 [ 1099.140824] ? kmem_cache_alloc_trace+0x151/0x320 [ 1099.141272] ? v9fs_show_options+0x690/0x690 [ 1099.141668] ? trace_hardirqs_on+0x5b/0x180 [ 1099.142050] ? kasan_unpoison_shadow+0x33/0x50 [ 1099.142463] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1099.142919] v9fs_mount+0x79/0x8f0 [ 1099.143234] ? v9fs_write_inode+0x60/0x60 [ 1099.143619] legacy_get_tree+0x105/0x220 [ 1099.143999] vfs_get_tree+0x8e/0x300 [ 1099.144350] path_mount+0x1429/0x2120 [ 1099.144704] ? strncpy_from_user+0x9e/0x470 [ 1099.145089] ? finish_automount+0xa90/0xa90 [ 1099.145468] ? getname_flags.part.0+0x1dd/0x4f0 [ 1099.145882] ? _copy_from_user+0xfb/0x1b0 [ 1099.146268] __x64_sys_mount+0x282/0x300 [ 1099.146652] ? copy_mnt_ns+0xa00/0xa00 [ 1099.147015] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1099.147496] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1099.147949] do_syscall_64+0x33/0x40 [ 1099.148282] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1099.148730] RIP: 0033:0x7f0b176ffb19 [ 1099.149083] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1099.150759] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1099.151456] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1099.152135] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1099.152769] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1099.153447] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1099.154092] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:58 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1099.227682] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:50:58 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 21) 04:50:58 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$packet(0x11, 0x2, 0x300) sendmmsg(r3, &(0x7f0000002380)=[{{&(0x7f0000000c40)=@caif=@dgm={0x25, 0x2}, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000cc0)="bf", 0x1}], 0x1}}, {{&(0x7f0000000fc0)=@ieee802154={0x24, @short}, 0x80, 0x0}}], 0x2, 0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000040)) r4 = socket$packet(0x11, 0x2, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) bind$packet(r4, &(0x7f0000000080)={0x11, 0x0, r6, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmmsg$inet(r3, &(0x7f0000003b80)=[{{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000100)="26e6f84ab794395e863a3e0356a1593003", 0x11}, {&(0x7f0000000180)="4056c54ec6b50b28", 0x8}], 0x2, &(0x7f0000000280)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x8}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x7f}}, @ip_ttl={{0x14, 0x0, 0x2, 0x4}}], 0x48}}, {{&(0x7f0000000300)={0x2, 0x4e22, @remote}, 0x10, &(0x7f0000001740)=[{&(0x7f0000000340)="bba527d0baee3dbe645e5786a126be784cb5cc157759dee7a2f5a9efa2ab244a2d5d0792556ff0294436d0c37beb73f12ae33b394af5ae7ca3ccc6f632c19d71c139d589c893d42c50422928636fd708126cd312cadef9837fbf767e2e006a99a192ccead4313a1c7c2b5d2db5f6ee2e357f69167bd7f298d5e7f55d5026b779c97c6ee9e42bed031f8cb345260251fa658b26e9ad64629f9ef111baa1c243796bcb04c35374858e3de1201c87d440d22f58a12d8b", 0xb5}, {&(0x7f0000000440)="2d3396490daa5566943ec28684f594ed08486d4ad4bbc45803089e709af94d31bab4499348d9ae5b21059b5a4d977f7accf9da40c5926036c20f854f38a781930b791013ddc1c39549cb31f9eb8ee7e6259f82ecc20c69a717820f5857ea5c1789ac695b6e5c2d5224929f116ee2167b27a36781dcc3e1732f2fe65b09092e11aee1d6ed45", 0x85}, {&(0x7f0000000500)="f481e7e0e2c85663742b60617d291b73b39e4a86b7a85e81be6476a6fc9bb46e03c382a3c3c92b7b65e3edc2e6efcf6de66a786be50bac852a355c9141298458c904e15ca7c7c11d789ad8c148f727c9e5dc", 0x52}, {&(0x7f0000000580)="af759481356cd233fb1a3fa80e75edfec4c03c0002854240afbf9a44f077017a5f726f9909857b661d64572963a78df4c582eab02c8f838b749f69bf3575ef69006950353fa969e39084fab9e5dcc84ce2755965c72bf846fb54b3ccb439b6a0d49cf2a9131cad2b54c5e57da01df952f4c7d1e1e1dd2cdd3f8fd5aa1bab14841b5addd1a540f3cbc9057bcdfe7b590feb24ba9dc4eb6db210b55d563bdba851c4a86542ddae8f60331f89fc67c548250e42ad8c8075066a02dd3d0fcb90aaf5e17039f09f177b2c37ded619da6e0574f466c3df16ea17ccba140023cfd8fafca2b0ce700fd3906d0b39fdcbeefdcedbd534f1bbfaf8d87db51aaf3c053d2b52554364e93f900b82e569e902ba65a23075dbc6d6aa5ed0420b042cab7b203fcbf8473ffb7780b342ab49602c10db4c32b57bef9bf6363a72554b9ad693792264e75d58d2a689e0aa42ee68e52e1e591b560389dce985d06c358bea85e0cf8a2dae81134a7781ccba8974c07ed0788c2a2662dad4c930a3816c26f43e1ecda98ce87af505782bead733a523136da13009180962263fef15ae8f2108836c6e15535d1dde6fe6583446606bd663f196293fd03f755e1c1d7421c069e29982b7fdefa6a14d269c9453c72e97270940c57b38dcc796d8728bda8896def6592832c6efd00cf07048715974fa0d3992c3e147dd121dd771d791af534f7f692cb14906d709e7e3d292e83d4808070e3024e620f4a8b9b79049a00d349d591c884d401d4b8ff6992b4d505b6cf67907f02e1ee309f673ad23e83967a2121830cba57cc057df3aa524f7887863f7ad159eb8ef21ea2604d6f2aa67d2d8d20bd345bfcbbf0991eb84be48bcb9cc867433f8fbcdcd4eeeea8215d0b9c17c7924b9b0f6d1f2ec9d96fce3594596c1e6c35058e6acc26f0fd32a2195fcb65f769d6559885c0b3073683fa2d0a8d3a53389dbee6034baf8c8b683a59adf9e309b14378b9ca837fddcc3e8887bc949c9e7a6e682b67c09f1b777832f04c8719257034242b554499793ba993b196657a38d11abf4d48242b2138aaab55cb5246a2a5863756e6b320b857760b42067f1e272d87cd0f1fa6e151ab6736348985240264617dac1cedb0164e2a957a7c5cc44137472f6f652b511b152d6b016651d1680f79cd6c9281b85b9c5e4bdf679a773dc0fe31fc87357958cd0f6a01cd0062d7da6e91adbe341772d8aee1582b5e9b842bb0e8dab62fb35e457c22e1d19fec4d0b320af193b99c5962de6f99683fc6dc6da51ca8b4203a8678c31f21a93b8eb0c809ae3d10910aacc67a5d0ab76a7f94ddf839377e2786233fc442827a11509301d0fbcbdea62697adc01fa26679928a55b93070429d25e60b697b2b81f4bb5f0dbe405506008f26bac7dfc5aef9fa5387b16afe4e55e62a0f6e0d82b2f15e6c596951862ead5a0cff1f9910d91fc85d500bb550c97aa034bfad67cd29589b24c5571ff87eeea15b668dd0ff79b6080d74d50579f3c07b7c9fbbb1ce3814d622309cd9b29bc41851da2c31f2270d91723b98960b710052ea39036bc4ea6ccf6f2453c9568cf4b617c70a288895a190f358cd70d00fbd7ea30e51a38b690ea87125e435bcec8ad8a2b7e830f7f7885f53dd7a34ecefd4490394451cf33fe260f85f7a6f6464c9ae2e20db0297b92f6af99211e52d3f2f337aea35950377d4f79052025425e37eb0a4db8bb8de4e16d9b7d64160a8a8b395053fcf2d1b4e8e4134c5e0c89d9f61570f55c99f1f74fe031794033cab113cf18c696ce12f8114e16429dd49f0cf015d1cadf99b181ffd5486fa185f64c1de39e5652979470acc198990d8c58fd439587c6338351461c5e705833d8287c91dfa18c3a97e2d7692eb7841a9005abe9d39a716237d5823a25db74cffda21e6c6e5510c7581fd546da0370862ef7cbea1b8ba5034556243f893fcf6f162d8fd7e56517f0d4eb21dc9a3f564c6698dcdcfc3ccdda3cc2fd82d5fdfc85553aad83da5fdd022e99749d8f05ecdaae6c77e982fe551e014848da71021f69166f6a9ee127b2d9aecdfa82c07455823cf936156920c19cb9dc052136913513aed0a5596ccf6110e7d8a6e3a53e4e9d132f462351d07e39f68855b055abee9e2898ccdc9f7dfc264fb484af3aedb1132305d3c2bd9c7f6b6679899f0a9cf6c5304c81845249ce0f08c152960806667f5d43e0af875d7a574dbdfc0ad466f42c159081d0a2f53d5ee63c7191d14e4c3c38288885834b4e0a36f2d1770e67339ac975eb0a4b7491523b62049720ea710ae7608df30c3e470a5865b0d1cbaf042bdc3a8f76ed66867c8017ecadf1d594416e9e1c79ec9bcef5ffcc87815d728ca6a306d4e393c53788f71f444be5f806ca207ff7ef08f802a02150094db5b2bf763a667c7d17268f8bdb50ee14d164485bff7f3fb5ff5e97556137281391f5002c903df50d009a05dcd46f6defa948f0796f7c9952e4984ee41f67512bd9e215f2ece12c8ab38b15cf092a877bc0dba295956fe466bf828bad50cb467b5ed30ed065f7f8c7f96c3fd9bc9ef6d8190fbd1b088f836c8ea001899deda2c032856a7c89e7cf1a00da5a6c2901a6e01e21c500b5ee8797409752d74fdd8b51c34b8e8007ea3c579d4ae11c1d2e04208e5104073ad56501db16542a04bc61d9df908bf700347e70916391de9ec912726a64bc9083d97e24fdb49a0acec6334a1d4a086c6aeb2ffc1b79d666d7d736b539e18c1dac4ff0a87d05286e5d7959692659c8046c3eec664419c05ac0f697e3512539ee6e06519808bd2ad4e2ff8f7754a1d35e898e56241b174e6c418214c352e74267c46c19f14acd75419fd2f242eda6cd46b41c0074b1c19a7d7e9404e031c5bcc45f63cbaf8808aa17185105f87de045b804ff0ec68e725b397b4a4d07efb4564bc99b0d62e7bb08f9b6c2c02c6a4f236cecade8f03cf0b0e96244d147fe80237eaccf0b20eb7e1451f57eb2fc8b0cbfee9982cb26143dbea28bd38dc63e745eb285dbacf9f31cb54896a6ce0ebc84163553bb5ab74aa9265ceb57536ae0460fe93ae1e405ce0cbbde9c9bd3e6d85e91d22005aa201a3b1280463f58059969864195f270b3476a830c58a94e441c6c7c569297593c1d0e5863d1621079549863af64fa32f8a58c2319c071c8629355511528fd7d3eff8f39aaebceac814de9e242fca50843c0e90d4e38c8047135df8de56e994fadb782566c60e41dd73bf470eec5ab0c096cb462bbce87e2ba93f03cf72bdbe0e3d6179485670666d65dc53c443743b50e2526c8bc71a45ddefdf0e1e688bea90dfded98dd6823b26a745ac892e98600cd888bd5d050b470aa2a14730f60d95abeac004e1d7b7cf973d72ea1555e7de88aa89fea0e6dd24fec9a4d45c4aa7ea2a66533f672e68c7ee81e7aa01fc4d728e9574c33c44a8d1785ef4ac298d109fbe4df2978e4e0427bf1089e5f46c0a89ceab86d12615ed2911b5027ea8e2bd14a0dfd2987a03b5dc9dc962173b62bf798355271395d20333bf009df9063e4e26bc45c366ac2e2d2e332c750e6d5efa7227bf2999907701f19cacb56554c2d2ca124bc964fe4256f7d3d52c2fc3a355e42cdb3e0f0b4e6ba4d443004f8dd2db11251222c0e23b2656b33e0ccdfaafe7c74e9a000ec7684f77eba773123c5d28e67d1257492093f8567b0c63f58a553a2b0f3db732e38b05a669f1042a17cafe9fab18f220853645595a270e7d8d2732b89e3c65617666f807577531ce6a6546c4476fd04d96659bbd93ea1f0990e5fb7e18a626e2cac34a7b9e93741e68dccadc864da083595081bd5150613c96f68dc2ae663f47a6d63933f07fec78cf8c88bcfb127760f9d35ec98d090aeda6f69d8cb3e2ab3711d470a6c8661ac56c77186afe3de79ce25b4739d1b3719c9ca45c8e739d01715065db6b9bb91582207da99c83db6041adf47c824b2345297eb3f9ddfe98f40a2a88e74b49aa9ce188fd18f9a5fdc0c44c216f633a1dd94b35cd75faab7dd4545ce947ac7fe8931e208a87bba7378daaad8453178cca35a73206bdbd128ba33c2cbd144f69c8f5425c63fa24f687531df8f1cce32a29380306728bbf26765f1ded6db460f2892adde03ae540f5ffb5adb7e6dd557d23d8f611ee90a7a6a9cc6c14a0ab69ad62f82d721cd09c5de77fb4c95cfe6112e4300d3cf14cc7a50f0afd8854979c6ff2979232948c39ad6e7b212f6ea5d071735a01dea76b116775112847d6f84d8331dd57385ee0c7f3172202558aac5f28a0002cc1b9f996f072f123d19b3cbf88d66fab29ad440acc76249fcf649d9a7c15af09fe2af778480aac86678b2d8e475da1ee0c2bc8aabdd1316e1de0557514abb1d8444876ac4edd1156964f552e73d816df8983f432307ee480728a177ad8f4f6f06d2afcaf6ad0d11e21bf75efb4422f9a7a14c0d008ebe0a17e83a4f81485f8c8e5a25816f024866e5c54a691262a68b5e5d183b0d14937415913b467aeff57157dd80233db060e7d16075ec90cf03615533ac51dba0de2fcf00d07166601587282bc37efca051a633fcf036852170e57d82b90f7e0973f8033cdade1b37e6024b9655d2a6612dfe1981775fd45a331c467257bb28147c2b78de3849c37923b6e4d23cd096e1a09ecc59ff63af2acce79098c867fe490f64a7463488e1fea02f691a76ff2710bbddb6608a88e0a689e6e9686e7e29abf7ba669c644aa87424b48e4a9b88c9d590853328e871deb2f712e5f6ca364da3669f3a1dd8936e1e564b383d60267cf41f044e65de5a333ee77176e16c7807acb227f129e31c102f97b9e4e73f2bf68fce61b2a55ceeea2b17781b60e9c0e14c0e8c29fcbc7e0bf0f75ae836bdc3f3ea5ad943a90c03450321d87aff583b96b68a0abf1691eeb8342a7781c10f7d7996d3a1faa144c60ef6b43a4e67ce13e672d231364fca22d819a2a14ca63eab76e4fb52cfdf83ea07aee4c506faeb6431a2bb097d8656ce3212ea943a307cd225c5da3d758294d21ff2fbfbd8b1db01ae0edcec349b3f1191f22a9fb6a46542b8eff9e7eaf1bffb880a78c358b2de11d50fc2cdd3a1bd919f1646a6d15f1984f67bbe7c37d5203d7dc64a97397c561ab93bf5b6dddeeedbfcdeb5c32e8490393d7cb5a4b9ede8d020d41808e50d7e0deedf3d1bfa983e851c8d2f86542659f0f9b27519a0a302c891ea4d777ca171eb0909a5af3fb8fdad38a6489bbca2caaeaeb26178f01f4ea4bb8d5ef0f22779e1cbe1336201e421b992947328ab29ca4fe8a4c86d25b7748c33da2dd119cdce0f0c38a0eb8934f1c60f6d82439573e93e162ed9b8f780b8dd857ea400ff65e14bc00a5810e30b25fddafc203ba3861d2914918a8d69f372e79e357340c8e682587303f4aa3d46f4fb33357a24279c2fd8a200b50fe924d1c53202d8a72270b3e44c2ce7fd24c5cfda336f0dc45aad848472030ddb4f4a0091ecd3328d18291a429972a6365a701ee4b7a17d2e6a764cedfc59dac110dd419d05c8c6455cf6ec8e834de15ceaee76c9cfc10482235b0ca61daabcf47b84201f2ca57418eec2a4829cf06cdbb505eeab3db59fdcc217293bc09a8ed9d7282adb5f2fb92e9286d8185114529c95c9b2bcc312d8962e524ef6d5eae581c7df3f54f87a06ea0a17a1d1fc9bccb99709d385bcca9312b958f9c59eda9a5391e523dcf226e69da37f34ca8a25bb03b4b3ffc4ce7cd98d36bc28d4361be39cbaef0e6b01fbd59a3bfbc1b4df9f9c49a3fae12b1bc8adf401d864fcee47a5ee", 0x1000}, {&(0x7f0000001580)="03f1e76fc88bf5af164b7432", 0xc}, {&(0x7f00000015c0)="46aaded4a3244d611b2ac8477eb7dca7afd688173513be4612b6272e0c8b62a51932a3d6686cbd95fc400773af1bb9ee433ed7b39d56e04678fbfcd8460e5d50eed3902f687de9c139a47e7c34cc4da9e9ffd447855d34026ce1b5df7890953815c035724b467808479afd5a6ca4b1d6426c71874cd9581931e376b6506cb7c60326ba15f3e7b222c0169506b90b8a7e99d391db1bbda3ac5f3cd61305e01905655be227005b1063089a8371b46d5d99d2646f0a", 0xb4}, {&(0x7f0000001680)="2b4303cf448ada0c8e935b823bc2a2406e2de27deb9dac220258ba522c6dcbb4b09ef4b6697de480dba9a100742480c3054baa58a70cc20118871405499ac6c2d0e770348f322e233d491c71742a053c7533c644252d296c1792cb2983d5a3892faddc34215761c202a58ad3a853d89adb6f2648b1bb757ed58db768171731533fed6f43fb1ded61aeea767351d7c4f2101e1afcb1e82f332f1521d668d78aed9da685d0657a59911d841c6ee20bdf0bb987de", 0xb3}], 0x7}}, {{&(0x7f00000017c0)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f00000018c0)=[{&(0x7f0000001800)="f90eefb5b64fa5072d3d5078614af96309ee805a4fdd9fb143637663a3f900476994965e3f19af537de6920781643a2491005640ef1db4e6a58bf04d69724b440f1a0ee60427dd66049d5e1d6202366af38b3c69542919867ef7d0873275d4bf1bcd2ac29b1e02a673de9ceb45c4c02fa11b075e2e9765d747452561a3ccd49d44df995b531fbc95864bcee3c41447193b435711ce84713fbdeb0028e1dd6bdc604802100c5fb204e4f717be1150d06da786a8428fd45b904fc5", 0xba}], 0x1, &(0x7f0000001900)=[@ip_tos_int={{0x14, 0x0, 0x1, 0x2}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x4}}, @ip_ttl={{0x14, 0x0, 0x2, 0x6}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x6}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @empty}}}], 0x80}}, {{&(0x7f0000001980)={0x2, 0x4e22, @broadcast}, 0x10, &(0x7f0000002ec0)=[{&(0x7f00000019c0)="0141f40c34a3f5c9261d6fae0df14e1d6df4c86ed8fbd5bdf96bd35254bcbf4bb5580e91adab4596fcc8a10306835fd5b139ccf33956fe441117432fc09842b14de3ff1cb019f393418691095d5f239cba7afa5a044c", 0x56}, {&(0x7f0000001a40)="654fe4fff794fe3fb5b7b69667e83f1e59c1dcbaeecad528065d24087f231c77e92f1b85b0db11b00fa750f7e9e866487e3f7c87e47c054a291b12c91b626f92a0005bb9f992be3d9e390c4e21a90f7e63bf64cad6a8ef53a7a39c7606f9523cb153bda889ac4ae436262e8cb5cdc4bcfda6ba4e75fc3eedfa726e1baa2806941f05e8f6d1a7fc76f87405f11adccfe9f129706ce9180ea7b98b225089e857d7ed696b90bc59095f76450278cb1d165599e5fb9024b0de58a6cbc8b5887c8fa59544b75fc867cdf3faab3086f02d28fce7db174e71aa21f99fce81e3847038a61be29eb4efb39205c75aa25b10e1ebe1b79c14943af1d4", 0xf7}, {&(0x7f0000001b40)}, {&(0x7f0000001b80)="f9ff4cc86576cd1826fe32857c8dc203b10c4b42465d8891bda8cefaafc5a64c1e37e52587fe2d324f15ce8c0f4ba562ce01bb282d9392e854d512f8783ce7552902169bfb260f8e66e13f6fba1c680a0b802479458b4b0763040a82ad531b3526d1ede5675dc2e839ab26bd9b2fd8df5a226bc3304b8d30bc211fa351f4594f50ecc76371845739bac0ff1d9b8d757ad9c06c6c674b0e587573d0143d549f4d6efb8b7e77753f4fad2c55c1f5ce7962576dc817aa546bb89e37743b", 0xbc}, {&(0x7f0000001c40)="88d87dc859", 0x5}, {&(0x7f0000001e00)="4f3601afc64d5170f81750eb35e4099c5a26d72cf3a22c46920936e138c4910038db1a90aa7c2d64fee72adbcc8672ce5136980bdfbc501de836cef4a9266863b191f215c3de3412f4861f1cbc7672681c3694f2fbf4558997c0ab781e949a1948dc7200dd8c5c71ebe21bff87298e828c08004e9b7f48a2a3a6df18ff57ee2bd59aa1b811152955dae86a89a7a55885332b205c3acabe6905c202e6745d4582df05a3b9c13843ba0374442baec1224b8dbd62b183e2a3aefcfbd20b9bdfb5fb68426c30c7f449dd42b5986a06e0f969d33f05e91a2f65a9d7ea6b606cc72044a016b31109218c75495ced5e4be3414be83f00d4f85d6cd472b4941f1cd453de1703826d9b6a6343d24d957b6e14cc530f8d23fb213469fc99ffac70f11edbdb43569dd0a1f994462261f2270aa9307a184782d41bccccb64d56be184438172e275a960e51e2341c3afe8b67daa4b78d1490e999e08b94bd8e842bb56073d63acfe9298e9e2b7a45b6c0bd925335e30cc46ad512cf5e6fe0e2248837e225dd7d361e0ec7a93eda59848f8897b413ec291da96972b88013e54ed93533ee1e7271ac315da6d9c88cc21a110e452cd1e6d64087d49d6987de8fd83b596ab3adef559aa38beec1cf88067cfeb7fa392e719e4f3e5465a803db9e0745cc34652df087cfb57e75a436976fb4580ee5a5f81227a8a52035be5d3cc19c1a49d2c6a9a62a859365be6f27364c2f951f584f6762849a392326bf8fc4b294be15f8edf36b050ecf8c4097aea9e4d55a6b18d73c2c3351b627b20df598e1b51ded719e80e88028459d43c9e9462e0eba1fd6c299a3d0cd5fcfd2e5dfe7bcf4b7c6e5e5b8b706c31540afe732fc8cd4df6f61996a103061a7161d31ca720c4feda2f657e4361be7defa808efcc36ec70cff55bd55f42fb4ce2aed84fa5bc390528432bd1d779eba10be2d51ed92086b6ef6f1aa61878ea74024589a2f512483c58a2ddac6eb2eb3b388b129c5f8ca72f33be19342307b5e9bf1266d09712cad5c16b651275a4638f1f7667ad259b68771ce73dabeb223b2ef11b83f639f9d32b73e8243eb7bf12d4b5fe26e02174035e146f894e9f434e7e745e9a013d5334801a1bb370563cbc6066aeb1a086d06682d291bd8e65c3f4413b9a76ffc5881ce41bad8dff881cd4a04c830d3996be13ea27c3855e0ccd0bf281996a135beb9e3a3da3bab1677bbd34fcc6b3c4822ba0a893235f9b20bc794e61161e4512e968c804f608074455387ff78b716c511946d4114ac9f875f4e636ab2154d5bb311c48624438ed4841b8a4bdd7bd0b81695c11cba5fd675aa8b2ea4aa9fb9e5aa208c97235765809c5678d1cec284147508e54158dd63bdd3af9988c6581099a5daeefb2a1e0771bf669a6c639b654863f6bb35f3cbca3e5078efa264b0e68eb7a890bda5bd924c2f5e541095eb80cc26baaf40fc6a5329c1bb7902e8c8694d92f07c8f4bfaa5833e8fd772d606b828195231fffbdaeaa9a3b3091b6c12eff6a7744c34618e49c86d2bf4c3895ede076b0cd9dc2660d1f22029736b3a878e105b08fc877543e1fb0a516425e689bed882ed4e03fb29a30d9a11f5f7758cfb01fbb7791f821f2965b719962126a8108d3604f0f799269dada8970aaeb186adafa7c6b25ab3b32c8807879300ad7cff938ac1cce35de7dc31a4517b5a1dc25bb7740b4d8801a0178e7c6da16e5391d2b6727ffffcf9bdc175b1fefe8eef008df721c4f68737afc299d9ba8d93095555d4076de7ee50e873fba07435c45ae795c00bf3494067b1e941dc0b88aecfb59d7896231686ae4f1e19dbd79f7869301ad2f0a97f396dd7313e58746f02b4128d621704e4b771df3cd5ff9d2ac89943102a55c6ae48b54d0244efdca40082e7e548ac2fe61aa83c4cfbec201b067cc8c17ea49dc4175e694b4ce34d74d24da889a55091e94380092cd62ff239a90e879d940bcaeef0be322e06d861185fe29094680863e4a23b5b0586a4fc2d50c995a5680f0445abd0791e1e7af29bd2df851f1991e5682f930894f858c7b0ad964eb2bd4d6d64a61e08fe54ed78a047c55a0b7d717f9580bdfb5223561054b2d038e3004cff004e5d793207c839fd764606c69e8b8f050a33d63721e73c2440a956b008e5cbf40c31debdf7172bbf13402a9fac56cd0f049f3e2694cc0baf324e889b489923ba3ade13d0bb7053a96d3bee458fdbd5ead816d09504edf1fd355ac4ab333d06ff0fd57850fc3c99098d63ff8c732010fca2137f8c53bcdf7e08b069759cf03cec8bd73b887c5a4030b1f2fc94e83853dec082b2930d085c505c9bb7f51c96cc21353d258d6b6506650fb0c7b0b6e63cc9eacba8dbd2b9e27d8472d2863bdd54984630842473b199c0b6aea79c1075e9e16c0ca16b3e47ee5dd5596e957b218e6dde7275039f4abded9737542634ab9c7060cfc2169965e27016d3c05b0635ea9e18a0e7600a3dec327a5be1c519053df79975fa26da9ed3e8affcf4b56d653ee9b8be605e3ea97b3dd2bda9ea3acab2ae51f40e1062489285ddd59ce214b8a35510a4b6cda2016e7a03c4203e0ec8991fb4f7a08881b96ee1986ec8e56653d15c2287d8696ebf7b85068aaf98b2a125f450f74873f170725e6374f9bf98676a516453fdc1685e458d4ebe4ee10cbf07c39adaf6546453f9b99ae20ccf8591b78c4b98b4f0eb82775f046e291a0d207b84921479fb8c088fcffe52c0f1057d95847f38cdedcbae5ee2ff6c571a336ac46e40827d801093cda03c7e702541ae390140d557ee4e8cbbc1ab7ee313e60c0bd1ede79f4b33918367fc1ed4e832fe998c2f92fec9effb7e4153a668296369198cda73a56d05076a3dfb100049d51e4ae8c7129318a1cd3aa5c8341c0d4753cd6e7dc05359b7065928d3216f6737a82e58cd5af262fedbe9da4b37e01a53934d24130cf7da23b356204a3ba8218b0dc8e77c2d29a751bbb6e4289e346771f659dc90f9befa51abe4bc2e5c3bb87e7e9531262fb5408a1c30859f8e14a51565766ef0a37a918e740d78dcd659967b2f7a42a1aeabb1c5b7fc67f588279caa5b7c90a31c2db9dedd7fadb9c81a5d5814208a590a65753825121c33fddf3412167a3798ffc420aaaa2d669368e1f30b70574f467b0bf9da50c47e923813585d948dfa83f26965f7abdc185c6373ffaab32d400f13740ab03af69217c3cf8bcf6fc88457d76ed083d17803b4252ca407b7025fbd5e98191e9fc721eba2ad11bfbeffb6f5697dd2608f2b0fff36ca972fd5c0ace0f2c4f2a375f3f15f2848a412d3188f2890708cc8e14bffad0c92e74f3e3266c4fa6c021710e5d07c2b01c126c804615c7654044625a366e11c54a1ccafe0129af157fda3cce8b779d8477682302ce726354017891da20d5b3b70285db9ba8713a7701c93fcee103dfc15685f144f2e3942372c6b339994d5bd6d8ef07cb79e177b869c795a6286386961ccff7d097182a27e56e6aa8475912cbd779b7d67de8a95c02d7ef0387b24e14aeeb31333f12a3dd06f4cd40a5e619f0899ea1520d89338e354e76f0ae187867d81202537bf54890e01134009f5e5d7b5d40864f347bd25c53a7fe1b4776f0b405f0fcb2643e23adea8acec3f03a05cc7eec0f9bf408c4c58cc5f1b50d68de24ab0a33aa7ad93803ef78427dcef1034117aa3ac5f472127595f8746229fa51636f55168cb0cd96a677209824de0e17c75d6df71b1cc74f08ff6d180ca6b9bfd2a9bf59a1e5dd3ed4b0f03fdf5bcd8e93f7e1eb189fa4119983ef372f7ed453c55c4bcabddcd930b8194cfe91d394ce51da07527fccb5c63e989e72218c2330a25de8449584897d676d7475d1791e37322e04a94af30a037e3097317302304a5d2d3dc11eb578104264ea18c6814517e78c51e2e55d5a0d5ef9527493cffe6883bb3f467a5c3f5c0f1c231671cc4a9a1e3d59541b091cabafe4627255d3df3c40bc7eb829b8c4681456fe5ac4847df51fe4bcf661b6dbeed34b9f9716bd23cb3b525834df34333f6b24f773c34ad3901e2f464d07bb6c0088bee317ab9f3b2dfbfe0e96b30b71f90f7dc30ff49d7c4d2ba3dad53c8896a71838611d0a339838f8d3595df27a635f1c3ef85fd90caa265945a70b546ff5098e0ee84f7ef55e5218e51513740b18ab1a5601f3e71a5f9d723a403ee11a2c8000d98a5b5ba99654da643697a895942b1672fae8b88f9de87abf18e645cf339efd41aa4301591692ae9a510777bd565e04f6c2615258c5e74cd2f8d9799fffef221b94b909da61167e6d7da6d5c8e17d7025ac9c1de12bd53162b2fab05bd3f7b5c6a1d94ed542e0b6de2529eb232344810e5f1ab9bee69b13ba6445261262107afc45f1e276d282a3fb25e035846aa8f5c818e03cfcc71444c9f3ba326867b174a99be821dbb34b783031a9b90d03fcf099e2f3b709ecb67b4c745ddb3eedde4ca77bee477b9e20431c909d396aac4491a307251d343954b7e4d2e541fb4f38ebe220bd6d31eadec1638951863da7f8e90641660e6ff89f69b32feb17f62d8e4112da742de17bb2fcd750dcefaeb0c2f73171bf2959b15da2386b41a46fd49d2a739b079f724f70923a18cacc22fe184ffd81799edee7ba9a807579972bdeefd1f42de1d026ac8b43989db6b652d0a8087f1a268c9e98b2e075cfed639b9f20160ea7ce283111ce2329b7588f49d94b652a4c83525d0c750ebb87702ce536a175184fc22ce9f943c8418b830aae22b48555151c83379eba1f05de0b3d9f81b9a2584caca03b554acf84106e1671b476dd97c00da46c65d188d1844ca2d5a8a3e1630c38c786463d62f9f4ae069f9702254b023062c570ae150012f24405598f80313a1dd2310f74a70019b229853aaa5dd355e3f840d208fe17a0910ce24e20a7dc1dfcf5499df48d7859d2e699ef3d0c1412cf119a2e9756d7ac8d557655d8fb585e7be2c192ba310b866dcc17cef0dc22d364043998a8c639456d2ab12c8c17384cf07eed20f0afafa3e984bfd6e945e3e8150c3fc42ec583c78ec0d2d2d18192ca65c022e36327270d6872f7b6a5a310f7505dc6299c8d4c000d17b2e8d68d0f6d5ddc68ffab1f5fb2ff3d73433b984779a22ae2d14626b11b0512fa8d54c02a1e1ee6e44e0d278cacb3d42f1cf1ef5ef45a8dcc0096bd728ed0c9fa796a4d7f710ed2f74d2cafbdfb7f7fc61a39b2407dc5e7ae2159f7d74f2ab078b001fe7b4ce4b7355814993ae05876bebe5f579911770aa945443eaaca5c1a9146af53f9bb77bfbb8c5a392fb1699e00ef4eca8acfd4f6e1f0193101c62511d4683be477f26a3aafba71b3f764d5f801caf77bf27d6bb01c164a9f13e0d8591b40aad2fcd030a5ff085a0c4f9acbaac2aa0582589e5b60777c9aa3cf8acbdfa23e17fc106805f677e2c0f62650b73d8195ca12f341e3cf818095ab9278b1c85794e1293e1886c29d36bbc69606cc2015cb38c40e88fc2cb4138a3b94c95a1b0c63252fc63959d8d77e14dec467c157e3a295c3ea50aabd8fa73e82e77a004f635f2300871d1c8baf8a33b074cb0e1aa335de9489f2c36bef6c5bd8372e2864a6779f41f2129aafe0f1e99b736a49c8e32d45670397c01c45ef671a77462de8086850b79445b1a26fe414d84f18d0dddf08144723f76fe4258d052bbd7c643f46a4d0a1d6c3876b3d1f631335bfdcc4a8d69d86e6b8552fab4ddf71d6e9b8eb51814b28b6005facbf80cd4aa8c60a6d93c5ae7e38e0d88187f80671bcd097adf8f351e1a04593950", 0x1000}, {&(0x7f0000001c80)="30da27155ceef4a2c1eef79a0250f499892a3b63d935a8122617f24b5523bb19131f044c987486103fca22cc06b360cf50c03318d4c91e271010ef7e95da4b339df7e4e09e1f5a90917eb45999cf643a8a64338a43ac534288e4020cda0f2de65804ffd07f618f233f7e77ae2a54c077fc071e2c0f379c2edf1d7cf3c5b8a8bbb9b366b9ba7e21fe6cb943d8d813718aab6888d445647fd6f85227eb45a5316f3b", 0xa1}, {&(0x7f0000002e00)="cf4fa57bfabeec38db306a197571fe2cb47395583b822da5731523cb3273cec3a597067112f9cbb359c87174a5250604584bac518c3cb6f8a77cfe70a622f6067a9a0d8e44a2d1af8e203cf7804f4e09ba433299839b0a0841dd2213633267ea89d37bdecb1753c858527ad0bd922b455ce0ac3c21e891a195a96c340fd78abb7f88ad6739fcd2f30db9ccad5821a59600a322b6dd43d481bc8b5424c8fd7ae042752143b1", 0xa5}], 0x8, &(0x7f0000002f40)=[@ip_retopts={{0xd8, 0x0, 0x7, {[@timestamp={0x44, 0x24, 0xcd, 0x0, 0xd, [0x4, 0x32, 0x1, 0x6, 0x6, 0x4, 0x1, 0x5]}, @rr={0x7, 0x17, 0x90, [@remote, @multicast2, @local, @local, @dev={0xac, 0x14, 0x14, 0x20}]}, @timestamp_prespec={0x44, 0x14, 0x28, 0x3, 0x5, [{@rand_addr=0x64010102}, {@private=0xa010102, 0xfff}]}, @timestamp_prespec={0x44, 0x14, 0x60, 0x3, 0x9, [{@multicast1, 0x7}, {@multicast2, 0xfff}]}, @ssrr={0x89, 0x1f, 0x4b, [@loopback, @private=0xa010101, @empty, @multicast1, @loopback, @private=0xa010101, @loopback]}, @noop, @timestamp={0x44, 0x14, 0x7e, 0x0, 0x4, [0x0, 0x80, 0x5, 0x6]}, @generic={0x83, 0x11, "d2c5b81aa7a73b8c5673a189a3ab66"}, @cipso={0x86, 0x11, 0x2, [{0x2, 0xb, "3ab9c77ed25a8a0545"}]}, @ssrr={0x89, 0xf, 0x8d, [@multicast1, @loopback, @private=0xa010100]}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x25fbe3c}}, @ip_retopts={{0x28, 0x0, 0x7, {[@timestamp_addr={0x44, 0x14, 0xc1, 0x1, 0xe, [{@remote, 0x9ca}, {@rand_addr=0x64010102, 0xab}]}, @noop, @end, @end]}}}, @ip_retopts={{0x4c, 0x0, 0x7, {[@generic={0x44, 0x2}, @noop, @timestamp_prespec={0x44, 0x34, 0x20, 0x3, 0x6, [{@dev={0xac, 0x14, 0x14, 0xa}, 0x5}, {@empty, 0x8}, {@loopback, 0xfffffd08}, {@loopback, 0x7ff}, {@empty, 0x23ac}, {@multicast1, 0xecaf}]}, @generic={0x86, 0x4, "b496"}]}}}, @ip_tos_int={{0x14, 0x0, 0x1, 0x3}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7ff}}, @ip_retopts={{0x20, 0x0, 0x7, {[@generic={0x82, 0x9, "8321890d291896"}, @ra={0x94, 0x4, 0x1}]}}}], 0x1b8}}, {{&(0x7f0000001d40)={0x2, 0x4e24, @broadcast}, 0x10, &(0x7f0000003140)=[{&(0x7f0000003100)="079e0d6184dd6250b8ed1bf35b49f09216b7e7cf0bc229d332c0b7c17e1644565e9fe30954e3", 0x26}], 0x1, &(0x7f0000003180)=[@ip_ttl={{0x14, 0x0, 0x2, 0x8}}, @ip_ttl={{0x14, 0x0, 0x2, 0x7}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x38}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @private=0xa010102, @empty}}}, @ip_retopts={{0x10}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x1}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x3f}}], 0xa8}}, {{0x0, 0x0, &(0x7f0000003380)=[{&(0x7f0000003240)="8ad8006e407b967839eeb3ec716c5cff30eb8d569eaca8305d1c87bcf6c1a9517da8062e5f65ecc3130aea9bcbb4fce3d5a8095e430ecc3574d6f714747a3133b57e", 0x42}, {&(0x7f00000032c0)="9910556201e526f0c37832bc78fbacca856bf7c47d8bec881804fc470c1cced143a3db26a5d857abdcbc907d00a5fbdbaebc4ea167697efb35a763363e91d3360f3a2e75ba747e9c6eb2db3cafe8f4068e3e879347e1686ccb660916958b4f0886909a24fc6d8c2ce0f33a46342b1b764ad1173a7f80dc2c36e07a5f32346d7395", 0x81}], 0x2, &(0x7f00000033c0)=[@ip_ttl={{0x14, 0x0, 0x2, 0xff}}, @ip_tos_u8={{0x11}}], 0x30}}, {{&(0x7f0000003400)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x32}}, 0x10, &(0x7f0000003a80)=[{&(0x7f0000003440)="9c551efa003a8018b611d90b84a162e1a36dd6ed05b279a7036b80aa94ddeb852986b52b61a319a6ba6a0c74267c2b680a4819bf62c70f652a7b8b", 0x3b}, {&(0x7f0000003480)="a7c2aeaa8e7018f900d7bf5c3ba74632a5faccd999d55d6bb2a2219a2e973802a2205b9e0014e76a6f7a4a51a114767f8ee33a9613baf502bffa3f66c9a23078141d0959ddac6e07da52e18c82107ac65d9952df11aefaffe90ca2f3291ec90694562647162b2a53d7e8d0ee91250316fcab47c1efdb954ddbb48548f07a070ecce67c61fc0cfd05d35aea719665386900875e987f39c185c044fe6863567860b340b2beae6140c5a0939dc1aee6fe0d524218fb808f21125efe7ed7715c1faeb4f72fbbb73f0f1de25835534d", 0xcd}, {&(0x7f0000003580)="d5a548fed9fb5c51f36d33aa6c22fb16b71ac973799916d9e4395ec5ea97efeb3b8b6932da98730d3dcb87944c2ff401161aeec8702bcf2950d3e7ec8080f5c31c9bce78ccdec7ba53bcd9ed4792069ace798235312093a5f94b5d131464db829ed262e577008327e506f3833f5501e7ebeae26b82a01194ae672b9d82515f2639bd6e8701e4dace6cc715f4976dab467a5a7d27871a0c3d0eb54116c920323e80c589dcc690c0abece73e32ef774cf3da74de043aeb8760d247ac49c57c669026d1e2c46e18dacf48773510166fbce4", 0xd0}, {&(0x7f0000003680)="dc9925359c347c929fcfccd573965ba3e9fc403476d4da", 0x17}, {&(0x7f00000036c0)="23649b7b041d54aa698427a19c85111e53c48b791a014551428e17a472f3594fbbdd39b0c8e08e320517d39bc4846d2aedfe284c989528a5ad078a6fad30422987373c801582eb29d461c3ba4d0a6813b5241398a9b844f45b25ed4d0591a436294efcfeb8f0ed73cc1847d209ceb2f9cc33697c71e6592336d20c", 0x7b}, {&(0x7f0000003740)="ddbea841c707c7581711d9a49dcda071fff866d12c4ff533fc2be56820f9d9e3b785a51e06e8e767fcf819dddba52c23519cde9f5141463316fce585bfdf2f506fae0122d55edc648af0adfa2f263739e04765f6dad7150bf1be30ed465b12ad75ecf6f57aae2f2ac070dd1fb5212904b8209135197d989d288a93241ea8d670bcbe99d269cabca2ba1427930c5fa5c953387f396046c3c50d2f40b65fdc26e4768b26619072f67cfd514f4761728ee38abe8824dec10f", 0xb7}, {&(0x7f0000003800)="f38ad8189a2de7c4a24db168ff564489e572a71d0c6edf282894897e9810037a4ae7c0c138257cc43363d80bc8656f83037807458259def644f923a247b7cae9d01e0cb406b43bd4f5e3eb8345e45ff2390fb745acc2a274ad947c5270f932b085e6e1685534be2fec67e8473dbda427fa0eb9f4e0c564377a683aa1b76034dabfd430987e196be3a2786ecac37c6436908b7f0b3d4364d38983c1a7c1c1db8a73d4e03619ba7835484de1c5b9808d91cfc49cae87b030c64b1c2e381cb72ba54bab8c7c371e9b25", 0xc8}, {&(0x7f0000003900)="73fbbf254397d132d4eaed39ddf1d7532e5498694ad4d280f49dd7b8ca847313d525c7fff8b7a189a78870aaf3f2b7876255baea162c1e90d9a89ef9f97b6c6a9cd8ebf985fe90be55ab3afdb49916e30c0ce85384be5b4682de1eea028dc4108e9becba6cfe72885d474a43cf88bfddf20d0db6b2121b1d7a39dca99ad37daaeb82d5e9cf01a3b9d03974de29d31d2f83196d890df9c37e6476efec29ace91491d55b23071249a12f73bd4874530000", 0xb0}, {&(0x7f00000039c0)="b2ff4de75cbe8584fc8d867767f392a5d301f306a73a66301237170cf4dfb11d9f9b099cd87cc21b010d14518b89ffd8d3b42f10a280a819b3df06759cd6f8b6ac73faf0bd75913f35d5e45205169f18af45822750b8a088ba7ac51d18f6a711bc0ac956b06125599b3b00c6362f93de88164504f9b72d7d1f1ec05f4a29e0168630", 0x82}], 0x9, &(0x7f0000003b40)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r6, @empty, @remote}}}], 0x20}}], 0x7, 0x20040004) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) sendto$inet(0xffffffffffffffff, &(0x7f0000003d40)="88f1aa99cddaaaa48c558e92967b0632123f419d012301d510da6cefa2b7a4fbd97afed997a8701fbd528d9243a8385726bed78cd2fa6a1bc5a9e0bc10dc21003b6e00c3b8c100a7", 0x48, 0x8000, 0x0, 0x0) 04:50:58 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:50:58 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1099.312786] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1099.332816] FAULT_INJECTION: forcing a failure. [ 1099.332816] name failslab, interval 1, probability 0, space 0, times 0 [ 1099.334592] CPU: 0 PID: 13006 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1099.335641] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1099.336894] Call Trace: [ 1099.337307] dump_stack+0x107/0x167 [ 1099.337869] should_fail.cold+0x5/0xa [ 1099.338475] ? create_object.isra.0+0x3a/0xa20 [ 1099.339181] should_failslab+0x5/0x20 04:50:58 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1099.339767] kmem_cache_alloc+0x5b/0x310 [ 1099.340521] ? kernel_text_address+0xf2/0x120 [ 1099.341215] create_object.isra.0+0x3a/0xa20 [ 1099.342028] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1099.342791] kmem_cache_alloc_trace+0x151/0x320 [ 1099.343649] ? find_held_lock+0x2c/0x110 [ 1099.344256] p9_client_create+0xaf/0x11c0 [ 1099.345018] ? lock_downgrade+0x6d0/0x6d0 [ 1099.345696] ? p9_client_flush+0x430/0x430 [ 1099.346489] ? trace_hardirqs_on+0x5b/0x180 [ 1099.347281] ? lockdep_init_map_type+0x2c7/0x780 [ 1099.348169] ? __raw_spin_lock_init+0x36/0x110 [ 1099.349029] v9fs_session_init+0x1dd/0x1680 [ 1099.349823] ? lock_release+0x680/0x680 [ 1099.350489] ? kmem_cache_alloc_trace+0x151/0x320 [ 1099.351366] ? v9fs_show_options+0x690/0x690 [ 1099.352197] ? trace_hardirqs_on+0x5b/0x180 [ 1099.352991] ? kasan_unpoison_shadow+0x33/0x50 [ 1099.353795] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1099.354546] v9fs_mount+0x79/0x8f0 [ 1099.355097] ? v9fs_write_inode+0x60/0x60 [ 1099.355724] legacy_get_tree+0x105/0x220 [ 1099.356343] vfs_get_tree+0x8e/0x300 [ 1099.356909] path_mount+0x1429/0x2120 [ 1099.357491] ? strncpy_from_user+0x9e/0x470 [ 1099.358158] ? finish_automount+0xa90/0xa90 [ 1099.358821] ? getname_flags.part.0+0x1dd/0x4f0 [ 1099.359520] ? _copy_from_user+0xfb/0x1b0 [ 1099.360161] __x64_sys_mount+0x282/0x300 [ 1099.360781] ? copy_mnt_ns+0xa00/0xa00 [ 1099.361373] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1099.362182] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1099.363060] do_syscall_64+0x33/0x40 [ 1099.363692] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1099.364455] RIP: 0033:0x7f0b176ffb19 [ 1099.365023] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1099.367808] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1099.368983] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1099.370080] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1099.371196] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1099.372308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1099.373424] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:50:58 executing program 2: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000005c0), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000033c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NOTIFY_RADAR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}}, 0x1c}}, 0x0) sendmsg$NL80211_CMD_SET_BEACON(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000800)={&(0x7f0000000600)={0x1fc, r0, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x1a}}}}, [@NL80211_ATTR_IE_ASSOC_RESP={0x1d1, 0x80, [@ht={0x2d, 0x1a, {0x0, 0x1, 0x0, 0x0, {0x0, 0x4, 0x0, 0x2, 0x0, 0x0, 0x1, 0x3}, 0x309, 0x7}}, @rann={0x7e, 0x15, {{0x1, 0x8}, 0x9, 0x20, @broadcast, 0x4, 0x800, 0x16000000}}, @tim={0x5, 0xdc, {0x3, 0xef, 0x40, "18696cd58b80c429f9b33e737ffb727ad645aac2275ee26892a9a9c5bf02e7091d1c61b9ba327ea5bbedffca64f1b54ad24c3e4bbd44751cabd26b8a9e222acac43340b67595a6491e215bbe11dec36d0e2d5e16b70ad6d2f5fec35bfe725f8a2d5c916443ab6e725f0305ed735c909a7d0e00d3e721e625fccdfe5cdca090c33dfa863657df89c7d9a9799ec61f9739a7e81dbdfce054e269ef0efed779238c6b200a35b3982172a62d13c016b06e9351f8423f05303bb279fe6da639cbd28f8d848fb253026c521f54513cf2e46f7bd0e58ae45b61ea5847"}}, @ht={0x2d, 0x1a, {0x800, 0x1, 0x6, 0x0, {0x100000000, 0x0, 0x0, 0x78, 0x0, 0x1, 0x1, 0x3}, 0x400, 0x7}}, @gcr_ga={0xbd, 0x6, @device_b}, @fast_bss_trans={0x37, 0x8d, {0xff, 0x4, "54045af8caff0d71905da632411319d1", "739c008b666919986e7f0e7a9cdcbd1b090e81da8a6ba7e869dc82188d4183a8", "625c2d414339ce8753305d238dd8b47092d0386fc67a4025198b438e90a68ea1", [{0x2, 0x4, "d5911af8"}, {0x1, 0x1f, "91fac2db3b6c759660aa2391f5b6f483304b257f4471f94f5047b1cc401254"}, {0x3, 0x6, "4934462dfa85"}, {0x1, 0xa, "39a80e9e553d4d54e510"}]}}, @supported_rates={0x1, 0x7, [{0x2b7595549838ec6, 0x1}, {0x48}, {0x2, 0x1}, {0x9}, {0xb, 0x1}, {0x4}, {0xc, 0x1}]}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x4000}, 0x811) r4 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r4, &(0x7f0000000540)=[{&(0x7f0000000240)="65ac2d2f3a7df1341c2815a9c2e1f4b1d72b811cc09282026c557cc5b9f450b25893bcc82afffd2610fe9a87e6e97653139ea9940fc6429f7864dcce460b3431969e38097c2839e13e529ff3e9e77a8d900c807edb4aa223c90af288546f5d83b4572a5fd051ab3743117f28368d37f75758f207c915d9c1f0bbfd484087eac8e54cd08e2413db6f1cd52f1e1a9f7ae3337e61b57be75c993f9dd13e69a76eb7227ecc5aaec13645209ec81e5e7770eb337dd6de66e251174ec355f7f8ee8a22c3e94a3177", 0xc5}, {&(0x7f0000000340)="de0e7f9620a534b637233df65a84f7203a899a084b4c31f604b68f97b07f643e53d8e935fcf5a70b41b1b531d7512f74be0dfa2c0d58426479fe718ad8e7d0a491d4c0b2f6c11208e5864db2f5637adc09ad01ff4ce2c3536d5895", 0x5b}, {&(0x7f0000000100)="0b090c436bbbd7ff3fe65049c18d39c0887b3e14136b2e12c78f341137110afa2dcd33a4a0b32c40be", 0x29}, {&(0x7f0000000180)="854f8fb5e019f1defef93b29e9e209c034dada70d9267e107890309a62dee11fb4779a", 0x23}, {&(0x7f0000000440)="81a664afd69cc9197a48d8ff52ea5a8c9d0ed8005c2daea3d25c94afa6d4d65e42cbf3bcca31ed277583281669eb23cf791fda226e519fd4ef6b0f8b5916b83c5a36abcacc129c115a2484e1b203e9b9aa18d722651f1c8d712e1b2548a072a72af03e0432a94c9accf2213a2fae9eba3b52c01ee8129cfb716463d9b705e5ef9ff68b677e958aef94325c4fffb1fbd400149b8dc3895f7476b8400f8cfbe8a5b46b40b054ae660de15f8427499ed49a995c3a9443f51b1b792c302236ae9327cfb52328cbb4213f21be498446fac03075c867454ced7e98a750834f30666d26cb0a1b07699306231b3652c0cd81eafd410787c1da30dac10d8addf46c5c", 0xfe}], 0x5) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r5}}) 04:50:58 executing program 1: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1099.441709] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1099.539454] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:11 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 22) 04:51:11 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xa00, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:51:11 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:11 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:51:11 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) getsockopt$inet_int(r1, 0x0, 0x8, &(0x7f0000000100), &(0x7f0000000180)=0x4) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733dc0a665fe66646e6be9", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:51:11 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:11 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:11 executing program 1: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = getpid() ioctl$FIOCLEX(r1, 0x5451) r3 = openat$vcs(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000180)=@IORING_OP_OPENAT2={0x1c, 0x0, 0x0, r3, &(0x7f0000000240)={0x2000}, &(0x7f0000000140)='./file0\x00', 0x18}, 0x0) ioctl$FIGETBSZ(r3, 0x2, &(0x7f0000000040)) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000000500)={0x0, ""/256, 0x0, 0x0, 0x0, 0x0, ""/16, ""/16, ""/16, 0x0}) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r4, 0x50009417, &(0x7f0000000700)={{r3}, r5, 0x4, @inherit={0x58, 0x0}, @devid}) ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000440)={{}, r5, 0xe, @unused=[0x1, 0x7, 0x400, 0x7], @name="1b3079cbec45ae682c347b2e9dd42819076d19ff9868a9292cf67a972a64231874712fc46ed8891c4be9db3aa6ec54a116be89a756ccf0cb5f7a4b967a7433171a9b31e8105b950ee904a002a8461df1ee5ce2d7c5ea43d72a718f1bbb8aa0c357ea9178d4d02277076b8671d9b3b7f08da2c1a34ac738a08c37befc7478e5d39880721d67098abc65913483a3ac1c3e648bbd228e9c2376114e4809850556472b5260676bd5d9b96a4afbd9e034f4c1ee0dfcaf224f7e5d8aa9246964ce145cb6d29bb8ea19182c707495bb5278ea635a31f8e147028c0892c2eb011193dd0b5e0fc0f9fe6ad8c6f839db324c5773b82c24df0b9863e295ec10bc31bb3b2090880a3a6429124a77a204e539254ed4321442ef34fafd62e28c1244cdff79bd65e1d7e91a85a273daa517972b0d46546859c647d2503476d8a6017a51e9005bc93d18ce56d38f62457689400115d9a185bb8e25503f49decea11f03e697644022a91ab856802df1d9d57e361bb6bef501a17276bbb251f861ff2994d25043380acedb73d95256fa5ed84d9d59ae92063a116513961f6a297326fb0ceb404b4422d8f3da0637d87f50042c515e26e227e3fb5d1f90b0d3e8632d482859c8c2187485fcc00e5b56da3a107cdd958974aa211405a80f38ca036c5e25475cafe044acaf8171c4a981988f68d79031890bc1790cd26b284c0faf3585654aa71fda97c6936bfcaa6872076c80a1891708a49869b837711883abb624f7f25af4f78c623ba1f739263676ee6c78a1a45e8ae8a9fa29040a956f67f6ea200426ce020e7be2f9ea23c139079b9456582a2d19708eb4a2ed7909c8ab06ee9f6ee1c1a1f539bcb6345a1296eeb10a031c4ea1bbbf7d488fc31a50be2a571dcf4f16607fd9d76973d136e4933b6d434bda643bbea5e44ec85882caa543215ad924e418cee2a920d5434e23f2b4791278c7feb5315d3d327ebbca9ff17bb0aac193480ce9c6a57fcd8dd5f461d34af0cfb4ba020c80b2a61747a00ad694f66671ce79520d6e4743a186220f18c38668fe93a9eb09cc1fa9376da4ff61ccf7aaddb1e01537e053edcc6c39d6fd26c8197f803e2adc139c86d4901b1ffae7cf9216a50bede51c004f3c53f05b319bd827988cadad6de2f0bd6c9ad98029c37e802e63a3b6f267f4070ae9fe08ff472def24fb36722675c6a707d8f6bc251b9d88a41389e568390116bfdd52a21c1323a8f285a8061076274effa5695410f9d03e1d48ea4d1b78245e1f79dea0f33204fc35677b24a6d4423030bba487190a131444c62c4d3b1a6e226697ae555a088897e41926faf26f6864aefb948d6dd0831a327bad95197280e74d36114bcde2548529f8aefecbdec846f14348884659354a1963860a46448a81818b20f360d0f2cfb40e2728e414a959a8b41c427a4237ad640b7eea364eeef79c1174dbd8e11cfbd62f0f06f75fc34e4aebfdeaaae68af662a8d907ecf5882183949f7676d421df0ff33a9561903e1454e46328263508374ce0e95d8db18ea03fdd5f8201c252e758be952dc1b3e100d976114b18af7db2546ea3554dbe3c5a1303835e2e2d881e2a2d2a928a01a3ba4e30f5d54ed3371a9a4d79a09372b1c94538cca0cafe6548dfc1a67435c4734d632a0e4d07ea1d25015b357d3322b73b1b537dde8eb49f6a6c6ff345bec9cf110fdfa0770160f62806c5dac8ef2b2c1e99080e2a7b1eda8736801d695496ba0faa6787d075250024d53f582ed8a2483b182728dcc3b39d80247e9e45b02b9353d90455c636822bcbf39827f50a8d347f9cf6d80ff7f354af7463c0b04774816cb267b16557888bde8f1e3cf8cd9dde91dc20df5ebdf4d659aa1daae6879e9b9f69239f750b6c3a92ae88464804a9d3e09b77f47cecad9e06cbf6cbf329ad5ac50ee3ddc04ef86c309838d4cc0d14a0ad6d134d0f71e1c8fc3393987f69ea4410ea2e237e46fdbf9fc3351b10af8a50df0d3e8c277127fad0a648fae78283301e631fb8f664497f93ab837898dc29cc7d3662330e9535d9412037ce5cf2f9c9be14110fa2f92b3d447ef6545c7fbfe08eee6282bc8b2508e9adafccea3e177a2cc4035c1e234c5cf7cf20cd39e179f5da8989077b037a22358c5064ff031ad378f7bcae41e7d7c8e14751cbda601e4df9ea885aafcebf1a0fe41a93196572f2e37b308445df7b0d862b22f8d922c85bcfa3c4b27f48ac0db4d63e1d07d795e4cfd424a926b8f33ff0bd3128f12a12201d2a89170046fd3cefa1d6b12a5cae037c94b7ba6ebe235b021249e0024217a4f6d782bfb5a16bf4435fa83fcc2cd163eb996afdf7f5fcd72ba50d9b8475f10bc7a589a5995267ddce92fecb7ca0ed9ea5c47167b35c795e46b190a5889810246ffcc2a1bab8b630d75141b03a4bbd2aa5f348ad4bbd12e82eafc48d1b1a2f54dcc298703ed082496771a989de5d22792ebfe437d08fc23fa2372750605df0e0bf6490a4271d88953cb9759403fd54c6590597d60f65209f2391c2ce9721ba56eecb759a3df6874235503a968aa42f2f5dd98bff5c0fc5e721d4bfe2834591918cec8a5b0064ba024307498b4c70dcd805362a9528a448d1e3f42f6cf5aa1fd1fcf7fd016cd95573636e5b77d81cbe65f922804f4d8371c83087c8ccbbb8912e9f736dc7b26213d3cf65d2f92876c383575e89e8163e2d4984619ba00c690a623f0c79c9bbeccc55824850f32223109175eb45feb0068dfa8c57d847cf2673cd391db8ed5461fb80293c7c83ce35f3d63252d983f0b224e6c90f250dbe4eec6b97b940571f2d860f1cc24844f6065e403e0ae516b73b90210d9d8cb93869ae02876d4c0ca9f78993e6eb310ed2e48d0f44df1d8608709c1b40bf310e712dc9d2fdbb38a56c443e61c05a5f1ec091eb786a00db18946833cbc12ca596164a84bd1dbf5b488a8117ae95d1a1aa219abfbd558f49a87e4cc1b2d164d5826dc665b6618e3da598a2c67e5d34592e700f7d97c8b8a63ee944a237bab43a35d7f669b74f827c2f1e0d9e80ad4a1ae2312eaa74a9d0f7b3a72d6f9afef15eac1cf0d192271c100830c24ce120c27ea277a14dda3764b59f81ae2bbc13b470411e34432dbbfe024644ad437c9b620803a47e29ef62f1d727ac77bcfd92731c7fc5e5daeaaeb5118f245ba76745714ff23a8fb2d70502b6384d1b04b1b5295dccb9e71126e5c7af7f691e195fb40c680959250754c6f9d5ff692356d0447690baa7e308fc0b0780d73fbea0736d81706b5a2f576fc6466884627f2d6c1184e77b38f0e5c73b027119e817b29a3c6ab584f439c4b37d02f72cd84dc1bae5bd210108127b7f22e53470c607e1fd6b47f9d87fc28cbebbf8654d0bb942e9101f02f0502a656c633e52e3347086d788f54bc4da0725c691db82d93ee3f5bf556c2d9d27c3bf3660332bf7186130b3a1477dab1cf8c8d7c952b239ad79932fd64f2f744c977349d135652179d7228f2b6e2b495ddc993d4f3b4e50cab6767304642ec4bb36acc963d0b8898abf4a8c63656d45f689693248379e27cd51a52bc9e0125c5b44f2f2e47fcb7224197187fa051d80f0c97886112bc66086f618a5b68d543830cdf241717fe6296164a3800dc1f95ff09aba3b4fe58a708a64a56a83938f2eba469bee29079d87b1e98e492e59c8dd81973023d2211928557839c037c924ededa33b4c21c90ea12461e1a7a517ccf4e59521bf5e406c3ce0622222bd9d556a0649948a7af49ed291491b02446f3dc2813ba3d06c3e56e74c683b47032e8b610e5ec54386ed230c5a56928b90f6174e38e78114c6a9dca944d913011876caea7182af296607f84bdc74f8f1632f7d9f84ca2e3b0278734f661b0edd4466a4033fc794e9c0cc6b6c5d683623be1f4760f265ab56995a835fb7f959497ec1128a35c81b914f5940ceea1a33c5ed488389fea91e2a56991e4d204fd6843b6a463bb434f7348514720b0ec973b408bf90f8b659bd553349a692a01d6136f42a40bf44ca8468f16075aecc31ccebdbd285c9be6d1ea0f0df3feba3b69a44738c2681c593bd16eb82a082466fd7edcca0d37d13f5f70145f6c877c47b32261e36d273d7ed922cc7df17abfb81d690a42d09af995db95bd0e2790051bfb62c872ceb76b36703ded3dd583efeff0378b2b8b2809ad31242467d19fb5a1b107848b1f81f60b367a4fafb1aa3b026d67f49114f49adfd416b21cc5403041e5d0810651fcdcaea369279555ba8bfedf397d28f2a7e0a658d25c442a5a95053278b90ebbd6e24b29c0c8ac4529bc1e7adfa91fb6c2e82fd9fe5e30192ed487e4909141dbcd02171f3f05fbcbb982443df02f367b4a4184e724770d3643cc1843d771937834b2f62232025ecd23152ebaac59c626f3748aefdcc9f8f884300715d95cced2ee10eb05f021fbc526305143d9449900c174b3d1acf41b1e226795f148e7b21d8034b063768802b1f2adb68fb3fe71795c20e9129e212514fa210a0eb5923345cc4f6344ce2626e6a2ae9e009e5854f0a6c0ee38ad500ec06adb737bf3b42d6a6a023d61f330b541f3e5d3cc2b69015a5ddb48173c5e46637fa05d348941d9e7b55934288bb5fc09ee64c2021a2784e28a1096dbaa3d0d03ca811fa34f6c55ef139ddcfa91412e74f00ffe3deb882a73af556a6c663b6676e9775d5e9c5715be6deb1322606ecdb4c6f61416fad3992bc419b4fadf568d30b21b433202368986af36bad383213db40c2a4f7a8fb96609876b1dab9bc7ba94c8a2aab352887aeeca4ff643f4c25df5e725d34364bde4f772c8a2ddbb59b3e0972b3dc9979ff90ccc04b4272a0e4b4bdf0f0ec141d4d0c198e5d085b6bb227bec0473d9ef06a28d7da8c92f91a4287001bd3dc8bc72ca9fe1a3114d53dc2a1590de184247c71acd1cf00ccf97658a06f4d1c8e258cdb1554b9961ad8642ad4cce3b98f62e0ec62897dcb47ae3aa4fc12327cdb64ecc2264e15b34d9d589ed9c0efa5034ca8ce63c5db080c4c8e81280e3aa71473e7af78df8c0def11ef922ce2a91b105c276a7ac69aa8bd4ac15ed00a1fbd4b5432d7c1a593dbf29d48d240de518dbf4980125960862bd1e1274bc47ccb0ea7caf3b393167459f9d2fc74b9859115cc8339e654cfbc284ee64381cd440d71d8a6c723f4dd6ea29f49234db8cda6f1a63e4b689b20989e7e1d3b7256d62eb692de8ce0b335e40fbe89e27348f07e752d642d54d15749f181288057855810acf2033b52d95f1f89895f99a9caca008c317158b45b8a0ccb9016f4f914055f221f196e0c7dc31c0d1a9b3b283ac7e8ac311da0adb3199fbfce83589049fea84bb5cf49f88125970ff529c18bf49e22d3683587211eea454a002fffc60803aacfaee8d2f8d9d0d3be93e14c7a87d6c672674fb5bd561902632c231d44b16a3fe6dec6ed3c0f587b1c1c832f2896cb0ff306e072d1521739d663aefd0871262b71af62c2ce3bfb69f4e575b2f7876d8dc5439e9051a4cdf444030de5e4c3b98474f48405e120492563efb29caaf065b9e35b9e18220ad28ea1c9a535fe9a272fe8605477dd24dcbbe84b74860f7d788a61d6b547244aa7a09248f19dbeb40b95761d28fb8dec480923aa3ea329a30f83bce11a8ae93e7e5f83c8d58579083d2735c37c50a72c881539a746b2330387b83bbc9818fed83e0f5e7fbb7fefe52bb8d4c04e6aac"}) getpgid(r2) perf_event_open(&(0x7f0000000240)={0x0, 0x80, 0x20, 0x20, 0xc1, 0xc2, 0x0, 0x3, 0x80, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x3, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x3f, 0x4, @perf_config_ext={0x81, 0x7}, 0x40, 0xa, 0x5, 0x2, 0x6f, 0x0, 0x9, 0x0, 0x40, 0x0, 0xbd4}, r2, 0xd, r0, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1111.925435] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1111.947197] FAULT_INJECTION: forcing a failure. [ 1111.947197] name failslab, interval 1, probability 0, space 0, times 0 [ 1111.949014] CPU: 1 PID: 13140 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1111.949998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1111.951182] Call Trace: [ 1111.951568] dump_stack+0x107/0x167 [ 1111.952089] should_fail.cold+0x5/0xa [ 1111.952636] should_failslab+0x5/0x20 [ 1111.953188] __kmalloc_track_caller+0x79/0x370 [ 1111.953839] ? p9_client_create+0x41d/0x11c0 [ 1111.954475] kstrdup+0x36/0x70 [ 1111.954941] p9_client_create+0x41d/0x11c0 [ 1111.955565] ? lock_downgrade+0x6d0/0x6d0 [ 1111.956179] ? p9_client_flush+0x430/0x430 [ 1111.956794] ? trace_hardirqs_on+0x5b/0x180 [ 1111.957434] ? lockdep_init_map_type+0x2c7/0x780 [ 1111.958141] ? __raw_spin_lock_init+0x36/0x110 [ 1111.958819] v9fs_session_init+0x1dd/0x1680 [ 1111.959456] ? lock_release+0x680/0x680 [ 1111.960043] ? kmem_cache_alloc_trace+0x151/0x320 [ 1111.960735] ? v9fs_show_options+0x690/0x690 [ 1111.961368] ? trace_hardirqs_on+0x5b/0x180 [ 1111.961984] ? kasan_unpoison_shadow+0x33/0x50 [ 1111.962643] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1111.963365] v9fs_mount+0x79/0x8f0 [ 1111.963888] ? v9fs_write_inode+0x60/0x60 [ 1111.964485] legacy_get_tree+0x105/0x220 [ 1111.965075] vfs_get_tree+0x8e/0x300 [ 1111.965604] path_mount+0x1429/0x2120 [ 1111.966150] ? strncpy_from_user+0x9e/0x470 [ 1111.966774] ? finish_automount+0xa90/0xa90 [ 1111.967382] ? getname_flags.part.0+0x1dd/0x4f0 [ 1111.968044] ? _copy_from_user+0xfb/0x1b0 [ 1111.968655] __x64_sys_mount+0x282/0x300 [ 1111.969253] ? copy_mnt_ns+0xa00/0xa00 [ 1111.969809] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1111.970563] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1111.971309] do_syscall_64+0x33/0x40 [ 1111.971841] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1111.972575] RIP: 0033:0x7f0b176ffb19 [ 1111.973105] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1111.975728] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1111.976827] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1111.977863] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1111.978901] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1111.979922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1111.980945] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:51:11 executing program 1: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xbe26, 0x0, @perf_config_ext={0xfffffffffffffffe}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r2 = getpid() getpgid(r2) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000100)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee01, 0xee01}}, './file0\x00'}) ioctl$SCSI_IOCTL_BENCHMARK_COMMAND(r4, 0x3) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffef9, 0x7) perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x6, 0x8f, 0x1, 0x7, 0x0, 0x8, 0x80, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x40, 0x1, @perf_config_ext={0x3}, 0x40, 0x1ff, 0x5, 0x5, 0x1, 0x6, 0x163, 0x0, 0x7ff, 0x0, 0x81}, r2, 0x0, r5, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) write$binfmt_script(r1, &(0x7f0000000240)=ANY=[@ANYBLOB="2321202e2f66696c6531207472616e733d66642c202d7b5d7b2e287d2e1b28632c67202f262d2a0a0f76a967668fe936c5ef5bbc161a4c430ece22fa46d5ed3a8b483671d38dd5748ebc46fcbef40eb62c45"], 0x52) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r8}, 0x2c, {'wfdno', 0x3d, r6}}) 04:51:11 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, 0x0) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:11 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:11 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mmap$perf(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x10, r0, 0x4) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1112.055668] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:11 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 23) [ 1112.093120] sg_write: data in/out 1818846731/36 bytes for SCSI command 0x26-- guessing data in; [ 1112.093120] program syz-executor.1 not setting count and/or reply_len properly 04:51:11 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) r4 = syz_open_procfs(0x0, &(0x7f0000003540)='net/anycast6\x00') setsockopt$inet_group_source_req(r4, 0x0, 0x2c, &(0x7f0000003580)={0x519, {{0x2, 0x4e20, @multicast1}}, {{0x2, 0x4e20, @private=0xa010102}}}, 0x108) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r5 = perf_event_open(0x0, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r5, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r3, 0x2405, r5) r6 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000001d40), 0x4000) r7 = eventfd(0x3) sendfile(r6, r7, &(0x7f0000001e00)=0xbd, 0x9) write$binfmt_aout(r0, &(0x7f0000001700)={{0x107, 0x9, 0x8f, 0x32, 0x1bf, 0x5, 0x2f6, 0x5}, "3fec2797c1bb119dd6eb179a112cefcaeb8dc7811d031416ef1aa3bf1ea315f6b53270d3203bc2af1686f4cd7af4c029a7c39062f5d63dc07cdda6548f9968888061b2a3ab8dc3375077881c5b2670855cdcf22389e722b7e68bd4d4166aed0e19579866a10cc8f8268e722d47214d2bf9d467bc22322e680c4e26081e61f26c28e5fef2f62a53c1e238eb96252129079b99899818d346a46caa9c4fd74d6a53e7cdda6967b3d43ef1e47c13ffc53c3102c6f5393f0a5781929f6a453d3dd23796a613515e65c8088e49cfa862958990f0f50ae99c27ca34534e748e8a6ff0d6f0007f4f6b60a9cab1ea420d47b7ab7a", ['\x00', '\x00', '\x00', '\x00', '\x00']}, 0x610) readv(r5, &(0x7f0000001640)=[{&(0x7f0000000100)=""/9, 0x9}, {&(0x7f0000000240)=""/73, 0x49}, {&(0x7f00000002c0)=""/167, 0xa7}, {&(0x7f0000000440)=""/155, 0x9b}, {&(0x7f0000000500)=""/4096, 0x1000}, {&(0x7f0000001500)=""/130, 0x82}, {&(0x7f0000000380)=""/111, 0x6f}, {&(0x7f00000015c0)=""/96, 0x60}, {&(0x7f0000000180)=""/34, 0x22}], 0x9) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="3dc6"]) [ 1112.101256] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:11 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1112.129083] FAULT_INJECTION: forcing a failure. [ 1112.129083] name failslab, interval 1, probability 0, space 0, times 0 [ 1112.130094] CPU: 0 PID: 13155 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1112.130671] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1112.131358] Call Trace: [ 1112.131566] dump_stack+0x107/0x167 [ 1112.131876] should_fail.cold+0x5/0xa [ 1112.132166] ? create_object.isra.0+0x3a/0xa20 [ 1112.132547] should_failslab+0x5/0x20 [ 1112.132863] kmem_cache_alloc+0x5b/0x310 [ 1112.133207] ? lock_downgrade+0x6d0/0x6d0 [ 1112.133531] create_object.isra.0+0x3a/0xa20 [ 1112.133902] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1112.134295] __kmalloc_track_caller+0x177/0x370 [ 1112.134669] ? p9_client_create+0x41d/0x11c0 [ 1112.135032] kstrdup+0x36/0x70 [ 1112.135297] p9_client_create+0x41d/0x11c0 [ 1112.135641] ? lock_downgrade+0x6d0/0x6d0 [ 1112.135962] ? p9_client_flush+0x430/0x430 [ 1112.136307] ? trace_hardirqs_on+0x5b/0x180 [ 1112.136635] ? lockdep_init_map_type+0x2c7/0x780 [ 1112.137026] ? __raw_spin_lock_init+0x36/0x110 [ 1112.137408] v9fs_session_init+0x1dd/0x1680 [ 1112.137774] ? lock_release+0x680/0x680 [ 1112.138106] ? kmem_cache_alloc_trace+0x151/0x320 [ 1112.138505] ? v9fs_show_options+0x690/0x690 [ 1112.138843] ? trace_hardirqs_on+0x5b/0x180 [ 1112.139210] ? kasan_unpoison_shadow+0x33/0x50 [ 1112.139587] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1112.140016] v9fs_mount+0x79/0x8f0 [ 1112.140317] ? v9fs_write_inode+0x60/0x60 [ 1112.140631] legacy_get_tree+0x105/0x220 [ 1112.140967] vfs_get_tree+0x8e/0x300 [ 1112.141271] path_mount+0x1429/0x2120 [ 1112.141567] ? strncpy_from_user+0x9e/0x470 [ 1112.141923] ? finish_automount+0xa90/0xa90 [ 1112.142285] ? getname_flags.part.0+0x1dd/0x4f0 [ 1112.142666] ? _copy_from_user+0xfb/0x1b0 [ 1112.143010] __x64_sys_mount+0x282/0x300 [ 1112.143342] ? copy_mnt_ns+0xa00/0xa00 [ 1112.143666] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1112.144093] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1112.144512] do_syscall_64+0x33/0x40 [ 1112.144816] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1112.145222] RIP: 0033:0x7f0b176ffb19 [ 1112.145528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1112.146982] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1112.147591] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1112.148153] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1112.148719] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1112.149283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1112.149858] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:51:11 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:11 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1112.204413] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1112.280434] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:25 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:51:25 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:25 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f0"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:25 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, @perf_config_ext, 0x500a0, 0x9, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r0, 0x4008240b, &(0x7f0000000240)={0x1, 0x80, 0xff, 0xfa, 0xae, 0x2, 0x0, 0x80000000, 0x46224, 0x6, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000100), 0x2}, 0x40, 0x1d775e2a, 0x6, 0x7, 0x9, 0x8, 0x0, 0x0, 0x600000, 0x0, 0x6}) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:51:25 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24) 04:51:25 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xb00, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:51:25 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:25 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1126.396201] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1126.435638] FAULT_INJECTION: forcing a failure. 04:51:25 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1126.435638] name failslab, interval 1, probability 0, space 0, times 0 [ 1126.437730] CPU: 0 PID: 13283 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1126.438813] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1126.440077] Call Trace: [ 1126.440490] dump_stack+0x107/0x167 [ 1126.441058] should_fail.cold+0x5/0xa [ 1126.441659] should_failslab+0x5/0x20 [ 1126.442251] __kmalloc_track_caller+0x79/0x370 [ 1126.442969] ? p9_client_create+0x51e/0x11c0 [ 1126.443656] kmemdup_nul+0x2d/0xa0 [ 1126.444209] p9_client_create+0x51e/0x11c0 [ 1126.444873] ? p9_client_flush+0x430/0x430 [ 1126.445534] ? trace_hardirqs_on+0x5b/0x180 [ 1126.446188] ? lockdep_init_map_type+0x2c7/0x780 [ 1126.446931] ? __raw_spin_lock_init+0x36/0x110 [ 1126.447640] v9fs_session_init+0x1dd/0x1680 [ 1126.448289] ? lock_release+0x680/0x680 [ 1126.448894] ? kmem_cache_alloc_trace+0x151/0x320 [ 1126.449611] ? v9fs_show_options+0x690/0x690 [ 1126.450280] ? trace_hardirqs_on+0x5b/0x180 [ 1126.450964] ? kasan_unpoison_shadow+0x33/0x50 [ 1126.451671] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1126.452455] v9fs_mount+0x79/0x8f0 [ 1126.453013] ? v9fs_write_inode+0x60/0x60 [ 1126.453655] legacy_get_tree+0x105/0x220 [ 1126.454284] vfs_get_tree+0x8e/0x300 [ 1126.454849] path_mount+0x1429/0x2120 [ 1126.455432] ? strncpy_from_user+0x9e/0x470 [ 1126.456101] ? finish_automount+0xa90/0xa90 [ 1126.456754] ? getname_flags.part.0+0x1dd/0x4f0 [ 1126.457476] ? _copy_from_user+0xfb/0x1b0 [ 1126.458103] __x64_sys_mount+0x282/0x300 [ 1126.458739] ? copy_mnt_ns+0xa00/0xa00 [ 1126.459322] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1126.460118] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1126.460911] do_syscall_64+0x33/0x40 [ 1126.461488] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1126.462273] RIP: 0033:0x7f0b176ffb19 [ 1126.462854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1126.465617] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1126.466776] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1126.467869] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1126.468960] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1126.470052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1126.471145] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1126.512309] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:25 executing program 2: setpriority(0x0, 0xffffffffffffffff, 0x2) perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SG_GET_COMMAND_Q(r0, 0x2270, &(0x7f0000000100)) fallocate(0xffffffffffffffff, 0x71, 0x100000000, 0x8527) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) ioctl$SG_IO(r0, 0x2285, &(0x7f00000017c0)={0x0, 0xfffffffffffffffb, 0x1000, 0x0, @scatter={0x4, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/147, 0x93}, {&(0x7f0000000180)=""/43, 0x2b}, {&(0x7f00000002c0)=""/250, 0xfa}, {&(0x7f0000000640)=""/255, 0xff}]}, &(0x7f0000000740)="2d14b4aadbaa6fe3e394911144b099ed5faa0daf1fb97d13038b2870f937fe22ab141fcf96aa24e6f0fd626fc8194c50db872b3696e8e5766e2fbd71eb980e72c4bec8fb3bbdec8f91ea22daf7372709800700c8a69a431da76b472247c16133e82a8e410179b613ee49afbb31587f43348224c760b585dfeebd81060efa1c56c6f82b0f6f65685250d5e074fc0c982c56972bbc7e421c96928f9aa560c51962fafcafa137869f06e8b2583ee98cc4f4b224458010a40d7489f220a315cc4cc11eb0c352665226c7115e857fdfd410c02ac9f9a9958dbdcc20fceea9fc2300467a0bae3c1e0eb0bcc8cf06ed6e953413855b54d46255c6ed696a53fbedbf2f084ca10604e3e16ef56db2d47bc382cd9f40d609c4e6394fbe59050181d62b6b398ff5c61a5bce0ebcfb111a2e268d84b82ce1b82a7a34a2283209fa6cce1c6c03dae1c7667eabceac7adb22baf43147af9c8c81333a3cf0bf16521ea2506753bafc577bab49a04e480c2b91a79867baecc77203cbf551e64204b1fe8407aa48ee5297913627dc6b7e5d7b092036f69722adfa6ced8ad52e49ad6df050aefc7a9658cce2d61b5f55c5aa34856db8c0527807d73fab268f0c29aadcc25ed9d26129663c21e2cb4ba3cb129f0c3ff52a534b96f0d8509263bb9ba1d9f9f9f45661f73d2546a1259752b388ef4f8122ab1018db60b3a9435b05dad6644c0392e0ebd22603e4da9ee298a51b5e86fd6d852b853dc40dd6cf426b308c6f70beaf885034d12e279159421b8b302a8f53971a4230e7f6482d541751e0d257f2025f09ab5134866b1f15213cb6b12bc46caa057b04c56474be49aa3f9ca78a7c21df74c575c450375cddaa1fd354a8646352ea55b36509079b64c7b452d4359b8bde968a6501e7429a751937d63f6620c69d54fa24767ecd281e0c52daad1becf5b844685be176f5a8ab7664bf33d048e888d506fa9e599588705f7dfd30f156cd2f19f43aa396194024dda2fa725997f3b6591596ab8a038197512b928894a51b3912811a44c2ff48b5fbb50b70824ef6068c83b88f69e1c5e3412ee4432395b0463b0e0a148b02ea30e261ed8d2ea2358f56d59ef66c84f47fab5721973c029cc9b9474a3600177328f6097d8e12ee5092c0487afecad7bd1f160f3b871ed38b779861bd3c9632673b05d31ab0d9456197941c30ad895bce74dc0ea5200427b22cd90ec8a5cc6857a0b79fad4f7b0540a3ad13054ccd141e962d6879d956293a8fbd23e5a82c23636a7283af63ee63c218634fb747b911bdcf18426ae039d3eee20a58d4053de44cd3ecb9cdb6cfd5e12600f404e862a930e59b367b125272994fdb9002521904de28bfa78928c299ee34e905bcada6610e920b1fa6ab70de9e9dff48682d3dc02a5d03cf880d92b4db11d1342f14b1af8a1de444637960d2fcf38023db85713ffd253906d819c9904d7199b316e25336297a3d0b0cc94f8c7c07f17f3bda174e5040227769c0a47bf7c71d05dd3a0e50aad7e391aa56880ce2a7f4b7869f446bfc5471ca972bd79ff63787b03c1eef4075c240e0a97ffcddd741836643339164f9b10c812a04a6029437585e4b8db3a238990ce82c1cc039b4c8f3e1e534745e6e60b1b899a369aac154d2ee0bdbf159787abb53550755f1c3cbc3b5843eb2d926de0bcef396a5a67df45e0e1d3879fc2df61389605733f1b455ec76b85520bf87da046f8a2376b5c583a48ef50c5ab568a5dc117cbfc44d7884bf4f06a3ef40d728cae25f0dcc377cf29823bee6fb65df36b0dd7da3fa876d20792c15a50a5a5b0182a47733c2495ad2f97bc1351bf9b05ca23637c96f96bf6666d457acfb945a061c387e65614343d51d872bc6dd99e6a16bb4fffe65bfb50a483749a03a5706a58def012ca57e126e2aad47f081094f3e82560dbac088e6314592c5c720da7158242d6dd821326d2e17215db0b886e3a5082e19660643cc4e7fa2944ca526cb2ea389763f0a10cc74116edfaf0b317e856fed3fb777f52159b58f2aa10d58957e4ed6032e4cb68957e8f4620d99814d03edb0eff8bd57d2570227b4eaa1d19de596c0d8db5c74946168f1c285693e56b4437d49e14db14482a789372230bd1fdb298c746b228666dbd47797c0b5ac0ff06a34c299e1bb1a864a6c28fcca4739ccf07d944d79dbae6e147e15784f3a3ff738fdb6c9a55b983662fbcedb39f9226f042b5ff9625ecba96b2281fd0e0a266626c3e3ee4300e0421d85b5688708f6e971f4c192b241d1863e774cfa50c474ebeaf06962ffa27293910633b8307e2f88455a6fd74b0dfa80e55c7518fd4954ae6430f7bd649d395eae53fc75ff08c6051d72efbde2fe0ae9535ddca39d50feafbf4ee0fe4bedb8c12c980d231b0785f04f071917576d2ca90af2ad1ae1831bd55ff855000b24f80cbe2c28f47293325a8417b596fa528f2bb64eb4678dda6aa9cdc3dd9815113d88424d2536e4d89f086cdc21b28b0e051771b264297ba838db2e7e93ca5ce552299158b54a99dc8b1abf5ecb68405eb0789568a5a2f8f83e4c5550d5c73e2d309ae4cdd33538d7154366c3202d7f6ade3dc557082890a29ffe8081eb2347dbe38bf972c6713ee532f14886d1b026bff37966db6cb1ce663fa7c7ef98bb1a1f624bb3541d5654abc6f68f61242bab5a746b0f533b4eb2e0dbd1bf7c24df6d0b7360543c0971ad585071e6e2965900a87356e6d919d90ee5aa32b91d70557d980852219cfd16faa4f58b9ec17a857d5e5be36f74898f2d6b4608465dc2d99f3d9f723ccfb9cef553db4003cdd077327852102e1bdce07a55383a899d7ebcd9c6a00ecd4b9b598e58080e334302e7a9e2864ef721fd3168635d0ef6ac9498a7ac68bba69b537282112786b131ade081e53d3a1df3654ecbe6df78cbae5788bf13b6b2a04a52467396ddd50d2e2c323cd38f988ca6523d738e8b58c1afa46edec3ed86c7fd7938e5b07dc88bf5ec0da9adb6b70290327c1d4dd59d260a1fb26b40463ee58ed737f807332f255b3c1196c88d77c9c9cd6d9194a2fef4462bca864490d667dd2e7548d450e0fd1e76873d38b5df83d63a177bd4be7735cad1d959e1eb91dc9b42a1e205ce1b267baf22964f1e47ca6d974dda6f8fe07c07247a28eff1ede9a22cb90d5cf48b63b6340ee69abe85cfb1e8b71849013f71fb8a35156cd701632a91dbe9405b55ac785b61bbe3b0f36ba9ee38a98d07c85c13414ed561a4b3e705451939ee53ad160fc3eb06d45572ad54b635f59ee7877e0732b9047af2fb6746e8d8e1fd416390814451da4f3e6c0154b1df20de40aa98eac64243795cd1e6b2dd37151297f835e2622f7ce4db5f382c26f5e01e8bac471ec049f3fbd7470fb7dacb58a96895fbf1735f111bb9dba68a30d02f3754887ffa237b3ec66272449cfe0544a7d708c11573aa356581552e6f05bf17e8d3d162e842be6221c3ae52494778fdaec506fd067af7994c5a516c484d110821ac950abe36c942f99ad29ce8c4ecf8a1661e41a133d0d49c5b004125f0df9ae92db4078895a2195afa12c2d823951068bbe82107548add88c3bddb7d049fc0937315721dcdd9f9c436d19069bfe9dc9f19a68ad799bfac31441327709473847ff69a0bd8e86329a54792416722ab88d1deea544f7e6431578a20174326622e1a38ca010e3e1d187b5d0bb79cae403829ec73ed9bd26f24cac853f3e3e3459a73218da5c97b0adbe5a081fb8c9ea80708a43ddef4ff412f3036f53b7505a5b23821344352793272c7ce5925f9d1a3670c0c61b6ac2c5f4fcd5fef1896da7294d00099b86583526e23eb4853a8a7eb6f95b15ec64ff6ec6b19d8c63f85c565c6d34beb111db9e638df8a3fdf447f45183b50d1f147cfcd91cf70639b695556809a9f5a646c6cb9146573c2de6f9a38b3ebca2bd37e0fd3dbcf3a7de9fcef9f69cee0f0b2f2e1ad6bc9199f591e1ee6a58faf9990223f6328170b003f28b69a596b7f95aeaf51c1ae9e1e2eb5542aa2cf790a5a5040e6cffde72a1643291f3bf58a1050e6df8493d10959ed4aa81f0fa38970e5425c70f900c96ec9b4a6d558ce40f248872fe9a7d1c97daf5939fd1c33ed20389c68b581de31574ed6b1c29446ee8f234510ad04bb212c9d3b234de7a3f49cb1b587a45481b033d0aed7d9f282a7b7a54b7dee70d8ab9f45a1f6ceef852cc8367b1a94003649822474799e8809fb41f87d8698e9e84361e87d1a511e0f2e6847dc847dca02f1bb31ca1015af7d6dc4d0cc14c20e94f441b400996f9afe58a3606fd816a11f96bba232e32eb22087bc2c13153c72f49f7e8cc73175ec4d2fd5def72dea7bfac51a86e8a62f27075124ba57c7eb815dc2eaa8e90415af3bbf8ac137e17f265e099f5f53a633c58cfd2d12e2e6e2002af8faecee67bf2fa3b07232573a69621b94c6346a4e48dfa3169fe3020f3569be369bff33748fb2f8e7e67c1f20ef95d816dca520edac829b2a882c1185ccde2726c399b5f95c4a6525d9e472c375df5c464243e162867b01dbbf9dc0f3a5bdcfdfbceb6d5d18121b6e1ba5401ded133aa0ff9329853b6863a7b96dfff72570e5d6cb7db01322a591ae391fed7dc8c81a1e399d5d82c003563062ab9a56b7ef92d04be12a9bb47cbb8ace7b7cf97411dcf4e35a4bda0c046afef15cc6f22a84c50adf0e4ad9cf9e48d1e6827b0901a88bcd65bd128d973bbf981be7fbb113225a8405f9ca68ec48625723150127957d51cd2685123f5b954adb19ee2ea39b948bd2cc7dcfeedfe7b056280090f2babecf6576e3e9de0629fd84a1242539e8d52b353320528934ed6f52af300542735d81c937da28ea0fe91d787d952c71e29d33f74492f94b907cfba684d96cf855cac5513d07c3d43451d57675bfc3f75746e8b5338dec0072290571c001fa30eda6863ea9709142b6e6520eb7a2d529c4bfdcb85058cd27a16f5684df56d6b57904a23d24a12f72a8699320d27e2f9b8184ea46bc74c0ab6a63f8f2e218333eab39a0c6a1fab9048d3624732f1af86a6a4dbd7b3a855019ca913033346d775af260ce472e5488e962d89a89ca630914f3e9ebedb5e2d863aba66a28dff76b787c151416b5cf0adf176ab52728f02ac3352a719382261f81d959eeee3b88c74445ba2b4774fe61fea1006e6c833c15cc64ae5d4df23e155fcb5358d362995110b4e29b45bb1cc781b03c3f930c07f8f0c3d0206b7220df3d994ba8a83ab476ab9841a7d35798382c111c7a29b866bf4ff87fc3c03e2b6e8203d80247a9cdfa2d5a73daafe99edb34e0153fa455c3112f99abdd213edce521f4aecd388bd7c3c4bf9dd5b85d71467aa93d99dfb0f0dba393a02a66d7da9b8bbd0d8e6d054541a57bddca2c8a9dd746266b3fb790a20cd8fc7a195cb10e57d216a9a53f186f37e67da5eebc0f640a8c822d38eaa134659ccbd83799c5df67aa8ef387d3a9b8e0d2dd0d08248a1265996602d7cdd3794e23680ee65ff7e06bbe5cd3f484a2a4e99ed5111e55eecd012c864458e04a017af1c90ac50a55bfd8309ce9d254efff451774f07cc20b04cbac9a8aec73ba5e4a65320f67a13f8684b4ca139463a90e2e8d6e159e46f184603ad3e326c197685811402413735026871714c172a32949587a0dc8e439a3280a75ab015ca36ccf06e30285a80ed03c2810214f68efd45a05858d1b7514fc66c6f40a12274acdb748a561f3941a4a56bcd6f6a5e41db81ce9306e59f2676d9aafcfdd9284032cc83d99eb6492feb9769e4970", &(0x7f0000001740), 0xfff, 0x23, 0x0, &(0x7f0000001780)}) r4 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000001740)={r4, 0x2, 0x0, 0x5}) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="897766ecffb496fc7029c809c6beddc8ed0ae41bbb8f1309d4525befe43c93c2348051ed4ed35bcbe964bf7e31bc68bf0bc62152e45a5e1db33d63183aa3efffe3f0f4dbca413ffa566256cb02334df2d0ec09457a3d47d92854e86107ac61982343c8b0aec1029a9f94ce99ded60d883ea26c8f1f820f3c5ea54f76226df0c45d863203871d43f44614f1adf9215b8edafa825b68879ced7d21eadbfc5b63c6bb440527703ec17cd872d1ea03634600d6cba7760045fdf0918dad032f678ed87a000000951b0cabae553ee70e8e05b5944dba0936a30aab9df8044c19fd095e5453b78905403a4715e6c7046df2fc8245aea02ac8c36a3f0032d387c1347f756f1b93f2d774aa80fab405ef8326607520f98b948ad83cb3506d8bf0c3b5d54c78ef6e0f620f11607cb6f87e8c4c9e30e79c05563374c17b65c8e05b1c1a6f39ff6dfe2b764aaa5fe013a813a1f5d3125f8c5fa5dd42fb84578589a3f40f059be8d5647189fc9c4a3bffbd9e15191f521587fed4d1278c40fd6874d9c89b7475768de77dfa7ca87c02c4f6bcce539279afec1794e6a7fb063cf7291a9b7cfca472559d137d8886c98042de2ef51caa71986b5535786bcfcb5f89c19701be", @ANYRESHEX=r2, @ANYBLOB=',\x00']) 04:51:25 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:25 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:25 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:25 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25) [ 1126.716598] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:25 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1126.747493] FAULT_INJECTION: forcing a failure. [ 1126.747493] name failslab, interval 1, probability 0, space 0, times 0 [ 1126.749186] CPU: 1 PID: 13303 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1126.750189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1126.751398] Call Trace: [ 1126.751790] dump_stack+0x107/0x167 [ 1126.752329] should_fail.cold+0x5/0xa [ 1126.752888] ? create_object.isra.0+0x3a/0xa20 [ 1126.753560] should_failslab+0x5/0x20 [ 1126.754119] kmem_cache_alloc+0x5b/0x310 [ 1126.754724] create_object.isra.0+0x3a/0xa20 [ 1126.755373] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1126.756122] __kmalloc_track_caller+0x177/0x370 [ 1126.756794] ? p9_client_create+0x51e/0x11c0 [ 1126.757447] kmemdup_nul+0x2d/0xa0 [ 1126.757969] p9_client_create+0x51e/0x11c0 [ 1126.758607] ? p9_client_flush+0x430/0x430 [ 1126.759227] ? trace_hardirqs_on+0x5b/0x180 [ 1126.759847] ? lockdep_init_map_type+0x2c7/0x780 [ 1126.760544] ? __raw_spin_lock_init+0x36/0x110 [ 1126.761222] v9fs_session_init+0x1dd/0x1680 [ 1126.761853] ? lock_release+0x680/0x680 [ 1126.762434] ? kmem_cache_alloc_trace+0x151/0x320 [ 1126.763142] ? v9fs_show_options+0x690/0x690 [ 1126.763783] ? trace_hardirqs_on+0x5b/0x180 [ 1126.764412] ? kasan_unpoison_shadow+0x33/0x50 [ 1126.765076] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1126.765817] v9fs_mount+0x79/0x8f0 [ 1126.766339] ? v9fs_write_inode+0x60/0x60 [ 1126.766949] legacy_get_tree+0x105/0x220 [ 1126.767534] vfs_get_tree+0x8e/0x300 [ 1126.768080] path_mount+0x1429/0x2120 [ 1126.768636] ? strncpy_from_user+0x9e/0x470 [ 1126.769255] ? finish_automount+0xa90/0xa90 [ 1126.769886] ? getname_flags.part.0+0x1dd/0x4f0 [ 1126.770560] ? _copy_from_user+0xfb/0x1b0 [ 1126.771172] __x64_sys_mount+0x282/0x300 [ 1126.771763] ? copy_mnt_ns+0xa00/0xa00 [ 1126.772327] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1126.773078] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1126.773822] do_syscall_64+0x33/0x40 [ 1126.774360] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1126.775106] RIP: 0033:0x7f0b176ffb19 [ 1126.775644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1126.778283] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1126.779387] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1126.780400] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1126.781415] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1126.782432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1126.783469] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:51:25 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000100), 0xfffffffffffffffe, 0x189500) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0500616e733d66642c7266646e6f3d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:51:25 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:25 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:26 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x2060c, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:51:26 executing program 1: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x0, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1126.970344] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:26 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1127.075479] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1141.210764] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1141.219263] FAULT_INJECTION: forcing a failure. [ 1141.219263] name failslab, interval 1, probability 0, space 0, times 0 [ 1141.220231] CPU: 1 PID: 13440 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1141.220814] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1141.221516] Call Trace: [ 1141.221750] dump_stack+0x107/0x167 [ 1141.222066] should_fail.cold+0x5/0xa [ 1141.222400] should_failslab+0x5/0x20 [ 1141.222758] __kmalloc_track_caller+0x79/0x370 [ 1141.223156] ? parse_opts.part.0+0x8e/0x340 [ 1141.223536] kstrdup+0x36/0x70 [ 1141.223816] parse_opts.part.0+0x8e/0x340 [ 1141.224181] ? p9_fd_show_options+0x1c0/0x1c0 [ 1141.224570] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1141.225023] ? quarantine_put+0x8b/0x1a0 [ 1141.225372] ? trace_hardirqs_on+0x5b/0x180 [ 1141.225742] ? kfree+0xd7/0x340 [ 1141.226033] p9_fd_create+0x98/0x4a0 [ 1141.226354] ? p9_conn_create+0x510/0x510 [ 1141.226726] ? p9_client_create+0x798/0x11c0 [ 1141.227106] ? kfree+0xd7/0x340 [ 1141.227390] ? do_raw_spin_unlock+0x4f/0x220 [ 1141.227767] p9_client_create+0x7ff/0x11c0 [ 1141.228135] ? p9_client_flush+0x430/0x430 [ 1141.228744] ? trace_hardirqs_on+0x5b/0x180 [ 1141.229230] ? lockdep_init_map_type+0x2c7/0x780 [ 1141.229731] ? __raw_spin_lock_init+0x36/0x110 [ 1141.230218] v9fs_session_init+0x1dd/0x1680 [ 1141.230617] ? lock_release+0x680/0x680 [ 1141.230989] ? kmem_cache_alloc_trace+0x151/0x320 [ 1141.231407] ? v9fs_show_options+0x690/0x690 [ 1141.231785] ? trace_hardirqs_on+0x5b/0x180 [ 1141.232153] ? kasan_unpoison_shadow+0x33/0x50 [ 1141.232542] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1141.232976] v9fs_mount+0x79/0x8f0 [ 1141.233284] ? v9fs_write_inode+0x60/0x60 [ 1141.233636] legacy_get_tree+0x105/0x220 [ 1141.233988] vfs_get_tree+0x8e/0x300 [ 1141.234306] path_mount+0x1429/0x2120 [ 1141.234653] ? strncpy_from_user+0x9e/0x470 [ 1141.235031] ? finish_automount+0xa90/0xa90 [ 1141.235410] ? getname_flags.part.0+0x1dd/0x4f0 [ 1141.235813] ? _copy_from_user+0xfb/0x1b0 [ 1141.236180] __x64_sys_mount+0x282/0x300 [ 1141.236528] ? copy_mnt_ns+0xa00/0xa00 [ 1141.236864] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1141.237311] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1141.237748] do_syscall_64+0x33/0x40 [ 1141.238064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1141.238504] RIP: 0033:0x7f0b176ffb19 [ 1141.238844] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1141.240439] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1141.241103] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1141.241703] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1141.242310] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1141.242923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1141.243525] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1141.244642] 9pnet: Insufficient options for proto=fd 04:51:40 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26) 04:51:40 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x1020, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:51:40 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x23420, 0xc125aa634e109130, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, @perf_bp={&(0x7f0000000200)}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xffff}, 0x0, 0xa, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x406083) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000100)=0xc731, 0x4) connect$inet(r3, &(0x7f00000002c0)={0x2, 0x4e22, @remote}, 0x10) sendfile(r2, r3, 0x0, 0xffe3) ioctl$BTRFS_IOC_DEFRAG_RANGE(r0, 0x40309410, &(0x7f0000000180)={0x2, 0x8, 0x2, 0x400, 0x0, [0x6, 0x4, 0x7, 0x8001]}) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xa15035, &(0x7f0000000240)=ANY=[@ANYBLOB='to=\x00'/15, @ANYRESHEX=r3, @ANYRESDEC=r0, @ANYRESHEX=r1, @ANYBLOB="d270"]) 04:51:40 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:40 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:40 executing program 1: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(0xffffffffffffffff, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:40 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:51:40 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:51:40 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x0) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1141.288783] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1141.334516] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x1220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$SG_SET_FORCE_PACK_ID(r4, 0x227b, &(0x7f0000000100)=0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x910008, &(0x7f0000000440)=ANY=[@ANYRES64=r2, @ANYRESHEX=r2, @ANYBLOB="403b194a6dad2646dd18798577c40c11000000000000991745e0485aa7929e299c28cf5ddbfc14a6b5d33cf9508a21a65dd6c9adcb4e557475b8de9ebc0300000008f13fb737d2af14a6aa0d431e5ca986d973534a0777ecdcc4d765c521f95f263b2e7eef4a165246fcad237eee893ede883659439aacaa8e1c2674e0018079101819347fbb2287dfd0dcf3601d1e0dfa4f7442f5d27f527d9dce21f039e42a2354f794c8b6ee96510cfa5069cd", @ANYRESHEX=r0, @ANYBLOB=',\b']) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_OPENAT2={0x1c, 0x7, 0x0, r5, &(0x7f0000000340)={0x80601, 0x4, 0x10}, &(0x7f0000000380)='./file0\x00', 0x18, 0x0, 0x12345}, 0x80000000) 04:51:40 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:40 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1141.422191] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1141.444479] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:51:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000300)={0x53, 0xfffffffffffffffe, 0x45, 0x96, @buffer={0x0, 0x4, &(0x7f0000000100)=""/4}, &(0x7f0000000240)="3938f0a90a84f1f15cede632ee7115dfc68cdde431e112636d0918ae79f79304cdd6a9e88f0de6192dc50943455561391b2de513a339223b7f78499078e5ce275d05f787c3", &(0x7f0000000180)=""/56, 0x5, 0x10, 0x2, &(0x7f00000002c0)}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r0}}) 04:51:40 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:51:40 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27) 04:51:40 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:51:40 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1141.516609] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1141.523329] FAULT_INJECTION: forcing a failure. [ 1141.523329] name failslab, interval 1, probability 0, space 0, times 0 [ 1141.525071] CPU: 0 PID: 13563 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1141.526083] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1141.527284] Call Trace: [ 1141.527675] dump_stack+0x107/0x167 [ 1141.528212] should_fail.cold+0x5/0xa [ 1141.528778] ? create_object.isra.0+0x3a/0xa20 [ 1141.529444] should_failslab+0x5/0x20 [ 1141.529998] kmem_cache_alloc+0x5b/0x310 [ 1141.530586] ? legacy_get_tree+0x105/0x220 [ 1141.531205] ? vfs_get_tree+0x8e/0x300 [ 1141.531780] create_object.isra.0+0x3a/0xa20 [ 1141.532423] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1141.533168] __kmalloc_track_caller+0x177/0x370 [ 1141.533836] ? parse_opts.part.0+0x8e/0x340 [ 1141.534468] kstrdup+0x36/0x70 [ 1141.534950] parse_opts.part.0+0x8e/0x340 [ 1141.535562] ? p9_fd_show_options+0x1c0/0x1c0 [ 1141.536219] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1141.536978] ? quarantine_put+0x8b/0x1a0 [ 1141.537564] ? trace_hardirqs_on+0x5b/0x180 [ 1141.538195] ? kfree+0xd7/0x340 [ 1141.538695] p9_fd_create+0x98/0x4a0 [ 1141.539238] ? p9_conn_create+0x510/0x510 [ 1141.539834] ? p9_client_create+0x798/0x11c0 [ 1141.540474] ? kfree+0xd7/0x340 [ 1141.540955] ? do_raw_spin_unlock+0x4f/0x220 [ 1141.541604] p9_client_create+0x7ff/0x11c0 [ 1141.542225] ? p9_client_flush+0x430/0x430 [ 1141.542842] ? trace_hardirqs_on+0x5b/0x180 [ 1141.543469] ? lockdep_init_map_type+0x2c7/0x780 [ 1141.544164] ? __raw_spin_lock_init+0x36/0x110 [ 1141.544844] v9fs_session_init+0x1dd/0x1680 [ 1141.545471] ? lock_release+0x680/0x680 [ 1141.546055] ? kmem_cache_alloc_trace+0x151/0x320 [ 1141.546761] ? v9fs_show_options+0x690/0x690 [ 1141.547407] ? trace_hardirqs_on+0x5b/0x180 [ 1141.548035] ? kasan_unpoison_shadow+0x33/0x50 [ 1141.548698] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1141.549433] v9fs_mount+0x79/0x8f0 [ 1141.549954] ? v9fs_write_inode+0x60/0x60 [ 1141.550558] legacy_get_tree+0x105/0x220 [ 1141.551160] vfs_get_tree+0x8e/0x300 [ 1141.551701] path_mount+0x1429/0x2120 [ 1141.552259] ? strncpy_from_user+0x9e/0x470 [ 1141.552884] ? finish_automount+0xa90/0xa90 [ 1141.553508] ? getname_flags.part.0+0x1dd/0x4f0 [ 1141.554182] ? _copy_from_user+0xfb/0x1b0 [ 1141.554801] __x64_sys_mount+0x282/0x300 [ 1141.555389] ? copy_mnt_ns+0xa00/0xa00 [ 1141.555959] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1141.556727] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1141.557473] do_syscall_64+0x33/0x40 [ 1141.558019] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1141.558767] RIP: 0033:0x7f0b176ffb19 [ 1141.559311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1141.561933] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1141.563027] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1141.564049] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1141.565080] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1141.566107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1141.567144] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1156.097693] FAULT_INJECTION: forcing a failure. [ 1156.097693] name failslab, interval 1, probability 0, space 0, times 0 04:51:55 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:55 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55d"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:51:55 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:51:55 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:51:55 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28) 04:51:55 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:51:55 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x1, 0x4b, 0x81, 0x81, 0x0, 0x1, 0x3004, 0x3, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x612e, 0x0, @perf_config_ext={0x3, 0x7}, 0x48, 0x0, 0x0, 0x5, 0xfffffffffffffe00, 0x962, 0x1, 0x0, 0x8000}, 0x0, 0xffffffffffffffff, r0, 0x8) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000100)=0xffffffffffffffff, 0x4) r4 = accept$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000180)=0x14) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r4, &(0x7f0000000300)={0x10}) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="7472616e733d667126dfec66642c7266646e6f3d", @ANYRESHEX=r3, @ANYBLOB="2c7766ff0700000000000071c6", @ANYRESHEX=r1, @ANYBLOB=',\x00']) 04:51:55 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2010, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1156.099811] CPU: 1 PID: 13678 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1156.101044] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1156.102535] Call Trace: [ 1156.103064] dump_stack+0x107/0x167 [ 1156.103728] should_fail.cold+0x5/0xa [ 1156.104424] should_failslab+0x5/0x20 [ 1156.105102] __kmalloc_track_caller+0x79/0x370 [ 1156.105926] ? match_number+0xaf/0x1d0 [ 1156.106633] kmemdup_nul+0x2d/0xa0 [ 1156.107297] match_number+0xaf/0x1d0 [ 1156.107962] ? match_u64+0x190/0x190 [ 1156.108621] ? __kmalloc_track_caller+0x2c6/0x370 [ 1156.109478] ? memcpy+0x39/0x60 [ 1156.110069] parse_opts.part.0+0x1f3/0x340 [ 1156.110856] ? p9_fd_show_options+0x1c0/0x1c0 [ 1156.111650] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1156.112591] ? trace_hardirqs_on+0x5b/0x180 [ 1156.113353] ? kfree+0xd7/0x340 [ 1156.113955] p9_fd_create+0x98/0x4a0 [ 1156.114623] ? p9_conn_create+0x510/0x510 [ 1156.115411] ? p9_client_create+0x798/0x11c0 [ 1156.116208] ? kfree+0xd7/0x340 [ 1156.116812] ? do_raw_spin_unlock+0x4f/0x220 [ 1156.117613] p9_client_create+0x7ff/0x11c0 [ 1156.118390] ? p9_client_flush+0x430/0x430 [ 1156.119173] ? trace_hardirqs_on+0x5b/0x180 [ 1156.119956] ? lockdep_init_map_type+0x2c7/0x780 [ 1156.120804] ? __raw_spin_lock_init+0x36/0x110 [ 1156.121645] v9fs_session_init+0x1dd/0x1680 [ 1156.122423] ? lock_release+0x680/0x680 [ 1156.123189] ? kmem_cache_alloc_trace+0x151/0x320 [ 1156.124054] ? v9fs_show_options+0x690/0x690 [ 1156.124865] ? trace_hardirqs_on+0x5b/0x180 [ 1156.125635] ? kasan_unpoison_shadow+0x33/0x50 [ 1156.126468] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1156.127403] v9fs_mount+0x79/0x8f0 [ 1156.128061] ? v9fs_write_inode+0x60/0x60 [ 1156.128801] legacy_get_tree+0x105/0x220 [ 1156.129538] vfs_get_tree+0x8e/0x300 [ 1156.130206] path_mount+0x1429/0x2120 [ 1156.130931] ? strncpy_from_user+0x9e/0x470 [ 1156.131709] ? finish_automount+0xa90/0xa90 [ 1156.132498] ? getname_flags.part.0+0x1dd/0x4f0 [ 1156.133336] ? _copy_from_user+0xfb/0x1b0 [ 1156.134107] __x64_sys_mount+0x282/0x300 [ 1156.134865] ? copy_mnt_ns+0xa00/0xa00 [ 1156.135590] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1156.136528] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1156.137472] do_syscall_64+0x33/0x40 [ 1156.138145] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1156.139093] RIP: 0033:0x7f0b176ffb19 [ 1156.139757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1156.143096] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1156.144454] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1156.145753] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1156.147065] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1156.148250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1156.149306] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:51:55 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xedc0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1156.214792] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1156.380013] 9pnet: Insufficient options for proto=fd 04:52:07 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) 04:52:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:07 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0) perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, @perf_config_ext={0x4}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1) r5 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) fallocate(r5, 0x0, 0x0, 0x1000002) r6 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0xa3) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r7 = openat(0xffffffffffffffff, &(0x7f0000000280)='/proc/self/exe\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0x100000001) ioctl$AUTOFS_DEV_IOCTL_FAIL(r1, 0xc0189377, &(0x7f0000000100)={{0x1, 0x1, 0x18, r0, {0x9efb, 0x7}}, './file1\x00'}) connect$inet(r8, &(0x7f0000000180)={0x2, 0x4e21, @rand_addr=0x64010100}, 0x10) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) 04:52:07 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:52:07 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(0x0, 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:07 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:07 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x80000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:52:07 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1168.144655] FAULT_INJECTION: forcing a failure. [ 1168.144655] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.146411] CPU: 1 PID: 13920 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1168.147255] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1168.147459] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1168.147466] Call Trace: [ 1168.147493] dump_stack+0x107/0x167 [ 1168.150392] should_fail.cold+0x5/0xa [ 1168.150974] ? create_object.isra.0+0x3a/0xa20 [ 1168.151666] should_failslab+0x5/0x20 [ 1168.152229] kmem_cache_alloc+0x5b/0x310 [ 1168.152845] create_object.isra.0+0x3a/0xa20 [ 1168.153507] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1168.154268] __kmalloc_track_caller+0x177/0x370 [ 1168.154964] ? match_number+0xaf/0x1d0 [ 1168.155550] kmemdup_nul+0x2d/0xa0 [ 1168.156089] match_number+0xaf/0x1d0 [ 1168.156640] ? match_u64+0x190/0x190 [ 1168.157194] ? __kmalloc_track_caller+0x2c6/0x370 [ 1168.157921] ? memcpy+0x39/0x60 [ 1168.158420] parse_opts.part.0+0x1f3/0x340 [ 1168.159078] ? p9_fd_show_options+0x1c0/0x1c0 [ 1168.159743] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1168.160519] ? trace_hardirqs_on+0x5b/0x180 [ 1168.161163] ? kfree+0xd7/0x340 [ 1168.161659] p9_fd_create+0x98/0x4a0 [ 1168.162218] ? p9_conn_create+0x510/0x510 [ 1168.162826] ? p9_client_create+0x798/0x11c0 [ 1168.163507] ? kfree+0xd7/0x340 [ 1168.164004] ? do_raw_spin_unlock+0x4f/0x220 [ 1168.164657] p9_client_create+0x7ff/0x11c0 [ 1168.165297] ? p9_client_flush+0x430/0x430 [ 1168.165920] ? trace_hardirqs_on+0x5b/0x180 [ 1168.166558] ? lockdep_init_map_type+0x2c7/0x780 [ 1168.167300] ? __raw_spin_lock_init+0x36/0x110 [ 1168.167995] v9fs_session_init+0x1dd/0x1680 [ 1168.168644] ? lock_release+0x680/0x680 [ 1168.169258] ? kmem_cache_alloc_trace+0x151/0x320 [ 1168.169966] ? v9fs_show_options+0x690/0x690 [ 1168.170642] ? trace_hardirqs_on+0x5b/0x180 [ 1168.171340] ? kasan_unpoison_shadow+0x33/0x50 [ 1168.172020] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1168.172773] v9fs_mount+0x79/0x8f0 [ 1168.173317] ? v9fs_write_inode+0x60/0x60 [ 1168.173947] legacy_get_tree+0x105/0x220 [ 1168.174554] vfs_get_tree+0x8e/0x300 [ 1168.175132] path_mount+0x1429/0x2120 [ 1168.175703] ? strncpy_from_user+0x9e/0x470 [ 1168.176338] ? finish_automount+0xa90/0xa90 [ 1168.176974] ? getname_flags.part.0+0x1dd/0x4f0 [ 1168.177658] ? _copy_from_user+0xfb/0x1b0 [ 1168.178284] __x64_sys_mount+0x282/0x300 [ 1168.178881] ? copy_mnt_ns+0xa00/0xa00 [ 1168.179478] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1168.180257] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1168.181019] do_syscall_64+0x33/0x40 [ 1168.181573] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1168.182325] RIP: 0033:0x7f0b176ffb19 [ 1168.182880] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1168.185582] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1168.186694] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1168.187766] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1168.188807] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1168.189851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1168.190890] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:52:07 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:07 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1168.263826] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:07 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:07 executing program 1: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:07 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1168.338567] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:07 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:07 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:07 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) [ 1168.488383] FAULT_INJECTION: forcing a failure. [ 1168.488383] name failslab, interval 1, probability 0, space 0, times 0 [ 1168.489357] CPU: 0 PID: 14038 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1168.489930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1168.490607] Call Trace: 04:52:07 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c1"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1168.490888] dump_stack+0x107/0x167 [ 1168.491219] should_fail.cold+0x5/0xa [ 1168.491532] ? create_object.isra.0+0x3a/0xa20 [ 1168.491905] should_failslab+0x5/0x20 [ 1168.492215] kmem_cache_alloc+0x5b/0x310 [ 1168.492545] create_object.isra.0+0x3a/0xa20 [ 1168.492904] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1168.493326] __kmalloc_track_caller+0x177/0x370 [ 1168.493710] ? match_number+0xaf/0x1d0 [ 1168.494039] kmemdup_nul+0x2d/0xa0 [ 1168.494335] match_number+0xaf/0x1d0 [ 1168.494639] ? match_u64+0x190/0x190 [ 1168.494959] ? __kmalloc_track_caller+0x2c6/0x370 [ 1168.495364] ? memcpy+0x39/0x60 [ 1168.495649] parse_opts.part.0+0x1f3/0x340 [ 1168.496007] ? p9_fd_show_options+0x1c0/0x1c0 [ 1168.496384] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1168.496824] ? trace_hardirqs_on+0x5b/0x180 [ 1168.497194] ? kfree+0xd7/0x340 [ 1168.497470] p9_fd_create+0x98/0x4a0 [ 1168.497780] ? p9_conn_create+0x510/0x510 [ 1168.498116] ? p9_client_create+0x798/0x11c0 [ 1168.498476] ? kfree+0xd7/0x340 [ 1168.498750] ? do_raw_spin_unlock+0x4f/0x220 [ 1168.499122] p9_client_create+0x7ff/0x11c0 [ 1168.499486] ? p9_client_flush+0x430/0x430 [ 1168.499839] ? trace_hardirqs_on+0x5b/0x180 [ 1168.500204] ? lockdep_init_map_type+0x2c7/0x780 [ 1168.500590] ? __raw_spin_lock_init+0x36/0x110 [ 1168.500973] v9fs_session_init+0x1dd/0x1680 [ 1168.501328] ? lock_release+0x680/0x680 [ 1168.501657] ? kmem_cache_alloc_trace+0x151/0x320 [ 1168.502051] ? v9fs_show_options+0x690/0x690 [ 1168.502427] ? trace_hardirqs_on+0x5b/0x180 [ 1168.502778] ? kasan_unpoison_shadow+0x33/0x50 [ 1168.503170] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1168.503596] v9fs_mount+0x79/0x8f0 [ 1168.503889] ? v9fs_write_inode+0x60/0x60 [ 1168.504235] legacy_get_tree+0x105/0x220 [ 1168.504582] vfs_get_tree+0x8e/0x300 [ 1168.504898] path_mount+0x1429/0x2120 [ 1168.505224] ? strncpy_from_user+0x9e/0x470 [ 1168.505577] ? finish_automount+0xa90/0xa90 [ 1168.505928] ? getname_flags.part.0+0x1dd/0x4f0 [ 1168.506308] ? _copy_from_user+0xfb/0x1b0 [ 1168.506674] __x64_sys_mount+0x282/0x300 [ 1168.507030] ? copy_mnt_ns+0xa00/0xa00 [ 1168.507352] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1168.507778] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1168.508198] do_syscall_64+0x33/0x40 [ 1168.508500] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1168.508932] RIP: 0033:0x7f0b176ffb19 [ 1168.509253] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1168.510751] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1168.511390] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1168.512143] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1168.512722] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1168.513309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1168.513882] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1168.574174] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:07 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1168.605258] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:20 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:20 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:20 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:52:20 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:52:20 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_procfs(0x0, &(0x7f0000000100)='children\x00') syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='tl', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:52:20 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 1) 04:52:20 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) 04:52:20 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1181.769037] FAULT_INJECTION: forcing a failure. [ 1181.769037] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.770776] CPU: 1 PID: 14168 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1181.771822] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1181.773116] Call Trace: [ 1181.773539] dump_stack+0x107/0x167 [ 1181.774122] should_fail.cold+0x5/0xa [ 1181.774724] should_failslab+0x5/0x20 [ 1181.775355] __kmalloc_track_caller+0x79/0x370 [ 1181.776069] ? strndup_user+0x74/0xe0 [ 1181.776667] memdup_user+0x22/0xd0 [ 1181.777234] strndup_user+0x74/0xe0 [ 1181.777817] __x64_sys_mount+0x133/0x300 [ 1181.778467] ? copy_mnt_ns+0xa00/0xa00 [ 1181.779108] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1181.779944] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1181.780770] do_syscall_64+0x33/0x40 [ 1181.781365] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1181.782177] RIP: 0033:0x7f0d74438b19 [ 1181.782753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1181.782763] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1181.782797] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1181.786675] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1181.786685] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1181.786694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1181.786704] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1181.790725] FAULT_INJECTION: forcing a failure. [ 1181.790725] name failslab, interval 1, probability 0, space 0, times 0 [ 1181.792806] CPU: 1 PID: 14170 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1181.795421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1181.796686] Call Trace: [ 1181.797110] dump_stack+0x107/0x167 [ 1181.797673] should_fail.cold+0x5/0xa [ 1181.798263] ? create_object.isra.0+0x3a/0xa20 [ 1181.798970] should_failslab+0x5/0x20 [ 1181.799599] kmem_cache_alloc+0x5b/0x310 [ 1181.800264] create_object.isra.0+0x3a/0xa20 [ 1181.800943] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1181.801740] __kmalloc_track_caller+0x177/0x370 [ 1181.802492] ? match_number+0xaf/0x1d0 [ 1181.803125] kmemdup_nul+0x2d/0xa0 [ 1181.803689] match_number+0xaf/0x1d0 [ 1181.804299] ? match_u64+0x190/0x190 [ 1181.804899] ? __kmalloc_track_caller+0x2c6/0x370 [ 1181.805649] ? memcpy+0x39/0x60 [ 1181.806184] parse_opts.part.0+0x1f3/0x340 [ 1181.806863] ? p9_fd_show_options+0x1c0/0x1c0 [ 1181.807578] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1181.808402] ? trace_hardirqs_on+0x5b/0x180 [ 1181.809074] ? kfree+0xd7/0x340 [ 1181.809616] p9_fd_create+0x98/0x4a0 [ 1181.810207] ? p9_conn_create+0x510/0x510 [ 1181.810843] ? p9_client_create+0x798/0x11c0 [ 1181.811548] ? kfree+0xd7/0x340 [ 1181.812077] ? do_raw_spin_unlock+0x4f/0x220 [ 1181.812781] p9_client_create+0x7ff/0x11c0 [ 1181.813467] ? p9_client_flush+0x430/0x430 [ 1181.814127] ? trace_hardirqs_on+0x5b/0x180 [ 1181.814792] ? lockdep_init_map_type+0x2c7/0x780 [ 1181.815555] ? __raw_spin_lock_init+0x36/0x110 [ 1181.816278] v9fs_session_init+0x1dd/0x1680 [ 1181.816968] ? lock_release+0x680/0x680 [ 1181.817593] ? kmem_cache_alloc_trace+0x151/0x320 [ 1181.818350] ? v9fs_show_options+0x690/0x690 [ 1181.819058] ? trace_hardirqs_on+0x5b/0x180 [ 1181.819763] ? kasan_unpoison_shadow+0x33/0x50 [ 1181.820477] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1181.821269] v9fs_mount+0x79/0x8f0 [ 1181.821833] ? v9fs_write_inode+0x60/0x60 [ 1181.822490] legacy_get_tree+0x105/0x220 [ 1181.823144] vfs_get_tree+0x8e/0x300 [ 1181.823159] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1181.825055] path_mount+0x1429/0x2120 [ 1181.825666] ? strncpy_from_user+0x9e/0x470 [ 1181.826369] ? finish_automount+0xa90/0xa90 [ 1181.827060] ? getname_flags.part.0+0x1dd/0x4f0 [ 1181.827794] ? _copy_from_user+0xfb/0x1b0 [ 1181.828453] __x64_sys_mount+0x282/0x300 [ 1181.829110] ? copy_mnt_ns+0xa00/0xa00 [ 1181.829715] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1181.830540] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1181.831357] do_syscall_64+0x33/0x40 [ 1181.831943] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1181.832752] RIP: 0033:0x7f0b176ffb19 [ 1181.833330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1181.836193] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1181.837370] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1181.838475] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1181.839616] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1181.840716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1181.841810] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1181.859895] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:21 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:21 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 2) [ 1181.939650] FAULT_INJECTION: forcing a failure. [ 1181.939650] name failslab, interval 1, probability 0, space 0, times 0 04:52:21 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1181.941576] CPU: 1 PID: 14177 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1181.942830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1181.944175] Call Trace: [ 1181.944594] dump_stack+0x107/0x167 [ 1181.945193] should_fail.cold+0x5/0xa [ 1181.945825] ? create_object.isra.0+0x3a/0xa20 [ 1181.946550] should_failslab+0x5/0x20 [ 1181.947190] kmem_cache_alloc+0x5b/0x310 [ 1181.947825] create_object.isra.0+0x3a/0xa20 [ 1181.948541] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1181.949325] __kmalloc_track_caller+0x177/0x370 [ 1181.950072] ? strndup_user+0x74/0xe0 [ 1181.950678] memdup_user+0x22/0xd0 [ 1181.951286] strndup_user+0x74/0xe0 [ 1181.951877] __x64_sys_mount+0x133/0x300 [ 1181.952541] ? copy_mnt_ns+0xa00/0xa00 [ 1181.953149] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1181.953994] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1181.954803] do_syscall_64+0x33/0x40 04:52:21 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) syz_open_dev$sg(&(0x7f0000000100), 0x3, 0x20000) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1181.955434] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1181.956380] RIP: 0033:0x7f0d74438b19 [ 1181.956982] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1181.959942] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1181.961165] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1181.962311] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1181.963492] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1181.964635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1181.965763] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1182.027516] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:21 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1182.083489] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:21 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) 04:52:21 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1182.206029] FAULT_INJECTION: forcing a failure. [ 1182.206029] name failslab, interval 1, probability 0, space 0, times 0 [ 1182.208007] CPU: 1 PID: 14191 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1182.209123] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1182.210484] Call Trace: [ 1182.210924] dump_stack+0x107/0x167 [ 1182.211537] should_fail.cold+0x5/0xa [ 1182.212182] ? p9_fd_create+0x161/0x4a0 [ 1182.212211] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1182.212819] ? p9_fd_create+0x161/0x4a0 [ 1182.212842] should_failslab+0x5/0x20 [ 1182.212860] kmem_cache_alloc_trace+0x55/0x320 [ 1182.212888] p9_fd_create+0x161/0x4a0 [ 1182.216795] ? p9_conn_create+0x510/0x510 [ 1182.217469] ? p9_client_create+0x798/0x11c0 [ 1182.218186] ? kfree+0xd7/0x340 [ 1182.218741] ? do_raw_spin_unlock+0x4f/0x220 [ 1182.219485] p9_client_create+0x7ff/0x11c0 [ 1182.220188] ? p9_client_flush+0x430/0x430 [ 1182.220876] ? trace_hardirqs_on+0x5b/0x180 [ 1182.221580] ? lockdep_init_map_type+0x2c7/0x780 [ 1182.222358] ? __raw_spin_lock_init+0x36/0x110 [ 1182.223118] v9fs_session_init+0x1dd/0x1680 [ 1182.223823] ? lock_release+0x680/0x680 [ 1182.224473] ? kmem_cache_alloc_trace+0x151/0x320 [ 1182.225259] ? v9fs_show_options+0x690/0x690 [ 1182.225975] ? trace_hardirqs_on+0x5b/0x180 [ 1182.226658] ? kasan_unpoison_shadow+0x33/0x50 [ 1182.227417] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1182.228248] v9fs_mount+0x79/0x8f0 [ 1182.228804] ? v9fs_write_inode+0x60/0x60 [ 1182.229484] legacy_get_tree+0x105/0x220 [ 1182.230145] vfs_get_tree+0x8e/0x300 [ 1182.230748] path_mount+0x1429/0x2120 [ 1182.231383] ? strncpy_from_user+0x9e/0x470 [ 1182.232087] ? finish_automount+0xa90/0xa90 [ 1182.232806] ? getname_flags.part.0+0x1dd/0x4f0 [ 1182.233555] ? _copy_from_user+0xfb/0x1b0 [ 1182.234234] __x64_sys_mount+0x282/0x300 [ 1182.234894] ? copy_mnt_ns+0xa00/0xa00 [ 1182.235563] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1182.236418] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1182.237254] do_syscall_64+0x33/0x40 [ 1182.237856] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1182.238691] RIP: 0033:0x7f0b176ffb19 [ 1182.239310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1182.242282] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1182.243503] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1182.244612] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1182.245710] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1182.246826] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1182.247934] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1194.895587] FAULT_INJECTION: forcing a failure. [ 1194.895587] name failslab, interval 1, probability 0, space 0, times 0 [ 1194.896730] CPU: 1 PID: 14302 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1194.897347] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1194.898082] Call Trace: [ 1194.898325] dump_stack+0x107/0x167 [ 1194.898656] should_fail.cold+0x5/0xa [ 1194.899002] ? create_object.isra.0+0x3a/0xa20 [ 1194.899417] should_failslab+0x5/0x20 [ 1194.899762] kmem_cache_alloc+0x5b/0x310 [ 1194.900127] ? p9_fd_show_options+0x1c0/0x1c0 [ 1194.900534] create_object.isra.0+0x3a/0xa20 [ 1194.900926] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1194.901385] kmem_cache_alloc_trace+0x151/0x320 [ 1194.901804] p9_fd_create+0x161/0x4a0 [ 1194.902145] ? p9_conn_create+0x510/0x510 [ 1194.902517] ? p9_client_create+0x798/0x11c0 [ 1194.902916] ? kfree+0xd7/0x340 [ 1194.903219] ? do_raw_spin_unlock+0x4f/0x220 [ 1194.903625] p9_client_create+0x7ff/0x11c0 [ 1194.904012] ? p9_client_flush+0x430/0x430 [ 1194.904390] ? trace_hardirqs_on+0x5b/0x180 [ 1194.904779] ? lockdep_init_map_type+0x2c7/0x780 04:52:34 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:34 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1194.905206] ? __raw_spin_lock_init+0x36/0x110 [ 1194.905860] v9fs_session_init+0x1dd/0x1680 04:52:34 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x7000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:52:34 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) 04:52:34 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 3) 04:52:34 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1194.906357] ? lock_release+0x680/0x680 sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:34 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:34 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1194.906829] ? kmem_cache_alloc_trace+0x151/0x320 [ 1194.907304] ? v9fs_show_options+0x690/0x690 [ 1194.907696] ? trace_hardirqs_on+0x5b/0x180 [ 1194.908083] ? kasan_unpoison_shadow+0x33/0x50 [ 1194.908489] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1194.908939] v9fs_mount+0x79/0x8f0 [ 1194.909260] ? v9fs_write_inode+0x60/0x60 [ 1194.909629] legacy_get_tree+0x105/0x220 [ 1194.909995] vfs_get_tree+0x8e/0x300 [ 1194.910325] path_mount+0x1429/0x2120 [ 1194.910665] ? strncpy_from_user+0x9e/0x470 [ 1194.911045] ? finish_automount+0xa90/0xa90 [ 1194.911439] ? getname_flags.part.0+0x1dd/0x4f0 [ 1194.911855] ? _copy_from_user+0xfb/0x1b0 [ 1194.912229] __x64_sys_mount+0x282/0x300 [ 1194.912587] ? copy_mnt_ns+0xa00/0xa00 [ 1194.912938] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1194.913407] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1194.913863] do_syscall_64+0x33/0x40 [ 1194.914191] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1194.914640] RIP: 0033:0x7f0b176ffb19 [ 1194.914971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1194.916600] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1194.917276] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1194.917908] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1194.918537] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1194.919163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1194.919797] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1194.923472] FAULT_INJECTION: forcing a failure. [ 1194.923472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1194.924575] CPU: 1 PID: 14301 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1194.925182] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1194.925913] Call Trace: [ 1194.926150] dump_stack+0x107/0x167 [ 1194.926473] should_fail.cold+0x5/0xa [ 1194.926812] _copy_from_user+0x2e/0x1b0 [ 1194.927165] memdup_user+0x65/0xd0 [ 1194.927491] strndup_user+0x74/0xe0 [ 1194.927817] __x64_sys_mount+0x133/0x300 [ 1194.928180] ? copy_mnt_ns+0xa00/0xa00 [ 1194.928535] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1194.928998] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1194.929457] do_syscall_64+0x33/0x40 [ 1194.929790] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1194.930244] RIP: 0033:0x7f0d74438b19 [ 1194.930580] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1194.932207] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1194.932877] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1194.933506] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1194.934142] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1194.934783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.935424] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1194.994304] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:52:34 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 4) 04:52:34 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'sit0\x00'}) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="5ad071dca4aac1846fd9008c67b106429b1c96a0ed00000000000000000019df3ca91ffa60a4c6cf12f25f341d119db3ae3fd5f4f3b4fcdac5f6e44b082f9507125aabf0caac53821b35353277092feda0348d626d"]) 04:52:34 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1195.042231] FAULT_INJECTION: forcing a failure. [ 1195.042231] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.043265] CPU: 1 PID: 14319 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1195.043848] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1195.044541] Call Trace: [ 1195.044770] dump_stack+0x107/0x167 [ 1195.045078] should_fail.cold+0x5/0xa [ 1195.045406] ? copy_mount_options+0x55/0x180 [ 1195.045776] should_failslab+0x5/0x20 [ 1195.046107] kmem_cache_alloc_trace+0x55/0x320 [ 1195.046497] ? _copy_from_user+0xfb/0x1b0 [ 1195.046851] copy_mount_options+0x55/0x180 [ 1195.047220] __x64_sys_mount+0x1a8/0x300 [ 1195.047562] ? copy_mnt_ns+0xa00/0xa00 [ 1195.047901] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1195.048352] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1195.048790] do_syscall_64+0x33/0x40 [ 1195.049109] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1195.049541] RIP: 0033:0x7f0d74438b19 [ 1195.049860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1195.051409] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1195.052049] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1195.052645] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1195.053241] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1195.053842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1195.054439] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:52:34 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:34 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:34 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:34 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 5) 04:52:34 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) 04:52:34 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180)=0xe, 0x800) dup2(r0, r1) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r4, @ANYBLOB="2cd30de1b72d4bb87766646e6f3d14198f45c63b6e412220d9c265ddd338a3d8cd33e913bbaa2aac6a823c5f69269d92be7afb3ab5573a4c27572f8326bcb1824bd8bc1fd0d7f44833cddcb630880a3dc4236702ee3f1ee820fa944cd3f415c439ae0ae82e1e50481fd9b49dd02990134c4b6cc2034e9e845d1e6a44d9c5fd28ec53955d9cc591d3eb8e4f65987540", @ANYRESHEX=r2, @ANYBLOB=',\x00']) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r2, 0x8982, &(0x7f0000000240)={0x6, 'geneve0\x00', {0x8}, 0x8}) [ 1195.136645] FAULT_INJECTION: forcing a failure. [ 1195.136645] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.137598] CPU: 1 PID: 14327 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1195.138156] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1195.138829] Call Trace: [ 1195.139054] dump_stack+0x107/0x167 [ 1195.139361] should_fail.cold+0x5/0xa [ 1195.139677] ? create_object.isra.0+0x3a/0xa20 [ 1195.140046] should_failslab+0x5/0x20 [ 1195.140360] kmem_cache_alloc+0x5b/0x310 [ 1195.140694] create_object.isra.0+0x3a/0xa20 [ 1195.141054] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1195.141475] kmem_cache_alloc_trace+0x151/0x320 [ 1195.141862] copy_mount_options+0x55/0x180 [ 1195.142211] __x64_sys_mount+0x1a8/0x300 [ 1195.142547] ? copy_mnt_ns+0xa00/0xa00 [ 1195.142874] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1195.143311] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1195.143729] do_syscall_64+0x33/0x40 [ 1195.144039] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1195.144460] RIP: 0033:0x7f0d74438b19 [ 1195.144764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1195.146259] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1195.146883] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1195.147477] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1195.148055] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1195.148633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1195.149207] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1195.191566] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1195.214072] FAULT_INJECTION: forcing a failure. [ 1195.214072] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.215859] CPU: 1 PID: 14336 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1195.216900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1195.218140] Call Trace: [ 1195.218546] dump_stack+0x107/0x167 [ 1195.219090] should_fail.cold+0x5/0xa [ 1195.219679] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1195.220470] should_failslab+0x5/0x20 [ 1195.221056] kmem_cache_alloc+0x5b/0x310 [ 1195.221680] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1195.222454] p9_client_rpc+0x220/0x1370 [ 1195.223047] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1195.223848] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1195.224659] ? pipe_poll+0x21b/0x7f0 [ 1195.225232] ? p9_fd_close+0x4a0/0x4a0 [ 1195.225821] ? anon_pipe_buf_release+0x280/0x280 [ 1195.226530] ? p9_fd_poll+0x1e0/0x2c0 [ 1195.227119] ? p9_fd_create+0x357/0x4a0 [ 1195.227736] ? p9_conn_create+0x510/0x510 [ 1195.228363] ? p9_client_create+0x798/0x11c0 [ 1195.229028] ? kfree+0xd7/0x340 [ 1195.229527] ? do_raw_spin_unlock+0x4f/0x220 [ 1195.230194] p9_client_create+0xa76/0x11c0 [ 1195.230844] ? p9_client_flush+0x430/0x430 [ 1195.231485] ? trace_hardirqs_on+0x5b/0x180 [ 1195.232134] ? lockdep_init_map_type+0x2c7/0x780 [ 1195.232848] ? __raw_spin_lock_init+0x36/0x110 [ 1195.233525] v9fs_session_init+0x1dd/0x1680 [ 1195.234170] ? lock_release+0x680/0x680 [ 1195.234775] ? kmem_cache_alloc_trace+0x151/0x320 [ 1195.235516] ? v9fs_show_options+0x690/0x690 [ 1195.236183] ? trace_hardirqs_on+0x5b/0x180 [ 1195.236840] ? kasan_unpoison_shadow+0x33/0x50 [ 1195.237531] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1195.238307] v9fs_mount+0x79/0x8f0 [ 1195.238844] ? v9fs_write_inode+0x60/0x60 [ 1195.239477] legacy_get_tree+0x105/0x220 [ 1195.240091] vfs_get_tree+0x8e/0x300 [ 1195.240637] path_mount+0x1429/0x2120 [ 1195.241216] ? strncpy_from_user+0x9e/0x470 [ 1195.241849] ? finish_automount+0xa90/0xa90 [ 1195.242502] ? getname_flags.part.0+0x1dd/0x4f0 [ 1195.243198] ? _copy_from_user+0xfb/0x1b0 [ 1195.243831] __x64_sys_mount+0x282/0x300 [ 1195.244419] ? copy_mnt_ns+0xa00/0xa00 [ 1195.245003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1195.245782] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1195.246546] do_syscall_64+0x33/0x40 [ 1195.247113] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1195.247876] RIP: 0033:0x7f0b176ffb19 [ 1195.248426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1195.251083] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1195.252204] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1195.253242] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1195.254281] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1195.255318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1195.256349] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:52:34 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x80, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_config_ext, 0x0, 0x0, 0x2, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100), 0x400400, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) fcntl$dupfd(r1, 0x0, r2) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r0}}) 04:52:49 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x8000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:52:49 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:52:49 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:49 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 04:52:49 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40087602, &(0x7f0000000100)=0xee) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:52:49 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:49 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 6) [ 1209.895908] FAULT_INJECTION: forcing a failure. [ 1209.895908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1209.898159] CPU: 1 PID: 14454 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1209.899477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1209.901071] Call Trace: [ 1209.901592] dump_stack+0x107/0x167 [ 1209.902293] should_fail.cold+0x5/0xa [ 1209.903035] _copy_from_user+0x2e/0x1b0 [ 1209.903827] copy_mount_options+0x76/0x180 [ 1209.904627] __x64_sys_mount+0x1a8/0x300 [ 1209.905407] ? copy_mnt_ns+0xa00/0xa00 [ 1209.906156] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1209.906928] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1209.907931] do_syscall_64+0x33/0x40 [ 1209.908647] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1209.909629] RIP: 0033:0x7f0d74438b19 [ 1209.910353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1209.913821] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1209.915290] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1209.916649] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1209.918013] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1209.919359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1209.920733] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1209.936019] FAULT_INJECTION: forcing a failure. [ 1209.936019] name failslab, interval 1, probability 0, space 0, times 0 [ 1209.938145] CPU: 1 PID: 14463 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1209.939470] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1209.941020] Call Trace: [ 1209.941520] dump_stack+0x107/0x167 [ 1209.942207] should_fail.cold+0x5/0xa [ 1209.942923] ? create_object.isra.0+0x3a/0xa20 [ 1209.943789] should_failslab+0x5/0x20 [ 1209.944513] kmem_cache_alloc+0x5b/0x310 [ 1209.945289] create_object.isra.0+0x3a/0xa20 [ 1209.946112] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1209.947065] kmem_cache_alloc+0x159/0x310 [ 1209.947873] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1209.948825] p9_client_rpc+0x220/0x1370 [ 1209.949456] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1209.950455] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1209.951476] ? pipe_poll+0x21b/0x7f0 [ 1209.952180] ? p9_fd_close+0x4a0/0x4a0 [ 1209.952918] ? anon_pipe_buf_release+0x280/0x280 [ 1209.953801] ? p9_fd_poll+0x1e0/0x2c0 [ 1209.954522] ? p9_fd_create+0x357/0x4a0 [ 1209.955270] ? p9_conn_create+0x510/0x510 [ 1209.956054] ? p9_client_create+0x798/0x11c0 [ 1209.956889] ? kfree+0xd7/0x340 [ 1209.957372] ? do_raw_spin_unlock+0x4f/0x220 [ 1209.958202] p9_client_create+0xa76/0x11c0 [ 1209.959018] ? p9_client_flush+0x430/0x430 [ 1209.959822] ? trace_hardirqs_on+0x5b/0x180 [ 1209.960622] ? lockdep_init_map_type+0x2c7/0x780 [ 1209.961508] ? __raw_spin_lock_init+0x36/0x110 [ 1209.962370] v9fs_session_init+0x1dd/0x1680 [ 1209.963166] ? lock_release+0x680/0x680 [ 1209.963919] ? kmem_cache_alloc_trace+0x151/0x320 [ 1209.964629] ? v9fs_show_options+0x690/0x690 [ 1209.965471] ? trace_hardirqs_on+0x5b/0x180 [ 1209.966286] ? kasan_unpoison_shadow+0x33/0x50 [ 1209.967136] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1209.968098] v9fs_mount+0x79/0x8f0 [ 1209.968757] ? v9fs_write_inode+0x60/0x60 [ 1209.969533] legacy_get_tree+0x105/0x220 [ 1209.970291] vfs_get_tree+0x8e/0x300 [ 1209.970986] path_mount+0x1429/0x2120 [ 1209.971714] ? strncpy_from_user+0x9e/0x470 [ 1209.972523] ? finish_automount+0xa90/0xa90 [ 1209.973163] ? getname_flags.part.0+0x1dd/0x4f0 [ 1209.974028] ? _copy_from_user+0xfb/0x1b0 [ 1209.974806] __x64_sys_mount+0x282/0x300 [ 1209.975578] ? copy_mnt_ns+0xa00/0xa00 [ 1209.976298] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1209.977287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1209.978236] do_syscall_64+0x33/0x40 [ 1209.978942] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1209.979913] RIP: 0033:0x7f0b176ffb19 [ 1209.980607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1209.984002] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1209.985392] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1209.986693] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1209.988026] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1209.989334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1209.990639] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:52:49 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:52:49 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:52:49 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c8d59ae2e1b5200"]) 04:52:49 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 7) 04:52:49 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:52:49 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1210.143526] FAULT_INJECTION: forcing a failure. [ 1210.143526] name failslab, interval 1, probability 0, space 0, times 0 [ 1210.145257] CPU: 1 PID: 14481 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1210.146282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1210.147500] Call Trace: [ 1210.147903] dump_stack+0x107/0x167 [ 1210.148441] should_fail.cold+0x5/0xa [ 1210.149007] ? getname_flags.part.0+0x50/0x4f0 [ 1210.149690] should_failslab+0x5/0x20 [ 1210.150268] kmem_cache_alloc+0x5b/0x310 [ 1210.150883] getname_flags.part.0+0x50/0x4f0 [ 1210.151547] ? _copy_from_user+0xfb/0x1b0 [ 1210.152165] user_path_at_empty+0xa1/0x100 [ 1210.152792] __x64_sys_mount+0x1e9/0x300 [ 1210.153399] ? copy_mnt_ns+0xa00/0xa00 [ 1210.153984] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1210.154003] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1210.154029] do_syscall_64+0x33/0x40 [ 1210.155207] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1210.155221] RIP: 0033:0x7f0d74438b19 [ 1210.155239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1210.155254] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 [ 1210.156287] ORIG_RAX: 00000000000000a5 [ 1210.156299] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1210.156315] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1210.162678] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1210.163739] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1210.164807] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:53:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:03 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x9000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:53:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) 04:53:03 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:53:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:03 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 8) 04:53:03 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df354"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:03 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000240)={'broute\x00', 0x0, 0x0, 0x0, [0xff, 0x10000, 0x7f, 0x10001, 0x0, 0x80]}, &(0x7f0000000100)=0x78) r5 = perf_event_open(0x0, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r5, 0x0) dup(r5) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) fcntl$dupfd(0xffffffffffffffff, 0x0, r4) [ 1224.024480] FAULT_INJECTION: forcing a failure. [ 1224.024480] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.025582] CPU: 1 PID: 14607 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1224.026139] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1224.026797] Call Trace: [ 1224.027011] dump_stack+0x107/0x167 [ 1224.027303] should_fail.cold+0x5/0xa [ 1224.027626] ? p9_fcall_init+0x97/0x290 [ 1224.027947] should_failslab+0x5/0x20 [ 1224.028255] __kmalloc+0x72/0x390 [ 1224.028537] p9_fcall_init+0x97/0x290 [ 1224.028851] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1224.029264] p9_client_rpc+0x220/0x1370 [ 1224.029587] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1224.030009] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1224.030561] ? pipe_poll+0x21b/0x7f0 [ 1224.030927] ? p9_fd_close+0x4a0/0x4a0 [ 1224.031239] ? anon_pipe_buf_release+0x280/0x280 [ 1224.031625] ? p9_fd_poll+0x1e0/0x2c0 [ 1224.031934] ? p9_fd_create+0x357/0x4a0 [ 1224.032252] ? p9_conn_create+0x510/0x510 [ 1224.032685] ? p9_client_create+0x798/0x11c0 [ 1224.033116] ? kfree+0xd7/0x340 [ 1224.033396] ? do_raw_spin_unlock+0x4f/0x220 [ 1224.033823] p9_client_create+0xa76/0x11c0 [ 1224.034164] ? p9_client_flush+0x430/0x430 [ 1224.034505] ? trace_hardirqs_on+0x5b/0x180 [ 1224.034858] ? lockdep_init_map_type+0x2c7/0x780 [ 1224.035245] ? __raw_spin_lock_init+0x36/0x110 [ 1224.035619] v9fs_session_init+0x1dd/0x1680 [ 1224.035967] ? lock_release+0x680/0x680 [ 1224.036291] ? kmem_cache_alloc_trace+0x151/0x320 [ 1224.036673] ? v9fs_show_options+0x690/0x690 [ 1224.037027] ? trace_hardirqs_on+0x5b/0x180 [ 1224.037373] ? kasan_unpoison_shadow+0x33/0x50 [ 1224.037738] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1224.038148] v9fs_mount+0x79/0x8f0 [ 1224.038437] ? v9fs_write_inode+0x60/0x60 [ 1224.038772] legacy_get_tree+0x105/0x220 [ 1224.039100] vfs_get_tree+0x8e/0x300 [ 1224.039396] path_mount+0x1429/0x2120 [ 1224.039709] ? strncpy_from_user+0x9e/0x470 [ 1224.040054] ? finish_automount+0xa90/0xa90 [ 1224.040398] ? getname_flags.part.0+0x1dd/0x4f0 [ 1224.040768] ? _copy_from_user+0xfb/0x1b0 [ 1224.041104] __x64_sys_mount+0x282/0x300 [ 1224.041429] ? copy_mnt_ns+0xa00/0xa00 [ 1224.041746] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1224.042162] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1224.042576] do_syscall_64+0x33/0x40 [ 1224.042884] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1224.043293] RIP: 0033:0x7f0b176ffb19 [ 1224.043598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1224.045055] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1224.045660] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1224.046226] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1224.046792] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1224.047359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1224.047934] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1224.051799] FAULT_INJECTION: forcing a failure. [ 1224.051799] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.053692] CPU: 0 PID: 14605 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1224.054773] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1224.056071] Call Trace: [ 1224.056486] dump_stack+0x107/0x167 [ 1224.057061] should_fail.cold+0x5/0xa [ 1224.057659] ? create_object.isra.0+0x3a/0xa20 [ 1224.058378] should_failslab+0x5/0x20 [ 1224.058976] kmem_cache_alloc+0x5b/0x310 [ 1224.059624] create_object.isra.0+0x3a/0xa20 [ 1224.060314] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1224.061111] kmem_cache_alloc+0x159/0x310 [ 1224.061770] getname_flags.part.0+0x50/0x4f0 [ 1224.062456] ? _copy_from_user+0xfb/0x1b0 04:53:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1224.063247] user_path_at_empty+0xa1/0x100 [ 1224.063936] __x64_sys_mount+0x1e9/0x300 [ 1224.064570] ? copy_mnt_ns+0xa00/0xa00 [ 1224.065184] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1224.065998] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1224.066801] do_syscall_64+0x33/0x40 [ 1224.067383] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1224.068186] RIP: 0033:0x7f0d74438b19 [ 1224.068766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1224.071614] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1224.072801] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1224.073909] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1224.075013] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1224.076123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1224.077228] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:53:03 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) 04:53:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1224.133342] FAULT_INJECTION: forcing a failure. [ 1224.133342] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.134370] CPU: 1 PID: 14614 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1224.134927] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1224.135590] Call Trace: [ 1224.135811] dump_stack+0x107/0x167 [ 1224.136106] should_fail.cold+0x5/0xa [ 1224.136417] ? create_object.isra.0+0x3a/0xa20 [ 1224.136784] should_failslab+0x5/0x20 [ 1224.137090] kmem_cache_alloc+0x5b/0x310 [ 1224.137417] create_object.isra.0+0x3a/0xa20 [ 1224.137774] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1224.138183] __kmalloc+0x16e/0x390 [ 1224.138473] p9_fcall_init+0x97/0x290 [ 1224.138785] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1224.139204] p9_client_rpc+0x220/0x1370 [ 1224.139523] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1224.139957] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1224.140388] ? pipe_poll+0x21b/0x7f0 [ 1224.140686] ? p9_fd_close+0x4a0/0x4a0 [ 1224.141000] ? anon_pipe_buf_release+0x280/0x280 [ 1224.141383] ? p9_fd_poll+0x1e0/0x2c0 [ 1224.141693] ? p9_fd_create+0x357/0x4a0 [ 1224.142014] ? p9_conn_create+0x510/0x510 [ 1224.142348] ? p9_client_create+0x798/0x11c0 [ 1224.142700] ? kfree+0xd7/0x340 [ 1224.142969] ? do_raw_spin_unlock+0x4f/0x220 [ 1224.143324] p9_client_create+0xa76/0x11c0 [ 1224.143677] ? p9_client_flush+0x430/0x430 [ 1224.144018] ? trace_hardirqs_on+0x5b/0x180 [ 1224.144364] ? lockdep_init_map_type+0x2c7/0x780 [ 1224.144746] ? __raw_spin_lock_init+0x36/0x110 [ 1224.145120] v9fs_session_init+0x1dd/0x1680 [ 1224.145466] ? lock_release+0x680/0x680 [ 1224.145793] ? kmem_cache_alloc_trace+0x151/0x320 [ 1224.146177] ? v9fs_show_options+0x690/0x690 [ 1224.146534] ? trace_hardirqs_on+0x5b/0x180 [ 1224.146883] ? kasan_unpoison_shadow+0x33/0x50 [ 1224.147257] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1224.147675] v9fs_mount+0x79/0x8f0 [ 1224.147964] ? v9fs_write_inode+0x60/0x60 [ 1224.148299] legacy_get_tree+0x105/0x220 [ 1224.148624] vfs_get_tree+0x8e/0x300 [ 1224.148921] path_mount+0x1429/0x2120 [ 1224.149232] ? strncpy_from_user+0x9e/0x470 [ 1224.149575] ? finish_automount+0xa90/0xa90 [ 1224.149923] ? getname_flags.part.0+0x1dd/0x4f0 [ 1224.150296] ? _copy_from_user+0xfb/0x1b0 [ 1224.150633] __x64_sys_mount+0x282/0x300 [ 1224.150959] ? copy_mnt_ns+0xa00/0xa00 [ 1224.151278] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1224.151713] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1224.152127] do_syscall_64+0x33/0x40 [ 1224.152426] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1224.152836] RIP: 0033:0x7f0b176ffb19 [ 1224.153136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1224.154600] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1224.155214] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1224.155777] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1224.156349] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1224.156918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1224.157493] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:03 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) perf_event_open$cgroup(&(0x7f0000000280)={0x0, 0x80, 0x0, 0x81, 0x8, 0xf9, 0x0, 0x3a90000000000, 0x0, 0xc, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000240), 0x2}, 0x2, 0x881f, 0x80000000, 0x7, 0x9, 0x7, 0x40, 0x0, 0xfff, 0x0, 0x9}, 0xffffffffffffffff, 0xf, r0, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000100)={{0x1, 0x1, 0x18, r2}, './file1\x00'}) setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000180)=0xffffffffffffffff, 0x4) 04:53:03 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:03 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:15 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:15 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1236.620785] FAULT_INJECTION: forcing a failure. [ 1236.620785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1236.623013] CPU: 0 PID: 14737 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1236.624251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1236.625729] Call Trace: [ 1236.626222] dump_stack+0x107/0x167 [ 1236.626899] should_fail.cold+0x5/0xa [ 1236.627597] strncpy_from_user+0x34/0x470 [ 1236.628369] getname_flags.part.0+0x95/0x4f0 [ 1236.629157] ? _copy_from_user+0xfb/0x1b0 [ 1236.629888] user_path_at_empty+0xa1/0x100 [ 1236.630646] __x64_sys_mount+0x1e9/0x300 [ 1236.631376] ? copy_mnt_ns+0xa00/0xa00 [ 1236.632082] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.633027] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1236.633956] do_syscall_64+0x33/0x40 [ 1236.634799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1236.635706] RIP: 0033:0x7f0d74438b19 [ 1236.636361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1236.639541] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1236.640903] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1236.642162] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1236.643405] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 04:53:15 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xa000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:53:15 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 9) 04:53:15 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:53:15 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:15 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) 04:53:15 executing program 2: connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r0, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000280)) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}}) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0xffe3) connect$inet(r1, &(0x7f0000000240)={0x2, 0x4e23, @loopback}, 0x10) accept4$inet(r5, &(0x7f0000000100), &(0x7f0000000180)=0x10, 0x80000) [ 1236.643418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1236.643431] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1236.648018] FAULT_INJECTION: forcing a failure. [ 1236.648018] name failslab, interval 1, probability 0, space 0, times 0 [ 1236.649996] CPU: 0 PID: 14744 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1236.651236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1236.652663] Call Trace: [ 1236.653065] dump_stack+0x107/0x167 [ 1236.653621] should_fail.cold+0x5/0xa [ 1236.654175] ? p9_fcall_init+0x97/0x290 [ 1236.654763] should_failslab+0x5/0x20 [ 1236.655326] __kmalloc+0x72/0x390 [ 1236.655844] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1236.656590] p9_fcall_init+0x97/0x290 [ 1236.657150] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1236.657894] p9_client_rpc+0x220/0x1370 [ 1236.658480] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.659258] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1236.660053] ? pipe_poll+0x21b/0x7f0 [ 1236.660596] ? p9_fd_close+0x4a0/0x4a0 [ 1236.661167] ? anon_pipe_buf_release+0x280/0x280 [ 1236.661850] ? p9_fd_poll+0x1e0/0x2c0 [ 1236.662412] ? p9_fd_create+0x357/0x4a0 [ 1236.663000] ? p9_conn_create+0x510/0x510 [ 1236.663600] ? p9_client_create+0x798/0x11c0 [ 1236.664258] ? kfree+0xd7/0x340 [ 1236.664736] ? do_raw_spin_unlock+0x4f/0x220 [ 1236.665391] p9_client_create+0xa76/0x11c0 [ 1236.666020] ? p9_client_flush+0x430/0x430 [ 1236.666636] ? trace_hardirqs_on+0x5b/0x180 [ 1236.667270] ? lockdep_init_map_type+0x2c7/0x780 [ 1236.667980] ? __raw_spin_lock_init+0x36/0x110 [ 1236.668644] v9fs_session_init+0x1dd/0x1680 [ 1236.669284] ? lock_release+0x680/0x680 [ 1236.669870] ? kmem_cache_alloc_trace+0x151/0x320 [ 1236.670572] ? v9fs_show_options+0x690/0x690 [ 1236.671227] ? trace_hardirqs_on+0x5b/0x180 [ 1236.671871] ? kasan_unpoison_shadow+0x33/0x50 [ 1236.672544] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1236.673296] v9fs_mount+0x79/0x8f0 [ 1236.673823] ? v9fs_write_inode+0x60/0x60 [ 1236.674435] legacy_get_tree+0x105/0x220 [ 1236.675034] vfs_get_tree+0x8e/0x300 [ 1236.675574] path_mount+0x1429/0x2120 [ 1236.676142] ? strncpy_from_user+0x9e/0x470 [ 1236.676767] ? finish_automount+0xa90/0xa90 [ 1236.677400] ? getname_flags.part.0+0x1dd/0x4f0 [ 1236.678083] ? _copy_from_user+0xfb/0x1b0 [ 1236.678687] __x64_sys_mount+0x282/0x300 [ 1236.679287] ? copy_mnt_ns+0xa00/0xa00 [ 1236.679865] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.680628] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1236.681384] do_syscall_64+0x33/0x40 [ 1236.681932] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1236.682674] RIP: 0033:0x7f0b176ffb19 [ 1236.683223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1236.685883] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1236.686987] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1236.688030] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1236.689073] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1236.690098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1236.691129] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:15 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:15 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:15 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000100), 0x1}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x9) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) r3 = syz_open_dev$mouse(&(0x7f0000000180), 0x400, 0xe0580) openat2(r3, &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)={0x80602, 0x2c, 0x1}, 0x18) 04:53:15 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 10) 04:53:15 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:53:15 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) 04:53:15 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:15 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:16 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, 0x0, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1236.883484] FAULT_INJECTION: forcing a failure. [ 1236.883484] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1236.885275] CPU: 0 PID: 14768 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1236.886298] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1236.887527] Call Trace: [ 1236.887927] dump_stack+0x107/0x167 [ 1236.888464] should_fail.cold+0x5/0xa [ 1236.889050] strncpy_from_user+0x34/0x470 [ 1236.889674] getname_flags.part.0+0x95/0x4f0 [ 1236.890309] ? _copy_from_user+0xfb/0x1b0 [ 1236.890931] user_path_at_empty+0xa1/0x100 [ 1236.891564] __x64_sys_mount+0x1e9/0x300 [ 1236.892168] ? copy_mnt_ns+0xa00/0xa00 [ 1236.892749] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.893510] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1236.894293] do_syscall_64+0x33/0x40 [ 1236.894852] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1236.895598] RIP: 0033:0x7f0d74438b19 [ 1236.896160] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1236.898835] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1236.899970] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1236.901018] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1236.902051] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1236.903098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1236.904167] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1236.919416] FAULT_INJECTION: forcing a failure. [ 1236.919416] name failslab, interval 1, probability 0, space 0, times 0 [ 1236.921158] CPU: 0 PID: 14772 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1236.922164] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1236.923376] Call Trace: [ 1236.923768] dump_stack+0x107/0x167 [ 1236.924306] should_fail.cold+0x5/0xa [ 1236.924879] ? create_object.isra.0+0x3a/0xa20 [ 1236.925548] should_failslab+0x5/0x20 [ 1236.926124] kmem_cache_alloc+0x5b/0x310 [ 1236.926721] create_object.isra.0+0x3a/0xa20 [ 1236.927369] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1236.928114] __kmalloc+0x16e/0x390 [ 1236.928639] p9_fcall_init+0x97/0x290 [ 1236.929200] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1236.929947] p9_client_rpc+0x220/0x1370 [ 1236.930524] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.931293] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1236.932082] ? pipe_poll+0x21b/0x7f0 [ 1236.932625] ? p9_fd_close+0x4a0/0x4a0 [ 1236.933192] ? anon_pipe_buf_release+0x280/0x280 [ 1236.933888] ? p9_fd_poll+0x1e0/0x2c0 [ 1236.934455] ? p9_fd_create+0x357/0x4a0 [ 1236.935037] ? p9_conn_create+0x510/0x510 [ 1236.935637] ? p9_client_create+0x798/0x11c0 [ 1236.936277] ? kfree+0xd7/0x340 [ 1236.936763] ? do_raw_spin_unlock+0x4f/0x220 [ 1236.937433] p9_client_create+0xa76/0x11c0 [ 1236.938062] ? p9_client_flush+0x430/0x430 [ 1236.938682] ? trace_hardirqs_on+0x5b/0x180 [ 1236.939311] ? lockdep_init_map_type+0x2c7/0x780 [ 1236.940018] ? __raw_spin_lock_init+0x36/0x110 [ 1236.940691] v9fs_session_init+0x1dd/0x1680 [ 1236.941316] ? lock_release+0x680/0x680 04:53:16 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1236.942033] ? kmem_cache_alloc_trace+0x151/0x320 [ 1236.942757] ? v9fs_show_options+0x690/0x690 [ 1236.943409] ? trace_hardirqs_on+0x5b/0x180 [ 1236.944057] ? kasan_unpoison_shadow+0x33/0x50 [ 1236.944728] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1236.945472] v9fs_mount+0x79/0x8f0 [ 1236.946001] ? v9fs_write_inode+0x60/0x60 [ 1236.946605] legacy_get_tree+0x105/0x220 [ 1236.947198] vfs_get_tree+0x8e/0x300 [ 1236.947746] path_mount+0x1429/0x2120 [ 1236.948307] ? strncpy_from_user+0x9e/0x470 [ 1236.948933] ? finish_automount+0xa90/0xa90 [ 1236.949563] ? getname_flags.part.0+0x1dd/0x4f0 [ 1236.950239] ? _copy_from_user+0xfb/0x1b0 [ 1236.950848] __x64_sys_mount+0x282/0x300 [ 1236.951435] ? copy_mnt_ns+0xa00/0xa00 [ 1236.952017] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1236.952779] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1236.953531] do_syscall_64+0x33/0x40 [ 1236.954071] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1236.954809] RIP: 0033:0x7f0b176ffb19 [ 1236.955352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1236.958005] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1236.959101] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1236.960138] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1236.961164] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1236.962196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1236.963222] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:29 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) 04:53:29 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xb000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:53:29 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 11) 04:53:29 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x80, 0x0, 0xfffd}, 0x0, 0x0, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) openat$cgroup_pressure(r2, &(0x7f0000000440)='memory.pressure\x00', 0x2, 0x0) r3 = syz_open_dev$sg(&(0x7f0000000480), 0x5, 0x1) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000180), &(0x7f00000003c0)='./file0\x00', 0x8, 0x7) getsockopt$WPAN_WANTLQI(r2, 0x0, 0x3, &(0x7f0000000100), &(0x7f0000000180)=0x4) r4 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SG_GET_REQUEST_TABLE(r0, 0x2286, &(0x7f0000000240)) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000040)) ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f00000004c0)) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="2c7766646e6f3df3355eedf0a356bfaeb86a26c20c3fd5c03c1c5c365b6646628644b10dffc5fee2c5f8f2598a992dba467176d10e7139da59ac35e57f241cf9b51403defb72d7b066a7a3547d88e9f9b5558eceec0ab234347bc1cb0562a8ad50d72f1453d35d7671427901b23d3dc530e83828e447060000009afd9d37365c06a365248c7a07787a323a0a1998c36324653c5d38415a69183c66b38421eac383d54ebae0cef6fe3250229ab8e92065d9d6913e16f4a6520582739a040079", @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:53:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:29 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:29 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1250.412961] FAULT_INJECTION: forcing a failure. [ 1250.412961] name failslab, interval 1, probability 0, space 0, times 0 [ 1250.414121] CPU: 0 PID: 14788 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1250.414734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1250.415471] Call Trace: [ 1250.415710] dump_stack+0x107/0x167 [ 1250.416045] should_fail.cold+0x5/0xa [ 1250.416385] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1250.416901] should_failslab+0x5/0x20 [ 1250.417239] kmem_cache_alloc+0x5b/0x310 [ 1250.417606] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1250.418097] idr_get_free+0x4b5/0x8f0 [ 1250.418448] idr_alloc_u32+0x170/0x2d0 [ 1250.418797] ? __fprop_inc_percpu_max+0x130/0x130 [ 1250.419229] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1250.419700] ? lock_release+0x680/0x680 [ 1250.420060] idr_alloc+0xc2/0x130 [ 1250.420368] ? idr_alloc_u32+0x2d0/0x2d0 [ 1250.420729] ? rwlock_bug.part.0+0x90/0x90 [ 1250.421115] p9_client_prepare_req.part.0+0x612/0xac0 [ 1250.421570] p9_client_rpc+0x220/0x1370 [ 1250.421924] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1250.422392] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1250.422861] ? pipe_poll+0x21b/0x7f0 [ 1250.423194] ? p9_fd_close+0x4a0/0x4a0 [ 1250.423542] ? anon_pipe_buf_release+0x280/0x280 [ 1250.423965] ? p9_fd_poll+0x1e0/0x2c0 [ 1250.424306] ? p9_fd_create+0x357/0x4a0 [ 1250.424657] ? p9_conn_create+0x510/0x510 [ 1250.425025] ? p9_client_create+0x798/0x11c0 [ 1250.425412] ? kfree+0xd7/0x340 [ 1250.425712] ? do_raw_spin_unlock+0x4f/0x220 [ 1250.426110] p9_client_create+0xa76/0x11c0 [ 1250.426487] ? p9_client_flush+0x430/0x430 [ 1250.426868] ? trace_hardirqs_on+0x5b/0x180 [ 1250.427250] ? lockdep_init_map_type+0x2c7/0x780 [ 1250.427668] ? __raw_spin_lock_init+0x36/0x110 [ 1250.428086] v9fs_session_init+0x1dd/0x1680 [ 1250.428473] ? lock_release+0x680/0x680 [ 1250.428831] ? kmem_cache_alloc_trace+0x151/0x320 [ 1250.429256] ? v9fs_show_options+0x690/0x690 [ 1250.429654] ? trace_hardirqs_on+0x5b/0x180 [ 1250.430039] ? kasan_unpoison_shadow+0x33/0x50 [ 1250.430446] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1250.430904] v9fs_mount+0x79/0x8f0 [ 1250.431224] ? v9fs_write_inode+0x60/0x60 [ 1250.431602] legacy_get_tree+0x105/0x220 [ 1250.431964] vfs_get_tree+0x8e/0x300 [ 1250.432295] path_mount+0x1429/0x2120 [ 1250.432633] ? strncpy_from_user+0x9e/0x470 [ 1250.433017] ? finish_automount+0xa90/0xa90 [ 1250.433398] ? getname_flags.part.0+0x1dd/0x4f0 [ 1250.433812] ? _copy_from_user+0xfb/0x1b0 [ 1250.434186] __x64_sys_mount+0x282/0x300 [ 1250.434539] ? copy_mnt_ns+0xa00/0xa00 [ 1250.434882] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1250.435333] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1250.435782] do_syscall_64+0x33/0x40 [ 1250.436122] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1250.436566] RIP: 0033:0x7f0b176ffb19 [ 1250.436893] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1250.438478] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1250.439170] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1250.439785] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1250.440403] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1250.441020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1250.441666] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1250.448510] FAULT_INJECTION: forcing a failure. [ 1250.448510] name failslab, interval 1, probability 0, space 0, times 0 [ 1250.450219] CPU: 1 PID: 14787 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1250.451204] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1250.452383] Call Trace: [ 1250.452777] dump_stack+0x107/0x167 [ 1250.453305] should_fail.cold+0x5/0xa [ 1250.453859] ? create_object.isra.0+0x3a/0xa20 [ 1250.454509] should_failslab+0x5/0x20 [ 1250.455048] kmem_cache_alloc+0x5b/0x310 [ 1250.455621] create_object.isra.0+0x3a/0xa20 [ 1250.456266] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1250.456995] kmem_cache_alloc_trace+0x151/0x320 [ 1250.457672] alloc_fs_context+0x57/0x840 [ 1250.458262] path_mount+0xaa3/0x2120 [ 1250.458786] ? strncpy_from_user+0x9e/0x470 [ 1250.459396] ? finish_automount+0xa90/0xa90 [ 1250.460013] ? getname_flags.part.0+0x1dd/0x4f0 [ 1250.460674] ? _copy_from_user+0xfb/0x1b0 [ 1250.461261] __x64_sys_mount+0x282/0x300 [ 1250.461830] ? copy_mnt_ns+0xa00/0xa00 [ 1250.462394] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1250.463134] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1250.463891] do_syscall_64+0x33/0x40 [ 1250.464418] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1250.465159] RIP: 0033:0x7f0d74438b19 [ 1250.465685] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1250.468312] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1250.469383] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1250.470385] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1250.471380] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1250.472390] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1250.473387] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:53:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) fcntl$getownex(r1, 0x10, &(0x7f0000000640)={0x0, 0x0}) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000680)={'\x00', 0x3f, 0x2a, 0x7, 0xfffffffffffffffa, 0x2, r2}) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) r6 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) recvmmsg(r6, &(0x7f00000005c0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000340)=""/173, 0xad}, {&(0x7f0000000440)=""/207, 0xcf}], 0x2, &(0x7f0000000540)=""/112, 0x70}, 0x7}], 0x1, 0x40002021, &(0x7f0000000600)={0x77359400}) sendto$inet(r4, &(0x7f0000000240)="81782d626481cd8f57e61a30fe5cb930bff3809b22b2b31418bf9f71c28b0c55ff711b656f63e0e5983f67d95f8d0016f15a6abf532933aa880ce569b59be04801b68df1a762cc1828b94f2c93999a870ee8cb68eb71431e6d588a317e6c30968deb7d577d896d219204c5c2c568b0a26f576c45e64dc1f5f308369f52ab59405bcac22cea8aa3aee0bc3a77a69863da284ce31adafeb2a1f09b80ad2447080ce666687c6274f0fc45cb50c1e86897e4f6533493fcf49beb2e15534c3df65aa7426ab9fd07da845d0e561166475f5acc2fbc5dacda9ee1edc456", 0xda, 0x40000, &(0x7f0000000100)={0x2, 0x4e23, @multicast2}, 0x10) sendfile(r1, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) 04:53:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:29 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:29 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) 04:53:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1250.650456] FAULT_INJECTION: forcing a failure. [ 1250.650456] name failslab, interval 1, probability 0, space 0, times 0 [ 1250.652101] CPU: 1 PID: 14809 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1250.653064] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1250.654225] Call Trace: [ 1250.654601] dump_stack+0x107/0x167 [ 1250.655116] should_fail.cold+0x5/0xa [ 1250.655670] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1250.656492] should_failslab+0x5/0x20 [ 1250.657023] kmem_cache_alloc+0x5b/0x310 [ 1250.657608] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1250.658397] idr_get_free+0x4b5/0x8f0 [ 1250.658950] idr_alloc_u32+0x170/0x2d0 [ 1250.659509] ? __fprop_inc_percpu_max+0x130/0x130 [ 1250.660242] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1250.661004] ? lock_release+0x680/0x680 [ 1250.661596] idr_alloc+0xc2/0x130 [ 1250.662102] ? idr_alloc_u32+0x2d0/0x2d0 [ 1250.662684] ? rwlock_bug.part.0+0x90/0x90 [ 1250.663301] p9_client_prepare_req.part.0+0x612/0xac0 [ 1250.664068] p9_client_rpc+0x220/0x1370 [ 1250.664663] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1250.665412] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1250.666205] ? pipe_poll+0x21b/0x7f0 [ 1250.666725] ? p9_fd_close+0x4a0/0x4a0 [ 1250.667291] ? anon_pipe_buf_release+0x280/0x280 [ 1250.667976] ? p9_fd_poll+0x1e0/0x2c0 [ 1250.668537] ? p9_fd_create+0x357/0x4a0 [ 1250.669098] ? p9_conn_create+0x510/0x510 [ 1250.669698] ? p9_client_create+0x798/0x11c0 [ 1250.670320] ? kfree+0xd7/0x340 [ 1250.670802] ? do_raw_spin_unlock+0x4f/0x220 [ 1250.671436] p9_client_create+0xa76/0x11c0 [ 1250.672064] ? p9_client_flush+0x430/0x430 [ 1250.672669] ? trace_hardirqs_on+0x5b/0x180 [ 1250.673300] ? lockdep_init_map_type+0x2c7/0x780 [ 1250.673971] ? __raw_spin_lock_init+0x36/0x110 [ 1250.674641] v9fs_session_init+0x1dd/0x1680 [ 1250.675255] ? lock_release+0x680/0x680 [ 1250.675854] ? kmem_cache_alloc_trace+0x151/0x320 [ 1250.676542] ? v9fs_show_options+0x690/0x690 [ 1250.677201] ? trace_hardirqs_on+0x5b/0x180 [ 1250.677815] ? kasan_unpoison_shadow+0x33/0x50 [ 1250.678487] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1250.679219] v9fs_mount+0x79/0x8f0 [ 1250.679744] ? v9fs_write_inode+0x60/0x60 [ 1250.680343] legacy_get_tree+0x105/0x220 [ 1250.680939] vfs_get_tree+0x8e/0x300 [ 1250.681468] path_mount+0x1429/0x2120 [ 1250.682031] ? strncpy_from_user+0x9e/0x470 [ 1250.682642] ? finish_automount+0xa90/0xa90 [ 1250.683277] ? getname_flags.part.0+0x1dd/0x4f0 [ 1250.683947] ? _copy_from_user+0xfb/0x1b0 [ 1250.684560] __x64_sys_mount+0x282/0x300 [ 1250.685136] ? copy_mnt_ns+0xa00/0xa00 [ 1250.685708] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1250.686450] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1250.687199] do_syscall_64+0x33/0x40 [ 1250.687725] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1250.688475] RIP: 0033:0x7f0b176ffb19 [ 1250.689007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1250.691641] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1250.692722] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1250.693714] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1250.694712] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1250.695714] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1250.696718] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:44 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:53:44 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 12) 04:53:44 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:44 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) 04:53:44 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x10000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:53:44 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0xffe3) r5 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x436001, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0xffe3) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r3, 0xc0189375, &(0x7f0000000280)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r3, @ANYBLOB="0000000000307c45c73c6f0000002e2f66696c653100"]) poll(&(0x7f0000000240)=[{0xffffffffffffffff, 0x1}, {r0, 0x102}, {r5, 0xa222}, {r6, 0x8000}, {r7, 0x4028}, {r9, 0x200}], 0x6, 0x8) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2cde"]) [ 1265.294192] FAULT_INJECTION: forcing a failure. [ 1265.294192] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.295697] CPU: 1 PID: 14931 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1265.296589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1265.297643] Call Trace: [ 1265.297991] dump_stack+0x107/0x167 [ 1265.298458] should_fail.cold+0x5/0xa [ 1265.298967] ? legacy_init_fs_context+0x44/0xe0 [ 1265.299587] should_failslab+0x5/0x20 [ 1265.300108] kmem_cache_alloc_trace+0x55/0x320 [ 1265.300699] ? lockdep_init_map_type+0x2c7/0x780 [ 1265.301314] legacy_init_fs_context+0x44/0xe0 [ 1265.301909] ? generic_parse_monolithic+0x1f0/0x1f0 [ 1265.302554] alloc_fs_context+0x4fd/0x840 [ 1265.303094] path_mount+0xaa3/0x2120 [ 1265.303583] ? strncpy_from_user+0x9e/0x470 [ 1265.304149] ? finish_automount+0xa90/0xa90 [ 1265.304703] ? getname_flags.part.0+0x1dd/0x4f0 [ 1265.305306] ? _copy_from_user+0xfb/0x1b0 [ 1265.305852] __x64_sys_mount+0x282/0x300 [ 1265.306388] ? copy_mnt_ns+0xa00/0xa00 [ 1265.306895] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.307570] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1265.308271] do_syscall_64+0x33/0x40 [ 1265.308766] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1265.309454] RIP: 0033:0x7f0d74438b19 [ 1265.309945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1265.311613] FAULT_INJECTION: forcing a failure. [ 1265.311613] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.312247] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1265.314806] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1265.315724] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1265.316653] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1265.317565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1265.318476] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1265.319421] CPU: 0 PID: 14935 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1265.320474] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1265.321718] Call Trace: [ 1265.322124] dump_stack+0x107/0x167 [ 1265.322691] should_fail.cold+0x5/0xa [ 1265.323270] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1265.324142] should_failslab+0x5/0x20 [ 1265.324719] kmem_cache_alloc+0x5b/0x310 [ 1265.325336] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1265.326183] idr_get_free+0x4b5/0x8f0 [ 1265.326765] idr_alloc_u32+0x170/0x2d0 [ 1265.327363] ? __fprop_inc_percpu_max+0x130/0x130 [ 1265.328102] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1265.328903] ? lock_release+0x680/0x680 [ 1265.329511] idr_alloc+0xc2/0x130 [ 1265.330033] ? idr_alloc_u32+0x2d0/0x2d0 [ 1265.330631] ? rwlock_bug.part.0+0x90/0x90 [ 1265.331286] p9_client_prepare_req.part.0+0x612/0xac0 [ 1265.332051] p9_client_rpc+0x220/0x1370 [ 1265.332645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.333444] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1265.334241] ? pipe_poll+0x21b/0x7f0 [ 1265.334798] ? p9_fd_close+0x4a0/0x4a0 [ 1265.335386] ? anon_pipe_buf_release+0x280/0x280 [ 1265.336129] ? p9_fd_poll+0x1e0/0x2c0 [ 1265.336704] ? p9_fd_create+0x357/0x4a0 [ 1265.337303] ? p9_conn_create+0x510/0x510 [ 1265.337927] ? p9_client_create+0x798/0x11c0 [ 1265.338573] ? kfree+0xd7/0x340 [ 1265.339085] ? do_raw_spin_unlock+0x4f/0x220 [ 1265.339752] p9_client_create+0xa76/0x11c0 [ 1265.340397] ? p9_client_flush+0x430/0x430 [ 1265.341044] ? trace_hardirqs_on+0x5b/0x180 [ 1265.341689] ? lockdep_init_map_type+0x2c7/0x780 [ 1265.342415] ? __raw_spin_lock_init+0x36/0x110 [ 1265.343103] v9fs_session_init+0x1dd/0x1680 [ 1265.343755] ? lock_release+0x680/0x680 [ 1265.344380] ? kmem_cache_alloc_trace+0x151/0x320 [ 1265.345084] ? v9fs_show_options+0x690/0x690 [ 1265.345766] ? trace_hardirqs_on+0x5b/0x180 [ 1265.346423] ? kasan_unpoison_shadow+0x33/0x50 [ 1265.347118] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1265.347882] v9fs_mount+0x79/0x8f0 [ 1265.348438] ? v9fs_write_inode+0x60/0x60 [ 1265.349068] legacy_get_tree+0x105/0x220 [ 1265.349794] vfs_get_tree+0x8e/0x300 [ 1265.350361] path_mount+0x1429/0x2120 [ 1265.350927] ? strncpy_from_user+0x9e/0x470 [ 1265.351567] ? finish_automount+0xa90/0xa90 [ 1265.352227] ? getname_flags.part.0+0x1dd/0x4f0 [ 1265.352929] ? _copy_from_user+0xfb/0x1b0 [ 1265.353568] __x64_sys_mount+0x282/0x300 [ 1265.354183] ? copy_mnt_ns+0xa00/0xa00 [ 1265.354763] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.355531] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1265.356298] do_syscall_64+0x33/0x40 [ 1265.356869] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1265.357615] RIP: 0033:0x7f0b176ffb19 [ 1265.358150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1265.360803] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1265.361917] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1265.362951] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1265.363982] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1265.365024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1265.366055] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:44 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 13) 04:53:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1265.493566] FAULT_INJECTION: forcing a failure. [ 1265.493566] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.495303] CPU: 1 PID: 14943 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1265.496284] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1265.497427] Call Trace: [ 1265.497814] dump_stack+0x107/0x167 [ 1265.498337] should_fail.cold+0x5/0xa [ 1265.498877] ? create_object.isra.0+0x3a/0xa20 [ 1265.499522] should_failslab+0x5/0x20 [ 1265.500073] kmem_cache_alloc+0x5b/0x310 [ 1265.500652] create_object.isra.0+0x3a/0xa20 [ 1265.501279] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1265.502002] kmem_cache_alloc_trace+0x151/0x320 [ 1265.502663] ? lockdep_init_map_type+0x2c7/0x780 [ 1265.503367] legacy_init_fs_context+0x44/0xe0 [ 1265.504000] ? generic_parse_monolithic+0x1f0/0x1f0 [ 1265.504720] alloc_fs_context+0x4fd/0x840 [ 1265.505313] path_mount+0xaa3/0x2120 [ 1265.505846] ? strncpy_from_user+0x9e/0x470 [ 1265.506460] ? finish_automount+0xa90/0xa90 [ 1265.507073] ? getname_flags.part.0+0x1dd/0x4f0 [ 1265.507735] ? _copy_from_user+0xfb/0x1b0 [ 1265.508339] __x64_sys_mount+0x282/0x300 [ 1265.508913] ? copy_mnt_ns+0xa00/0xa00 [ 1265.509472] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.510239] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1265.510965] do_syscall_64+0x33/0x40 [ 1265.511495] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1265.512224] RIP: 0033:0x7f0d74438b19 [ 1265.512752] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1265.515320] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1265.516405] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1265.517408] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1265.518399] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1265.519402] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1265.520411] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:53:44 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0xb6, 0x501800) r0 = perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x2, 0xff, 0x7, 0x3, 0x0, 0x7, 0x46000, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x2, 0x4, @perf_bp={&(0x7f0000000100), 0xb}, 0x4208, 0x100000001, 0xffff, 0x0, 0x800, 0x2, 0x6, 0x0, 0x40bd, 0x0, 0xcb}, 0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x8) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f0000000180)={0x2, 0x4e24, @loopback}, 0x10, &(0x7f0000000340)=[{&(0x7f00000002c0)="ae4d1baf54b2c64369f36184065a014b80fce293e24a60a95105de4aeb00b6a648fb7bb744456be928d633a0594449da6ece121e0c72b58f8fd73147804175fa203934f514101f6ed8c61d64161164525409518a5aba662839ce21a0a74d8b8aa260a7e50ee16fb3833922c44c30215b75ee3c4eea8c3ba38d12cdea", 0x7c}], 0x1, &(0x7f0000000380)=[@ip_ttl={{0x14, 0x0, 0x2, 0xf2}}, @ip_ttl={{0x14, 0x0, 0x2, 0x40}}, @ip_tos_u8={{0x11, 0x0, 0x1, 0x18}}], 0x48}}], 0x1, 0x4800) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="7472642c726666856f3d0000000000000000e6000000000000", @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB=',\x00']) 04:53:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:44 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:53:44 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:44 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:44 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000004}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r1, 0xf502, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}}) r5 = dup3(r2, r0, 0x80000) ioctl$RNDADDENTROPY(r5, 0x40085203, &(0x7f00000007c0)={0x970b, 0x4a, "6748699b025ff0d3aac70e19d22220a99c51935eca343cea0dabf73da6e740e00dad464d2600beb583aaeb359181f0859950880b2746607715c58c8990e4ff5cce67fe24f4221be8e7fc"}) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$EXT4_IOC_MOVE_EXT(r2, 0xc028660f, &(0x7f0000000780)={0x0, r7, 0x9, 0x8, 0x6, 0xffff}) preadv(0xffffffffffffffff, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/45, 0x2d}, {&(0x7f0000000580)=""/141, 0x8d}, {&(0x7f0000000640)=""/201, 0xc9}], 0x3, 0x556f, 0x7ff) ioctl$SG_IO(r7, 0x2285, &(0x7f0000000500)={0x53, 0xfffffffffffffffe, 0xf3, 0x9, @buffer={0x0, 0x6b, &(0x7f0000000240)=""/107}, &(0x7f00000002c0)="22c6c0f116366e23bc2f011c4be5dfb30c8ab8ecc960b35272a0291a51fee253816db93762af0878442fee36c8c3f5cfd270c5e9fe3a0ca41cfaa81e4fff956777bf49028f77ff3575cf25d7772f857fad8fb1b596d9f47b64500aee9b6672fe650c97056aa335c2df6cbc0459953e0d7a1b9f6bd3c11367b0caa482458e65ef96ec33dfbd01071bcd84691fa295b766077011b8d06520f3bd026d607cbb77242f6187803b16032943e20addc4c743ce2738953fcbe5edd2a310c86c99a6502d5ca3ef7f959aa72f726568cb18097c5809dad6cd29eabf267a76ebc1fd9f64fc52c9e055ae5066a59d98a48971e3c945be0647", &(0x7f0000000440)=""/185, 0x8000, 0x0, 0x3, &(0x7f0000000100)}) 04:53:44 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) 04:53:44 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1265.816683] FAULT_INJECTION: forcing a failure. [ 1265.816683] name failslab, interval 1, probability 0, space 0, times 0 [ 1265.818334] CPU: 1 PID: 14961 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1265.819321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1265.820508] Call Trace: [ 1265.820901] dump_stack+0x107/0x167 [ 1265.821437] should_fail.cold+0x5/0xa [ 1265.821985] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1265.822789] should_failslab+0x5/0x20 [ 1265.823321] kmem_cache_alloc+0x5b/0x310 [ 1265.823910] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1265.824708] idr_get_free+0x4b5/0x8f0 [ 1265.825266] idr_alloc_u32+0x170/0x2d0 [ 1265.825835] ? __fprop_inc_percpu_max+0x130/0x130 [ 1265.826557] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1265.827327] ? lock_release+0x680/0x680 [ 1265.827895] idr_alloc+0xc2/0x130 [ 1265.828408] ? idr_alloc_u32+0x2d0/0x2d0 [ 1265.828979] ? rwlock_bug.part.0+0x90/0x90 [ 1265.829596] p9_client_prepare_req.part.0+0x612/0xac0 [ 1265.830348] p9_client_rpc+0x220/0x1370 [ 1265.830927] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.831683] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1265.832452] ? pipe_poll+0x21b/0x7f0 [ 1265.833006] ? p9_fd_close+0x4a0/0x4a0 [ 1265.833574] ? anon_pipe_buf_release+0x280/0x280 [ 1265.834254] ? p9_fd_poll+0x1e0/0x2c0 [ 1265.834804] ? p9_fd_create+0x357/0x4a0 [ 1265.835371] ? p9_conn_create+0x510/0x510 [ 1265.835962] ? p9_client_create+0x798/0x11c0 [ 1265.836597] ? kfree+0xd7/0x340 [ 1265.837064] ? do_raw_spin_unlock+0x4f/0x220 [ 1265.837696] p9_client_create+0xa76/0x11c0 [ 1265.838315] ? p9_client_flush+0x430/0x430 [ 1265.838960] ? trace_hardirqs_on+0x5b/0x180 [ 1265.839598] ? lockdep_init_map_type+0x2c7/0x780 [ 1265.840308] ? __raw_spin_lock_init+0x36/0x110 [ 1265.840962] v9fs_session_init+0x1dd/0x1680 [ 1265.841591] ? lock_release+0x680/0x680 [ 1265.842168] ? kmem_cache_alloc_trace+0x151/0x320 [ 1265.842858] ? v9fs_show_options+0x690/0x690 [ 1265.843490] ? trace_hardirqs_on+0x5b/0x180 [ 1265.844117] ? kasan_unpoison_shadow+0x33/0x50 [ 1265.844769] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1265.845489] v9fs_mount+0x79/0x8f0 [ 1265.846001] ? v9fs_write_inode+0x60/0x60 [ 1265.846595] legacy_get_tree+0x105/0x220 [ 1265.847188] vfs_get_tree+0x8e/0x300 [ 1265.847733] path_mount+0x1429/0x2120 [ 1265.848309] ? strncpy_from_user+0x9e/0x470 [ 1265.848937] ? finish_automount+0xa90/0xa90 [ 1265.849563] ? getname_flags.part.0+0x1dd/0x4f0 [ 1265.850234] ? _copy_from_user+0xfb/0x1b0 [ 1265.850830] __x64_sys_mount+0x282/0x300 [ 1265.851401] ? copy_mnt_ns+0xa00/0xa00 [ 1265.851980] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1265.852730] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1265.853462] do_syscall_64+0x33/0x40 [ 1265.854039] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1265.854770] RIP: 0033:0x7f0b176ffb19 [ 1265.855308] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1265.857880] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1265.858958] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1265.859960] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1265.860972] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1265.861972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1265.862981] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:53:59 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x20000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:53:59 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) 04:53:59 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:59 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfd]o=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:53:59 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 14) 04:53:59 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:53:59 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:59 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1280.622030] FAULT_INJECTION: forcing a failure. [ 1280.622030] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.624050] CPU: 1 PID: 15074 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1280.625282] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1280.626719] Call Trace: [ 1280.627202] dump_stack+0x107/0x167 [ 1280.627857] should_fail.cold+0x5/0xa [ 1280.628558] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1280.629574] should_failslab+0x5/0x20 [ 1280.630243] kmem_cache_alloc+0x5b/0x310 [ 1280.630963] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1280.631948] idr_get_free+0x4b5/0x8f0 [ 1280.632646] idr_alloc_u32+0x170/0x2d0 [ 1280.633332] ? __fprop_inc_percpu_max+0x130/0x130 [ 1280.634174] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1280.635137] ? lock_release+0x680/0x680 [ 1280.635838] idr_alloc+0xc2/0x130 [ 1280.636465] ? idr_alloc_u32+0x2d0/0x2d0 [ 1280.637057] ? rwlock_bug.part.0+0x90/0x90 [ 1280.637699] p9_client_prepare_req.part.0+0x612/0xac0 [ 1280.638457] p9_client_rpc+0x220/0x1370 [ 1280.639048] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1280.639818] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1280.640623] ? pipe_poll+0x21b/0x7f0 [ 1280.641164] ? p9_fd_close+0x4a0/0x4a0 [ 1280.641749] ? anon_pipe_buf_release+0x280/0x280 [ 1280.642437] ? p9_fd_poll+0x1e0/0x2c0 [ 1280.643013] ? p9_fd_create+0x357/0x4a0 [ 1280.643600] ? p9_conn_create+0x510/0x510 [ 1280.644231] ? p9_client_create+0x798/0x11c0 [ 1280.644867] ? kfree+0xd7/0x340 [ 1280.645359] ? do_raw_spin_unlock+0x4f/0x220 [ 1280.646000] p9_client_create+0xa76/0x11c0 [ 1280.646635] ? p9_client_flush+0x430/0x430 [ 1280.647249] ? trace_hardirqs_on+0x5b/0x180 [ 1280.647891] ? lockdep_init_map_type+0x2c7/0x780 [ 1280.648587] ? __raw_spin_lock_init+0x36/0x110 [ 1280.649255] v9fs_session_init+0x1dd/0x1680 [ 1280.649690] FAULT_INJECTION: forcing a failure. [ 1280.649690] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.649894] ? kmem_cache_alloc_trace+0x151/0x320 [ 1280.649914] ? v9fs_show_options+0x690/0x690 [ 1280.652257] ? trace_hardirqs_on+0x5b/0x180 [ 1280.652884] ? kasan_unpoison_shadow+0x33/0x50 [ 1280.653547] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1280.654285] v9fs_mount+0x79/0x8f0 [ 1280.654804] ? v9fs_write_inode+0x60/0x60 [ 1280.655404] legacy_get_tree+0x105/0x220 [ 1280.655991] vfs_get_tree+0x8e/0x300 [ 1280.656540] path_mount+0x1429/0x2120 [ 1280.657102] ? strncpy_from_user+0x9e/0x470 [ 1280.657729] ? finish_automount+0xa90/0xa90 [ 1280.658362] ? getname_flags.part.0+0x1dd/0x4f0 [ 1280.659038] ? _copy_from_user+0xfb/0x1b0 [ 1280.659645] __x64_sys_mount+0x282/0x300 [ 1280.660240] ? copy_mnt_ns+0xa00/0xa00 [ 1280.660816] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1280.661572] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1280.662316] do_syscall_64+0x33/0x40 [ 1280.662855] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1280.663592] RIP: 0033:0x7f0b176ffb19 [ 1280.664135] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1280.666817] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1280.667916] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1280.668942] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1280.669960] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1280.670980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1280.671997] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1280.673060] CPU: 0 PID: 15081 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1280.673674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1280.674394] Call Trace: [ 1280.674637] dump_stack+0x107/0x167 [ 1280.674958] should_fail.cold+0x5/0xa [ 1280.675295] ? v9fs_mount+0x5a/0x8f0 [ 1280.675631] should_failslab+0x5/0x20 [ 1280.675966] kmem_cache_alloc_trace+0x55/0x320 [ 1280.676374] ? v9fs_write_inode+0x60/0x60 [ 1280.676739] v9fs_mount+0x5a/0x8f0 [ 1280.677058] ? v9fs_write_inode+0x60/0x60 [ 1280.677431] legacy_get_tree+0x105/0x220 [ 1280.677793] vfs_get_tree+0x8e/0x300 [ 1280.678123] path_mount+0x1429/0x2120 [ 1280.678473] ? strncpy_from_user+0x9e/0x470 [ 1280.678857] ? finish_automount+0xa90/0xa90 [ 1280.679245] ? getname_flags.part.0+0x1dd/0x4f0 [ 1280.679652] ? _copy_from_user+0xfb/0x1b0 [ 1280.680020] __x64_sys_mount+0x282/0x300 [ 1280.680384] ? copy_mnt_ns+0xa00/0xa00 [ 1280.680729] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1280.681190] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1280.681640] do_syscall_64+0x33/0x40 [ 1280.681964] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1280.682415] RIP: 0033:0x7f0d74438b19 [ 1280.682735] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1280.684311] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1280.684970] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1280.685585] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1280.686202] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1280.686825] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1280.687450] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:53:59 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:53:59 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:53:59 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r3, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) r4 = semget$private(0x0, 0x6, 0x0) semctl$IPC_RMID(r4, 0x0, 0x0) getresgid(&(0x7f00000010c0), &(0x7f0000001100)=0x0, &(0x7f0000001140)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001180)={0x0, 0x0, 0x0}, &(0x7f00000011c0)=0xc) semctl$IPC_SET(r4, 0x0, 0x1, &(0x7f0000001200)={{0x0, 0xee01, r5, 0xffffffffffffffff, r6, 0x4, 0x2}, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7f}) mount$9p_fd(0x0, &(0x7f0000000100)='./file1\x00', &(0x7f0000000180), 0x20, &(0x7f0000000240)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX=r6, @ANYBLOB=',hash,smackfstransmute=&*-).),\x00']) r7 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r7, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r7, r8, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r8, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="2cb463f155f3480e7ac6f225d8aa9002fa00"]) 04:53:59 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:53:59 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 15) 04:53:59 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1280.857228] FAULT_INJECTION: forcing a failure. [ 1280.857228] name failslab, interval 1, probability 0, space 0, times 0 [ 1280.858219] CPU: 0 PID: 15099 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1280.858769] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1280.859428] Call Trace: [ 1280.859648] dump_stack+0x107/0x167 [ 1280.859941] should_fail.cold+0x5/0xa [ 1280.860262] ? create_object.isra.0+0x3a/0xa20 [ 1280.860638] should_failslab+0x5/0x20 [ 1280.860947] kmem_cache_alloc+0x5b/0x310 [ 1280.861282] ? cred_has_capability.isra.0+0x152/0x2b0 [ 1280.861721] create_object.isra.0+0x3a/0xa20 [ 1280.862094] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1280.862512] kmem_cache_alloc_trace+0x151/0x320 [ 1280.862899] ? v9fs_write_inode+0x60/0x60 [ 1280.863238] v9fs_mount+0x5a/0x8f0 [ 1280.863532] ? v9fs_write_inode+0x60/0x60 [ 1280.863877] legacy_get_tree+0x105/0x220 [ 1280.864209] vfs_get_tree+0x8e/0x300 [ 1280.864515] path_mount+0x1429/0x2120 [ 1280.864832] ? strncpy_from_user+0x9e/0x470 [ 1280.865182] ? finish_automount+0xa90/0xa90 [ 1280.865532] ? getname_flags.part.0+0x1dd/0x4f0 [ 1280.865909] ? _copy_from_user+0xfb/0x1b0 [ 1280.866251] __x64_sys_mount+0x282/0x300 [ 1280.866578] ? copy_mnt_ns+0xa00/0xa00 [ 1280.866899] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1280.867323] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1280.867737] do_syscall_64+0x33/0x40 [ 1280.868040] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1280.868466] RIP: 0033:0x7f0d74438b19 [ 1280.868771] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1280.870300] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1280.870928] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1280.871525] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1280.872115] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1280.872708] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1280.873273] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:54:00 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:00 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) [ 1281.020752] FAULT_INJECTION: forcing a failure. [ 1281.020752] name failslab, interval 1, probability 0, space 0, times 0 [ 1281.022417] CPU: 1 PID: 15107 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1281.023413] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1281.024619] Call Trace: [ 1281.025011] dump_stack+0x107/0x167 [ 1281.025555] should_fail.cold+0x5/0xa [ 1281.026118] ? create_object.isra.0+0x3a/0xa20 [ 1281.026779] should_failslab+0x5/0x20 [ 1281.027342] kmem_cache_alloc+0x5b/0x310 [ 1281.027945] create_object.isra.0+0x3a/0xa20 [ 1281.028614] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1281.029363] kmem_cache_alloc+0x159/0x310 [ 1281.029995] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1281.030818] idr_get_free+0x4b5/0x8f0 [ 1281.031407] idr_alloc_u32+0x170/0x2d0 [ 1281.031981] ? __fprop_inc_percpu_max+0x130/0x130 [ 1281.032740] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1281.033534] ? lock_release+0x680/0x680 [ 1281.034144] idr_alloc+0xc2/0x130 [ 1281.034655] ? idr_alloc_u32+0x2d0/0x2d0 [ 1281.035267] ? rwlock_bug.part.0+0x90/0x90 [ 1281.035911] p9_client_prepare_req.part.0+0x612/0xac0 [ 1281.036694] p9_client_rpc+0x220/0x1370 [ 1281.037292] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1281.038084] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1281.038883] ? pipe_poll+0x21b/0x7f0 [ 1281.039442] ? p9_fd_close+0x4a0/0x4a0 [ 1281.040033] ? anon_pipe_buf_release+0x280/0x280 [ 1281.040758] ? p9_fd_poll+0x1e0/0x2c0 [ 1281.041336] ? p9_fd_create+0x357/0x4a0 [ 1281.041933] ? p9_conn_create+0x510/0x510 [ 1281.042537] ? p9_client_create+0x798/0x11c0 [ 1281.043193] ? kfree+0xd7/0x340 [ 1281.043678] ? do_raw_spin_unlock+0x4f/0x220 [ 1281.044356] p9_client_create+0xa76/0x11c0 [ 1281.045006] ? p9_client_flush+0x430/0x430 [ 1281.045643] ? trace_hardirqs_on+0x5b/0x180 [ 1281.046286] ? lockdep_init_map_type+0x2c7/0x780 [ 1281.046995] ? __raw_spin_lock_init+0x36/0x110 [ 1281.047680] v9fs_session_init+0x1dd/0x1680 [ 1281.048337] ? lock_release+0x680/0x680 [ 1281.048939] ? kmem_cache_alloc_trace+0x151/0x320 [ 1281.049659] ? v9fs_show_options+0x690/0x690 [ 1281.050326] ? trace_hardirqs_on+0x5b/0x180 [ 1281.050972] ? kasan_unpoison_shadow+0x33/0x50 [ 1281.051652] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1281.052418] v9fs_mount+0x79/0x8f0 [ 1281.052952] ? v9fs_write_inode+0x60/0x60 [ 1281.053574] legacy_get_tree+0x105/0x220 [ 1281.054179] vfs_get_tree+0x8e/0x300 [ 1281.054734] path_mount+0x1429/0x2120 [ 1281.055306] ? strncpy_from_user+0x9e/0x470 [ 1281.055948] ? finish_automount+0xa90/0xa90 [ 1281.056595] ? getname_flags.part.0+0x1dd/0x4f0 [ 1281.057284] ? _copy_from_user+0xfb/0x1b0 [ 1281.057897] __x64_sys_mount+0x282/0x300 [ 1281.058508] ? copy_mnt_ns+0xa00/0xa00 [ 1281.059083] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1281.059857] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1281.060619] do_syscall_64+0x33/0x40 [ 1281.061179] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1281.061920] RIP: 0033:0x7f0b176ffb19 [ 1281.062477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1281.065114] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1281.066219] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1281.067252] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1281.068285] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1281.069310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1281.070336] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:54:13 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) fsetxattr$security_evm(r0, &(0x7f0000000180), &(0x7f0000000240)=@v2={0x3, 0x2, 0x14, 0x7ff, 0xe2, "7c1efe46c9f93245fd7040e133a244da1f97d87ddd49495d1658b2aa731773d254a30666089db8344cd92ea43959efdc0a2deb1d4f4e4876f1bf41c140d1cea458cfe23dfd44a4f65bf7352c0cb7b94d388da445658ac0d68a728aace3b9aed16d68051c3ee5d33e71f0c17aa40272e05c934f7609d89e49ccf56408c052c0c21fc917ddd310339cf26a0c85961ace1306d86029b1232e0988dbb38f8bf199ff6eac832c73373171ee334e7057871a48d8586d42c271b04cafc66a40195ffa71c73060010781f357da8264f72321a9cc5276e0917ea558ae3768603951239e806039"}, 0xeb, 0x3) setsockopt$inet_mreq(r2, 0x0, 0x20, &(0x7f0000000100)={@dev={0xac, 0x14, 0x14, 0x23}, @rand_addr=0x64010100}, 0x8) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:54:13 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1294.571673] FAULT_INJECTION: forcing a failure. [ 1294.571673] name failslab, interval 1, probability 0, space 0, times 0 [ 1294.572710] CPU: 0 PID: 15218 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1294.573308] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1294.574017] Call Trace: [ 1294.574250] dump_stack+0x107/0x167 [ 1294.574567] should_fail.cold+0x5/0xa [ 1294.574907] should_failslab+0x5/0x20 [ 1294.575241] __kmalloc_track_caller+0x79/0x370 [ 1294.575635] ? v9fs_session_init+0xa7/0x1680 [ 1294.576024] ? kernel_text_address+0xf2/0x120 [ 1294.576420] kstrdup+0x36/0x70 [ 1294.576701] v9fs_session_init+0xa7/0x1680 [ 1294.577078] ? lock_release+0x680/0x680 [ 1294.577424] ? find_held_lock+0x2c/0x110 [ 1294.577787] ? kmem_cache_alloc_trace+0x151/0x320 [ 1294.578203] ? v9fs_show_options+0x690/0x690 [ 1294.578590] ? trace_hardirqs_on+0x5b/0x180 [ 1294.578970] ? kasan_unpoison_shadow+0x33/0x50 [ 1294.579368] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1294.579819] v9fs_mount+0x79/0x8f0 [ 1294.580132] ? v9fs_write_inode+0x60/0x60 [ 1294.580507] legacy_get_tree+0x105/0x220 [ 1294.580860] vfs_get_tree+0x8e/0x300 [ 1294.581189] path_mount+0x1429/0x2120 [ 1294.581522] ? strncpy_from_user+0x9e/0x470 [ 1294.581894] ? finish_automount+0xa90/0xa90 [ 1294.582267] ? getname_flags.part.0+0x1dd/0x4f0 [ 1294.582667] ? _copy_from_user+0xfb/0x1b0 [ 1294.583037] __x64_sys_mount+0x282/0x300 [ 1294.583386] ? copy_mnt_ns+0xa00/0xa00 [ 1294.583730] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1294.584182] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1294.584644] do_syscall_64+0x33/0x40 [ 1294.584968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1294.585418] RIP: 0033:0x7f0d74438b19 [ 1294.585740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1294.587335] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1294.587992] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1294.588606] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1294.589236] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1294.589847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1294.590459] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1294.609382] FAULT_INJECTION: forcing a failure. [ 1294.609382] name failslab, interval 1, probability 0, space 0, times 0 [ 1294.611066] CPU: 1 PID: 15224 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1294.612094] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1294.613522] Call Trace: [ 1294.613925] dump_stack+0x107/0x167 [ 1294.614487] should_fail.cold+0x5/0xa [ 1294.614508] ? create_object.isra.0+0x3a/0xa20 [ 1294.615515] should_failslab+0x5/0x20 [ 1294.616087] kmem_cache_alloc+0x5b/0x310 [ 1294.616730] create_object.isra.0+0x3a/0xa20 [ 1294.617391] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1294.618159] kmem_cache_alloc+0x159/0x310 04:54:13 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x20100000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:54:13 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) 04:54:13 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 16) 04:54:13 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:13 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:54:13 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, 0x0, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1294.618785] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1294.619705] idr_get_free+0x4b5/0x8f0 [ 1294.620298] idr_alloc_u32+0x170/0x2d0 [ 1294.620892] ? __fprop_inc_percpu_max+0x130/0x130 [ 1294.621623] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1294.622416] ? lock_release+0x680/0x680 [ 1294.623016] idr_alloc+0xc2/0x130 [ 1294.623532] ? idr_alloc_u32+0x2d0/0x2d0 [ 1294.624148] ? rwlock_bug.part.0+0x90/0x90 [ 1294.624805] p9_client_prepare_req.part.0+0x612/0xac0 [ 1294.625600] p9_client_rpc+0x220/0x1370 [ 1294.626193] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1294.626222] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1294.627548] ? pipe_poll+0x21b/0x7f0 [ 1294.628111] ? p9_fd_close+0x4a0/0x4a0 [ 1294.628696] ? anon_pipe_buf_release+0x280/0x280 [ 1294.629417] ? p9_fd_poll+0x1e0/0x2c0 [ 1294.629993] ? p9_fd_create+0x357/0x4a0 [ 1294.630595] ? p9_conn_create+0x510/0x510 [ 1294.631210] ? p9_client_create+0x798/0x11c0 [ 1294.631873] ? kfree+0xd7/0x340 [ 1294.632373] ? do_raw_spin_unlock+0x4f/0x220 [ 1294.633045] p9_client_create+0xa76/0x11c0 [ 1294.633684] ? p9_client_flush+0x430/0x430 [ 1294.634325] ? trace_hardirqs_on+0x5b/0x180 [ 1294.634971] ? lockdep_init_map_type+0x2c7/0x780 [ 1294.635694] ? __raw_spin_lock_init+0x36/0x110 [ 1294.636385] v9fs_session_init+0x1dd/0x1680 [ 1294.637047] ? lock_release+0x680/0x680 [ 1294.637648] ? kmem_cache_alloc_trace+0x151/0x320 [ 1294.638372] ? v9fs_show_options+0x690/0x690 [ 1294.639036] ? trace_hardirqs_on+0x5b/0x180 [ 1294.639687] ? kasan_unpoison_shadow+0x33/0x50 [ 1294.640490] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1294.641272] v9fs_mount+0x79/0x8f0 [ 1294.641813] ? v9fs_write_inode+0x60/0x60 [ 1294.642451] legacy_get_tree+0x105/0x220 [ 1294.643063] vfs_get_tree+0x8e/0x300 [ 1294.643633] path_mount+0x1429/0x2120 [ 1294.644215] ? strncpy_from_user+0x9e/0x470 [ 1294.644890] ? finish_automount+0xa90/0xa90 [ 1294.645542] ? getname_flags.part.0+0x1dd/0x4f0 [ 1294.646254] ? _copy_from_user+0xfb/0x1b0 [ 1294.646892] __x64_sys_mount+0x282/0x300 [ 1294.647516] ? copy_mnt_ns+0xa00/0xa00 [ 1294.648112] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1294.648924] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1294.649699] do_syscall_64+0x33/0x40 [ 1294.650276] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1294.651047] RIP: 0033:0x7f0b176ffb19 [ 1294.651621] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1294.654367] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1294.655538] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1294.656633] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1294.657720] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1294.658794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1294.659871] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:54:13 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:13 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 17) [ 1294.734238] FAULT_INJECTION: forcing a failure. [ 1294.734238] name failslab, interval 1, probability 0, space 0, times 0 [ 1294.735271] CPU: 0 PID: 15305 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1294.735860] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1294.736572] Call Trace: [ 1294.736806] dump_stack+0x107/0x167 [ 1294.737127] should_fail.cold+0x5/0xa [ 1294.737456] ? create_object.isra.0+0x3a/0xa20 [ 1294.737853] should_failslab+0x5/0x20 [ 1294.738186] kmem_cache_alloc+0x5b/0x310 [ 1294.738539] create_object.isra.0+0x3a/0xa20 [ 1294.738920] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1294.739364] __kmalloc_track_caller+0x177/0x370 [ 1294.739766] ? v9fs_session_init+0xa7/0x1680 [ 1294.740148] ? kernel_text_address+0xf2/0x120 [ 1294.740578] kstrdup+0x36/0x70 [ 1294.740858] v9fs_session_init+0xa7/0x1680 [ 1294.741225] ? lock_release+0x680/0x680 [ 1294.741575] ? find_held_lock+0x2c/0x110 [ 1294.741926] ? kmem_cache_alloc_trace+0x151/0x320 [ 1294.742339] ? v9fs_show_options+0x690/0x690 [ 1294.742722] ? trace_hardirqs_on+0x5b/0x180 [ 1294.743096] ? kasan_unpoison_shadow+0x33/0x50 [ 1294.743496] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1294.743936] v9fs_mount+0x79/0x8f0 [ 1294.744248] ? v9fs_write_inode+0x60/0x60 [ 1294.744616] legacy_get_tree+0x105/0x220 [ 1294.744970] vfs_get_tree+0x8e/0x300 [ 1294.745286] path_mount+0x1429/0x2120 [ 1294.745620] ? strncpy_from_user+0x9e/0x470 [ 1294.745989] ? finish_automount+0xa90/0xa90 [ 1294.746362] ? getname_flags.part.0+0x1dd/0x4f0 [ 1294.746758] ? _copy_from_user+0xfb/0x1b0 [ 1294.747128] __x64_sys_mount+0x282/0x300 [ 1294.747478] ? copy_mnt_ns+0xa00/0xa00 [ 1294.747823] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1294.748273] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1294.748724] do_syscall_64+0x33/0x40 [ 1294.749053] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1294.749498] RIP: 0033:0x7f0d74438b19 [ 1294.749819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1294.751374] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1294.752027] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1294.752634] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1294.753243] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1294.753850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1294.754461] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:54:13 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000100), 0x5}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 04:54:13 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:54:13 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:13 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x8cffffff, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:54:13 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:54:14 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:14 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r4, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYRES64=r4, @ANYRESHEX=r1, @ANYBLOB=',\x00']) fcntl$setstatus(r0, 0x4, 0x44c00) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0) [ 1294.934233] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:54:14 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:54:29 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xc0ed0000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:54:29 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 18) 04:54:29 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:29 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) 04:54:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r2, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) mmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x4, 0x11, r2, 0x863bc000) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f0000000100)) socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB="c455244d03dbad5c7ba6895272bed5599d170acf418a72880c2c3269e06ce37ec92a5deddc1637448037b9502d02d53f4d15cc9dc3044cc5cce2b8bc", @ANYRESHEX=r3, @ANYBLOB=',\x00']) ioctl$BTRFS_IOC_SNAP_CREATE_V2(r0, 0x50009417, &(0x7f0000000440)={{r0}, 0x0, 0x8, @unused=[0x101, 0x6, 0x3ff, 0x9], @subvolid=0x9}) 04:54:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:54:29 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:29 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1310.137365] FAULT_INJECTION: forcing a failure. [ 1310.137365] name failslab, interval 1, probability 0, space 0, times 0 [ 1310.138555] FAULT_INJECTION: forcing a failure. [ 1310.138555] name failslab, interval 1, probability 0, space 0, times 0 [ 1310.138998] CPU: 1 PID: 15478 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1310.141502] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1310.142628] Call Trace: [ 1310.142997] dump_stack+0x107/0x167 [ 1310.143502] should_fail.cold+0x5/0xa [ 1310.144041] should_failslab+0x5/0x20 [ 1310.144583] __kmalloc_track_caller+0x79/0x370 [ 1310.145206] ? v9fs_session_init+0xe9/0x1680 [ 1310.145803] ? kernel_text_address+0xf2/0x120 [ 1310.146426] kstrdup+0x36/0x70 [ 1310.146863] v9fs_session_init+0xe9/0x1680 [ 1310.147438] ? lock_release+0x680/0x680 [ 1310.147974] ? find_held_lock+0x2c/0x110 [ 1310.148568] ? kmem_cache_alloc_trace+0x151/0x320 [ 1310.149220] ? v9fs_show_options+0x690/0x690 [ 1310.149825] ? trace_hardirqs_on+0x5b/0x180 [ 1310.150410] ? kasan_unpoison_shadow+0x33/0x50 [ 1310.151027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1310.151720] v9fs_mount+0x79/0x8f0 [ 1310.152218] ? v9fs_write_inode+0x60/0x60 [ 1310.152797] legacy_get_tree+0x105/0x220 [ 1310.153346] vfs_get_tree+0x8e/0x300 [ 1310.153849] path_mount+0x1429/0x2120 [ 1310.154397] ? strncpy_from_user+0x9e/0x470 [ 1310.154983] ? finish_automount+0xa90/0xa90 [ 1310.155570] ? getname_flags.part.0+0x1dd/0x4f0 [ 1310.156192] ? _copy_from_user+0xfb/0x1b0 [ 1310.156770] __x64_sys_mount+0x282/0x300 [ 1310.157317] ? copy_mnt_ns+0xa00/0xa00 [ 1310.157852] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1310.158556] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1310.159258] do_syscall_64+0x33/0x40 [ 1310.159764] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1310.160451] RIP: 0033:0x7f0d74438b19 [ 1310.160991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1310.163428] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1310.164455] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1310.165428] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1310.166383] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1310.167343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1310.168291] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1310.169284] CPU: 0 PID: 15476 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1310.170287] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1310.171476] Call Trace: [ 1310.171876] dump_stack+0x107/0x167 [ 1310.172412] should_fail.cold+0x5/0xa [ 1310.172984] ? create_object.isra.0+0x3a/0xa20 [ 1310.173652] should_failslab+0x5/0x20 [ 1310.174209] kmem_cache_alloc+0x5b/0x310 [ 1310.174810] create_object.isra.0+0x3a/0xa20 [ 1310.175450] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1310.176196] __kmalloc+0x16e/0x390 [ 1310.176751] p9pdu_readf+0xadb/0x1d40 [ 1310.177310] ? pipe_poll+0x21b/0x7f0 [ 1310.177858] ? p9pdu_writef+0x100/0x100 [ 1310.178444] ? p9_fd_poll+0x1e0/0x2c0 [ 1310.179034] ? p9_fd_create+0x357/0x4a0 [ 1310.179620] ? p9_conn_create+0x510/0x510 [ 1310.180221] ? p9_client_create+0x798/0x11c0 [ 1310.180880] ? kfree+0xd7/0x340 [ 1310.181388] ? do_raw_spin_unlock+0x4f/0x220 [ 1310.182049] p9_client_create+0xaee/0x11c0 [ 1310.182674] ? p9_client_flush+0x430/0x430 [ 1310.183299] ? trace_hardirqs_on+0x5b/0x180 [ 1310.183937] ? lockdep_init_map_type+0x2c7/0x780 [ 1310.184656] ? __raw_spin_lock_init+0x36/0x110 [ 1310.185338] v9fs_session_init+0x1dd/0x1680 [ 1310.185997] ? lock_release+0x680/0x680 [ 1310.186589] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1310.187388] ? trace_hardirqs_on+0x5b/0x180 [ 1310.188025] ? v9fs_show_options+0x690/0x690 [ 1310.188699] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1310.189455] ? kasan_unpoison_shadow+0x33/0x50 [ 1310.190152] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1310.190897] v9fs_mount+0x79/0x8f0 [ 1310.191447] ? v9fs_write_inode+0x60/0x60 [ 1310.192057] legacy_get_tree+0x105/0x220 [ 1310.192693] vfs_get_tree+0x8e/0x300 [ 1310.193238] path_mount+0x1429/0x2120 [ 1310.193805] ? strncpy_from_user+0x9e/0x470 [ 1310.194442] ? finish_automount+0xa90/0xa90 [ 1310.195082] ? getname_flags.part.0+0x1dd/0x4f0 [ 1310.195754] ? _copy_from_user+0xfb/0x1b0 [ 1310.196381] __x64_sys_mount+0x282/0x300 [ 1310.196978] ? copy_mnt_ns+0xa00/0xa00 [ 1310.197566] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1310.198319] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1310.199086] do_syscall_64+0x33/0x40 [ 1310.199633] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1310.200385] RIP: 0033:0x7f0b176ffb19 [ 1310.200949] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1310.203632] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1310.204745] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1310.205777] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1310.206812] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1310.207840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1310.208891] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:54:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1310.263647] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:54:29 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:29 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 19) 04:54:29 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) r3 = perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0x14, 0x8, 0x53, 0x93, 0x0, 0x7ff, 0x6faf64c610129e1a, 0xc, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x5, @perf_bp={&(0x7f0000000100), 0x1}, 0xa819, 0x7ff, 0x9, 0x0, 0x10001, 0x8, 0x200, 0x0, 0x29, 0x0, 0x2}, 0xffffffffffffffff, 0x2, r0, 0x2) fsetxattr$trusted_overlay_origin(r3, &(0x7f0000000180), &(0x7f00000002c0), 0x2, 0x1) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = perf_event_open(0x0, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r4, 0x0) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r1, 0xc018937c, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r4, @ANYBLOB="04a50200050006000000"]) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r5}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1310.377451] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1310.392542] FAULT_INJECTION: forcing a failure. [ 1310.392542] name failslab, interval 1, probability 0, space 0, times 0 [ 1310.393929] CPU: 1 PID: 15492 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1310.394817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1310.395880] Call Trace: [ 1310.396231] dump_stack+0x107/0x167 [ 1310.396705] should_fail.cold+0x5/0xa [ 1310.397193] ? create_object.isra.0+0x3a/0xa20 [ 1310.397770] should_failslab+0x5/0x20 [ 1310.398261] kmem_cache_alloc+0x5b/0x310 [ 1310.398808] create_object.isra.0+0x3a/0xa20 [ 1310.399382] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1310.400048] __kmalloc_track_caller+0x177/0x370 [ 1310.400665] ? v9fs_session_init+0xe9/0x1680 [ 1310.401242] ? kernel_text_address+0xf2/0x120 [ 1310.401842] kstrdup+0x36/0x70 [ 1310.402247] v9fs_session_init+0xe9/0x1680 [ 1310.402776] ? lock_release+0x680/0x680 [ 1310.403267] ? find_held_lock+0x2c/0x110 [ 1310.403775] ? kmem_cache_alloc_trace+0x151/0x320 [ 1310.404388] ? v9fs_show_options+0x690/0x690 [ 1310.404967] ? trace_hardirqs_on+0x5b/0x180 [ 1310.405515] ? kasan_unpoison_shadow+0x33/0x50 [ 1310.406101] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1310.406746] v9fs_mount+0x79/0x8f0 [ 1310.407210] ? v9fs_write_inode+0x60/0x60 [ 1310.407750] legacy_get_tree+0x105/0x220 [ 1310.408263] vfs_get_tree+0x8e/0x300 [ 1310.408732] path_mount+0x1429/0x2120 [ 1310.409221] ? strncpy_from_user+0x9e/0x470 [ 1310.409752] ? finish_automount+0xa90/0xa90 [ 1310.410288] ? getname_flags.part.0+0x1dd/0x4f0 [ 1310.410878] ? _copy_from_user+0xfb/0x1b0 [ 1310.411399] __x64_sys_mount+0x282/0x300 [ 1310.411937] ? copy_mnt_ns+0xa00/0xa00 [ 1310.412452] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1310.413151] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1310.413825] do_syscall_64+0x33/0x40 [ 1310.414311] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1310.414970] RIP: 0033:0x7f0d74438b19 [ 1310.415437] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1310.417780] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1310.418766] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1310.419666] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1310.420554] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1310.421438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1310.422314] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:54:29 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:29 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0xff, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) poll(&(0x7f0000000180), 0x0, 0x0) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000a, 0x10, r2, 0xe98c000) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000100)) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdqo=', @ANYRESHEX=r3, @ANYBLOB="2c7766646e6f3dbfab999d60262110a32d2c9aa0ef481ab9173021279ae6fdb3a31dde9d601abefc1a8a1e1239535fb1bb8ea6493f6dc6c483db8d87fed5d9982e156604e131d6560d566c7937216a15b3242884b6db14e4dc17fce4cac449c2276401aaca14d217ff7a81c9468f0d37311396acd64eaf007ba4f954b4afe95a1d180496e1465dc5e0b38981fc4a33de28071adaced6f2f4f96a487c9c32b68ba83d9fbebe373bfc0deb01", @ANYRESHEX=r1, @ANYBLOB=',\x00']) 04:54:29 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1310.501552] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1310.566117] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:54:48 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 20) 04:54:48 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xf6ffffff, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:54:48 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:54:48 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:48 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) 04:54:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:48 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x20, 0x0, 0x0, 0x5e, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000001b00), 0x9}, 0x24, 0x0, 0x2, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) ioctl$SG_IO(r1, 0x2285, &(0x7f0000001a80)={0x0, 0xfffffffffffffffd, 0x41, 0x8, @scatter={0x7, 0x0, &(0x7f0000001940)=[{&(0x7f00000005c0)=""/196, 0xc4}, {&(0x7f00000006c0)=""/16, 0x10}, {&(0x7f0000000700)=""/4096, 0x1000}, {&(0x7f0000001700)=""/127, 0x7f}, {&(0x7f0000001780)=""/193, 0xc1}, {&(0x7f0000001880)=""/100, 0x64}, {&(0x7f0000001900)=""/23, 0x17}]}, &(0x7f00000019c0)="f1e93060639f3ac8be33ddabe76456fc146bde9dcdfcfb82efa09c678082f23769d09f87454308aa4c7f73d9e25a9772a701bc69e0b66155652d4563a3124f8236", &(0x7f0000004580)=""/4096, 0xffffffff, 0x10, 0x0, &(0x7f0000001a40)}) r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) perf_event_open$cgroup(&(0x7f00000004c0)={0x3, 0x80, 0x1f, 0x7, 0xc1, 0x7f, 0x0, 0x7, 0x4, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0xba76, 0x0, @perf_bp={&(0x7f0000000100), 0x1}, 0x89, 0xfffffffffffffff7, 0x2, 0x8, 0x10001, 0x6, 0x100, 0x0, 0x4, 0x0, 0x8}, r2, 0xc, 0xffffffffffffffff, 0x1) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r6 = openat$cdrom(0xffffffffffffff9c, &(0x7f00000003c0), 0x40100, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000540)={&(0x7f0000005580)=ANY=[@ANYBLOB="602700002300000129bd7000fddbdf250000000007003800a517510098020980c7821d4d3b920912e73988f3b4b69f9966bf0406a33bdb9e7a752a0b07ff842e71fb7e10373c82c379f96965d752234630639296249cc87cea6b29620d207a0fc8e5e37386124d2f327479e0cb2179a1f3154a41d9487f7ff0e795d42a6776ff2241d53862314fffd768428745478450baa13c0d093497fede136b06f589b5b29c9d1cf8d375727ed664475291ef1dbc8e9b881b708c450a038dd46d43d742af7018755471daf7cf3e2b4f00fb2fda12dbbfd336b75a6c7f76de492bf4957602ed87b09c2b53f8e7e76f827d8122e8fc881e4b2351251bde861bdd39f73d50d582e54300cce5b63c5610386d949d0495c7d40d1efb4db6ac765fc4202b11eb95ee3721eed87e741960ccb1a76430fff4aa593c3702f4a964a16460f93ceda5e07fe90448bd9146586066125b5d9ec4602a5d559a5ca21b31827e723010f9fd1be6eaee38a2c9c08c39c157b9c4fabee04851b3f50c65daed8be157999286d67a80c77f6d8c9de9b2743b8aff632271323de1cf69a31493bec964b1a4770eccf718a1958d71906404c4cc22f2f493e26e2d69c5d33d218b1724b27edff176f2501a4694dcba4d31f271c2e82b39415be08dea033cd5a22be8d6801558ef89c800bcf83a8e57b2dbb058d2e8ed75653b7e4a1c9f5433850cdd8fdcfc76698956c4cf2a9d12d7223ed9bc67943257d232ca3569bedfd445e50a5f8b913d6f9ed5858bce157294e16e27268dabc6df54b6fcf38be0ca8e9952ec740fa059f5f07f1efdf4fe8751a8087fec91434b50ba858b1c387416f73250970413f55c72c94310dca1342796c31279d0ad5cb0ded96ad5c5d084a76c0f817a54c3008dc8f32f8a3be9c01b7986f2a05c9f35c1b118fb3ca979939d6ee1e637080f9a5ef4f5b7db39ce7a66b604fac7443a9bab9473030cbeef7fb17ba5309d60de3fb3084304b818c8c920cbbf72d00b2e2ab0e5b4a7f29404bd649c72aadf645245c31be9af3891215266f8bd5fff9b0c5dbec8c344094f79cd50a65e60f33b9fc69dad8f71ef14a865ab4d88bb748ce3993c6d74548693574e10d86f2927101e002f8008003100e0000002a8aee3dbfa624810bb3a080030001f00000000007249ac848cd0542ccce7037b6d16f9bc5201f948c2d5fe0fbee57e9fb657dfee269c364fd040806efe1c3dc4cae8d9efdd4e2115b6739781db8839096eaa41950ae0a5f8cb7fab97326cf0f95098d20cbb4dec96c7fef7e22a258ae3373dc399f8b1d66bd74b027700245bed815156eba48df5cfe510b15a50f7463f395079bbc89a9729e37c9368e0d6ceb08cafcdf55a57d9b213e936996033efd60194287dee22cc87112c416e6033148cc9b90fdde728c5b3246ef399dc9d9ea30208689ee66e60e5176ebf8f22478008006e00", @ANYRES32=r6, @ANYBLOB="ca832f2de854ed4b17e5729674d20be5c59a95e7ffff22a1c0e9a0ce597ee8d5a586521ef269962fe0be0957a150f2a2c8d2c495dab6e9fc8bbb84c4d255b24a6acef02bcfa1bdb4900f57122e43e9e5ceee649fc91d356028c427d9f48ffac67a0921d7d7486384bf8d8fdeb93d60747441e3e3b0a940cfa53fda03634e0c03931d9f1ee6ec51a0c5778dec4f1d0c8c3fabc0077cc1866d519011a95f3a75f9f34e6508780f1b84a3023fcac46767e89c70c10ddeacdb2d71340bc763d90d5217fc9f01e013c332a6e90564b1eda7f9c2e52a2c7ecbed3814659c106eaf303319839b16527a1b2c242d031699606671114fa65b4ee08c24be4343ae16150502d40d60f206205d72617efd3e4e907812a11cfdfc53f6646e2e0a00b2a422330fea6d935671b29858c9f66adc030b09740b05130e74c523aab21e40bbf6a37531611e519a130fa017e7ce08002d004c6a7f19b06b77ce22c9503601ac55417106934932e1009bb9bdaf55c544db2f48c2b3", @ANYRES32, @ANYBLOB="ae768acf9f4b73f694cbc239c4b6a564a89d8f50a6900b4cd0371dc6753a2ba686a7508d8abd7ababa2efb293054efee276dc09ee2b552b637f7fc6a8dcdd6bdf0580748dac91b18097c0b04d3f45dd3f8bbb2b710f2381a5c3a74a4ea5d57d4dda4bd5896beefffa09ca74bc9d30ad82c163a32cb45f3e60243929e50dbf9128f7d47880babdb49bf29ebfbb31bc5f9cf0e830dfafcb3a2482e5ccb682859246e8df4af137cfabfd76c2c0438d28ae539a161665471fe2a370c1b36b83ec6c68bf19630940312301369558b9094f502dc53e8011e5254dd21b710c06d563945018da2dc24675255d704104e002bd985576fce1a56921a8d29d7f38b235470a6652aa481ffc4ca240c5036746f6da4f2de6970488be2a90ffad77d4e59fe315b3e72ffef8a0b15e28f82330b114e90cf6d0598ca1a5c2490abdbfdd0f6f4e395a01dc5ebce2d96f4f25081cc70b3beaa12d0f71425abcca6377c7a4047efac767bd0aeb687cd0d0115ac4afd339a213e0ca330c5eae7baf72accdbb2c0b79410f28f823e5e5758bb98fcced799b40a16bfb91c3a61bb94d51453b1864cc5c01b0a31cbcc8c760706ff9cfe29bbdbdfd4cd2a8429a43ab39ea96b484a6cb823ecd230cf0161e5bc92b3c305fbcca472c1604782d826a7e66f1e0877150535ebb54392c95f667ddb90a0506d2f01e2aa9603edadff380886a2ce5e40ae9972a9d7c4a6ff472df8af178a7ccd58fa515f715d0a4dd890e9325d7b7d03cfcc39630ecfe17579bc97e7bc1d6f9da1f80c1c721735167420ec29667ca391d323f91d0cd3042bfefb5397af6c528cbbcbcb4e28748786a3b6f316456b7d1f2017e4aa5275d40abbcaca0f7444c6cc21d0523b7dad999624f1b37393a9663ad4bbad54dc6c07cd6019d9d6e164eb6bbe67126ecc08eff90f0b35154814a045a8a1b4cc1393cabdef2ebf8f8c90c70bc17985df1d557fd5b529e44be4aabdf594e8aada807074754dfdae13e0b4e39e138f5f9e252f65ce1fdd5bf84b0ffb4b11a7a8ed31ea4c4336f4eca0b57da1157212b9d833e4a05e3288bfa24a1e95ff80acfba1810230f2e5d2c3edc0442fc4951f989de1e4e0ddb885f3be3a0821ad625b0c8273dab295de6c85eb0eb0637f2122211785c6dfa2e3d0f6dce84ac04cc1084a61f40a116b4aed63c78187cecaa2fefd7e757ba21e829016e0c18760deb00f3b71b3521908856880172295a2f18f8ebbd689bce51d959d73d90a4cc215261f02ae79f0ac88212f06950315dc724c234c7dc1e105d1e7bc3d6a82bc61bb62b34ba80eeacddac73ca2290899956db55c5f5edfe48adee29bfa65c6090a0753b126fb5bed03365d8337e56091f4ba292e0ae9e624a0396034b7a53dac90965fcb247091b5b2a42d7735169148ded3e4c5b1bfadea0787a4f188c1b5092f286237d3d4e265b06ceaa88fc5a1e61cbeba5b8cd06eab8659961f8561962c8c79314d42846f12b3e13e9d418572fd0e1d7906cdcee3ba5d8bbc8553f50917287985560dd75a17903e0861ab877c38b7ef4da3b2e065e1b711a352740595e0c87c6415a8d4431b7be94b7a3f2d6b3e55b9d8026faccebe9ff2996f9add93a09872bec9f2caa56b325fd92d8430f77ae9630d333c75c6af0621a90d596d12a7a7af9545415850c60d03cd3a54edd7d4491c872e01731d95707090ba53e79585b9b6849a07b2d4b3ee45a9adaa6eaa8dd62bd8a6eca3a8f484282711f7cb8ec6cbc976d683e655eef101523a0b980929184efe7139f17880afc1af638c7e2a318d87759992c55277a7f6b5638015517c15f1a1e817f029623b6596cff374705edcb1a665360c40e321d356453365157aca9f0990eb68b4d5e0d3bf99958d956e491fc421f4ffb92ffd937fa8250973ab2c9a8c3e2e41bbfa76c2c7c803f5a51138389b494534e396d39de366403449c4a55d9cfcb289b923f8336e3f397a368cebb714e584e28781537d5e1f5ba88ef620ba94dfe07791850d152fd0096d7ab7c6ab6c5895307fd81a510e0dd4dbf5e0724aae93c4b6d4f2e48f94e41b157437b2fa2bc39fb5c5379ef6d810d2767c377749454071906eb9d183e31c87b4ba6ca2fd4bdb556693557da5572ea6fae16b3817edc25445c75bc0d8be90a48d556be57b01491a47db465a77fe528d9418bf9e43e3d5f871a9dd568a91afc9461f5b8468a2c8e472dd2d9899e9ceb55406651905e0b14f1d30e11c81080eeb7112a5102a6a2d017d1e66790e4af5af26d673412ee575e0a2e9c0b6a2840869db13a2d48fd15f1211a66b67616a568da4dcc2d0f3932719b3e069ef6abc68c8d760d63ed6abdf80219b6d0437d1b0c5ac7845a964bee2b3679de40c1003b21465bfb670a511a1b63b8f21c41576db5885a632a6134f1f38fb1236e9bda4821269bbbe5dd65f576707d24fdb2f0ad3118753c9f08bfc9a706e736529376672ee651715a93512370a16fba019aab0684d7e2ea4d0af3088501b159a7627b2b09bb9a2891ace5d2e1aa40bd55f8e13127d7b619f876ca903bc37dd4cb6ea325239221ad27623ddea87cc259723ff373c1e73d4f5875d0f8e6b8d666255c0aae099441bd12e8fdc6497a50b22e26fbb13a6f59a2bf40f9ba41f7afdce282971d774d95863fab7c7783a331991b76c05051eba5828947677e94f3c74e2d1fe305ecbfd03b9747759ca335a97013c46aff0cedd512b754767974834f77c40c4d0673e5a1ac1646e86b3e16c979b778bb928bb8711ec50fce33fe2723605e38bdd79d1fd97df6a425d94531c91e6d3cc24e4b75c2e601cfad211e0212acb824a6f434e48143e800570817df7efc7e38856c11b7d5c37cf3d14f3af9b9c09b6487bbad6c736f5503c07c6b9cff42fec8534878c919a14d3c96121e5ef97f064f3722f28f1b31499b32f49b9826e7b428efb05c8b55a911bbb634e7bf686f61b061cbef0d9e076f2d23864f4ffe2e407adee51db7baf54e91b5130a95f00cbfba1ff60a0fc607fa6f658b5ecfac05745267bff6c8c99f7a7de8cbfeae4106f1b491cce4c3d16dc91363e5b5b2c690c7bbacce5b2d1621cbf5428a8e7643bb38245549a61e0836255e0756814679b708b8bb9808e14cd5cef4ae46755cb2d4e3dfc942204ce2ae57b225bf65189de9d664ee26b1eaec068d2fd697648338581509035ecbb17326c37c7d953337c8e2f0254fa34efc68dbda33fe824e91adbfcd8e63a6b27da33cddde0dfcb2e3fbd601f2d24d3407dfadd099f5b40c2cb05dded900747f1474ff7ea3320c928b83e73206ec783b67cbba39f964ea0b82de897b2a901ea6adfcb03c62ef36e6577979fa1cc6f693d1f7eb026235a8880099a590bba5e8a0a7d04ca2246496cd5b534605a0eb37ddb029be8ec50f915edc94676427878b421865e101a85c9148c107b336e52853b4220329d39a0c5aae8c28fbfcc259a662acea391ab9bb8bf4df2871e233e58fb8ffb0c7871f18594e31135c399fd632d5ae777c813b7c21e9a6f5ce4bb4301b2dd5cf7be5bf30cab32c56caf9b97acae69216734df2bc79dd0df35c1c7008003ca0d43a8b49e5e22882af9cef3d3bb388e0987f12c29f2ca9181b65387910ff6f338c784c9c020c23d6444a0ecfda6f5d1d85c641f6634af5c53b2d9aa1174bfa31fa86bf2bc4401ea5383c1bd8fb215cccabb3ca81017cc97a8f4cb20096b1c67c7179a41db21a20a02804de81d8645317415ceed2dea1357743886de4041ea1ba591d89384672f5b6ca59953cc3edc6f8e16349c1c9ab3985b4589053e7d416a7b187acc7ed4450a1206973a8a117614229624707104b9aacba7966cbb7776e1d9228dacfdcc621f4ebe82bf239ef9f7f07bb36ecaa7718fa3697be915fccfbaf4de1fa69f76ad03abde772ed7124deff43988f59a4f67d89bd2e76a687d5f80cc3d268907d4af020c93b7071c9be1e44e70998929077389239b845aad53494c5c65773c10914895becff34f1cb413c41e1d43a725b6724b1b02abeece68c4a491402f6189dd7de3e1d50269dffe30d7d58ce033cb10787d79828615b8c3a1dc59885e7b913400e773a4cdb25a7492f79b94f47b20a650e1c762a07a0df0c6c22b511e6d496eacdf5d512516e68733316b9d7c0bb44d90e79adfc5081a50f4582a32b6caeabc52e081f3f8320729e720357fdfa8bfed3abca2b2a863a9f44f9692d3bc48cbf984c34424b250ca4582f3e6a445d4f669a11753ae199173a07afb92d8670368df943bd519abf362ca1d561904f9a470b303bd7fdf4dcab312546e22927228ba44372a675b9f0d05cea72e245de9c242c721a2892bb7f65f172addf0c6e28a0ebeea84bee63581bddbae30c424792eff2f2bb7f2a38a3651ce926fbcdc7936b3d0e838b7cb9e429b7cd2e60cc61f5b2927ae5c18a39d03eae3c83e1a7e407f91ee98a37647765ad1f051ab644bb4886e5bc6819dc72c5ec15168cabf1f5db59ce2e4b526684e9d2102c29e1f8f7185a2f8cb009136fb378ba52a52dad68f3950b538e36b5b9d54ba301cbf1467dbc6e2b653fbd54c13019e2390ae38d0c0bbc962f83c3def9ac5eaef26c3ab60c0ea32df51f8fccb02f392b4602785bf38c93c25c50ebced01e5cf4f100812c774839d1b78f0805f1fea70a334996e93d07878b5be15c3161ad8dc2a2776054702e42d74ef03d1fdc85b847bb08150b10ae78ea5e66f600beada94580f1b58a335ac327f4d8eed39d04a7d8c95a20fe3cb18a5ac32d79569d162499fbe86a844d213861ba8840b9f3507bffbfc9e233250262fd929baf0d0aab99eccc717aeb4076a860477bb3efba123ae1b3dae11db87c519b6f0855190164812d51686e802c6836b0e2effb7d2571d05e6a754df4ef1fa621fdcadd594a0db36bc7c00dfba095b49c933b165f27155175c0c764872e26cfbe39dc79fa2ff6e76301b2b422c4ce1611a44bf9edd6aa7b6b1b25115cace0958dfbeae4a22e2e97ac5e6cbc402caec17cc0d5fed81f51c36c4a83a3bc8925f3ff0fcf9e47892261358c46a184e3b9065b37160c86c7ac4cc2bc0b94ac18fcedeb2373427844e92a0066e9725958501502fbc3a1e799c5e7b0e54a1f3c0a79d8cc6bb22a8992c33149be2aea709883bcca869b1b6e33485759d0de0191b6d8c58be450fe0abac3ad5672920fc0df593ed517bb3e6a7c60ad1c9a9b7dd913f1528718935a2747c5ffe5c4c02d38a0a87f4456ee228dcc76816a545d26362397a535447e6cb5614f399d7ccb31afea91b22107cf45073978bbefffb977f1f399b49e16caaf9dc4c4346690771c1fcfb51c7c2643b8ecb00c1bfdefbda4ba0e1e8c446cf6a28ed7b8caa7850d1e1864f710224df50e4465a6e8ea518c1a2533b1ba250b078bb8bd5af4c5383bca1168f741693ebd146f87a304aa407fd3bd90905f25eefaf50623264b3f2ef6b1a0aacc2ad2fab34ff2a77e147012ef4565e5fc227163d79271f5f6cad8c176669674345b904b73b82c7839dd749355141778101f08bbe2dc8d1bb10af9c1412271bff9a0147c1160da80631b586e97ad206f48338d3c1dbbfd0825b63e0e4025a123d71957500776f73befaeb94fe5ce69ea3af33261d044cfa3f1007d42bee163575bf95fcd95286005dd4ee9676f0e66b25d8f44ccb6cc5fb2c36578516aa4b8689c0a0c09daba59b00fa5e8417194c49c21508b847b6cba5141396d664e3dc12234df6f346863d7f0a807252cc2f1fd381b190ded1b5e48522902b0ba6f77cacae84e4d501166a2ce0ed0c59c9cb2f84828b57b45a8b734566f06066d04a2987ba6b1f361e8e8dbb0ae91666440435e91405a16bddf556e213f1a62ecdf2f6204a768e34752bfa1d3c953056c6522ffbc78335b5fe9bb314ee97f69cb44d9f7d08e7b462eb869a4295883c6f565ed4b6e9de4d387be89b5b3aa638241d0e0f580845b3f40edf555c2efe69b882d8c201b0ca385098a8109ca6d396ce43a5656eda70589dd8d4e7817fb4ae14b4440984c2ce7dda0bb9fd333a333c18b772fedbfe122a6fffb1148c06feff013df33b8a9cb1322af6401f21faff57ab86eaa457d0b65b769b6f93930d2ab8dca8c845168c77a23dda3f05e72dc9eea3c20cd322287c10e08f26a22517b648f866517ffbf2b670265713ca8ac82ad64a4dbcefe957740726cf5c401beb0b707fb1efa1467b0847b5616637258a855a162981bcc23cb050a296bff06f46323cedc63fac31b6d0cd89e9b3126869bf70dd17218744932d44383bfd99f027a883fa45a3123ce9cca7487b2bdb71688078970df86c7b13123c82a76619736d6f1a2f5bf16d35ffb5c8dc8a811feb3f054769cfef8c1a7094397e1dcb1f851de76fcbfb17caa0a5a3922f50c227dc60091ec3163ef119610364f0b925928979f25e36e6eb4bbf8297e769dee303980679fc322732a165b3de1ce69356076c89470704dd787be86ad2a414ffe4cabefdbbd522747b9060123b26613bcf30eb5252a2e3ef8e79991d55b26866a6d1eeaba177e8b804fc2597f2b1cfab6f2d17d48a40de029473bb8e6b889dfc333f1d2e0f586772f776dec68689ba072e9657f90b37ebf5fa36a0485e417cad3db76c1cf5b720c3c855175d97bed9e3b27f42edeb4bc89172acfb8afa1ea59e0b48c378e213a33163329ff7f4b5bdaec030115a7d851a03ebeec35e2604e3b175581094b7e5a963d11c68523b4bf83351d44ee707897c1fcd8a402e5e2b301ad219bf0225ce242ee69e64e33a2cce9fa721fb924ae86cfc92278d749caa9c15d734a2e28138112bf4caa11bb196512160bbc59ab6433483bfdbb20159b2b3b4d6fb6cdb63b75fa1b54c6269e9865229b429d443c08a52fd80348d934c6e637af2412ec65165cc53ef408e252453b169a3990c794853a912ae441c4791f1087a3159d16fa4419b559d04064e9b964179a5fc8533bb86faa54c095330382be1fa0c16c321e7aff9f7c81c5f1d593ed0a25062cf2264ed1e7143c447cdcebe15ecae3d486dc4369884805b03709121ed01df2733cee861c592d2aaaea73faa1724e6e6bb97b593af9bbfae2a73aec89ba3a1e59e42d0a5ace81002d3391fc434ac46ba3d0e58e4a09ea7121e6d7297662eb3c34068862014c8402288318a83a7fa7a188a7c0be2f564690d3a9fb11f52022e4aa111fcb19303992ac957e38e20d3414cfbcbe12012230fd94b463bd7d07ed45b19534b2fb3776c56f206fb18d71551908add6283a091ef999691f83d28880c7cbb2024884cb79faec3260d8e32956d3ba086757b7adcb414f7fb6378855e829ee31976a91e13d0866ed8f2b095254464f94109ddfb7635ad1b8f579a66b12af86916c3cb9e8871613ab5cfc1a576743f0e70994da6226e685b3a7f9d69841ac511d3ada2382df73be96ef82f1e2141fd5542274fd4bc08b1703430f9b145ba3edfc7cea088a9d260f689b42b76d85b0d0194faf068753e27606bf7f9a7e72c88a829592076124aa29d188b18357176763b237b2a5178fadf1a7ce64832682b8c72070126e5e1532c6c61a395d0c75b3ede59f7a6146520027d04a3dcc172a78f3403555d40e0ae4f08a9716bf2a398945e3f226f5d9916d1392d32cab87f364c23d5c5ce8032b87c0e323b945200bdaf5e3d5836b4408241c974bc5fb0935132d657c9a9fe3ab7661551ad162c5b5aef7947d1d64ad46033ef585f45da4a4e18a7b9cb5bda7babc34168feba1458f358beba7c901e8dc9ff875f09812b481081b856c4436054668aafed2c88189adeec35b61448f8d631fe8a850439a9c31dc73010c922f521c55ce1a96012f3be5c7e5fc776c89751c6327d4fc885cdc73a2a3065811862ab3986f52e290de6552474f56c5ff1a5f66d4e122f3979191598aa45248441bd2422a9875927fe6c194ee623289ab1c1a48f7da01a2a3e3871acfa81affea38f2567f33b9dc9d789072de49e8ce7f5fbe7f2ccbd7b40d899a566d8fce56036389dbc9e02c4b0d9c53297c0c92fb7bb33e940f21cbf518d97804a5fc05beeec394d6b4b98ad03dc32f1df4dfeb777dccd0e1402ac51297e9501b77442c476844eb62a5239eb71375a2bdad9f6093d6cecca14415439a5264321d4ae78e343c847be3c8c2594ed3b169884b1072dd13e2014695e851365b1e79a38c205ab5f325cc95da0d67d359a5fed27170839edc4982acee0eb3843c6c31db6c5942292155009b301e74c116dfc4206489bcab3273ad01395c074cc9391001b3547a20f981f9d3257bd0b5f579a5b12eeed6c7359fdc5d592deb752d84426572dadf1c8235a940486065545a016937fad8e7ba06619cd4cc85f339670beb58fd50ef7ac5d08468a90e54993764a101ca1fb780fb2ae337dd61be90ce341f0bf0ac7cb559c9d8616ac53bf552254f3bf29b8b80203515950e84f3b89c44fda8113505315b7bc7c5d1cac1ebc1b212d9616b46534d41e6488647f6bb529b69078feaebcd7bd9ea54622748fcef82600d033ecd11af709c9ff0501e2f49dce68ca5a08d0d7d079d87a7eaf3329920d4189b209d682a907bcfc4cf836c210e4ae05ced0d495c83f43ed1048e9f3571eb676748011b2b1a319093a60f0cd3cb60dc3be9f5f0e137ca15bc382ecfce42e70ec50eb5bea076f519bbddcc245081ab82243feb68e697ac322b73b3eca4697a0a4b6f423ba607421c681d6cfdb136751beb01310930212525342f789407cc6e22985416ee9525475959dbf1ec2ad8be2ba62c580b9ccd7d1dc043042e778fc90d6e332627c17402c04b7c77dfe8d9400ed40d9b75b9129b94d8c85191313cc7cbf1fa03849119fae481b98ecf656c1870692fb149c6c71db028a2830457b5c4e50412d65770aa7df9762e2c61c6678715f918fdabe5445741597b204bf268eaeb6c9117faca5de8dda27cfd8b1bf93c5b6cc76805bd060320f35386a6d1c3cbf87fcd70e40829254844149ee103678f365ef58c3d9fa6fdfa52ecf4d2ce4d43bbecaec719e2e28e6ffe0d6e79ee37e6732f2fc4a8e46d0ccf1723a125ca4f642cf2a7dec7b279349a40df07e048e644d6539d887380a692722adcee73cd7566e9a597ac638ced326e814b6c31cd27ce1187127510608ef87cd52a81e765d089dd1a7ce39dab792ac63babc821b2b9f53bd83d5fa85d7ab45b30b0d0d1e152113ae7cbb791e755f7582adc01c89d2c85c51cd164c965157293f2e652b624066de29020a0bc64b9fefb21d733514876b1b58180d82011490be8ceb2237e87059389b184991de10ae955d65d33cc90e000fc2061c273768213caa86468cf4d3ec2adb6a31ab547934e8968fa1ee9323adb4bd35b8afccdf27d976f9d117e63737492751c072bbe2c46ee4a710c3ebfa4d9f96c69ac4421706a364af14ff79ab2507193bc97ef49603cd19eaa8fd224152fc10a0ff12b4bb6a8159ecf7e3d62345dac2e64a8b39db247262839e9b24f3e4192c3ab889dab5702ee96a01b3a74a43693203cd125976598b44a914ed2790152ae0cf5e5da2547ab5649ef886c9b2cb440ab2a68f5afaf871c789dae8218667e0c4c18c4f7b30c8b3b8793601984fb5f2e1933bff9feac7ecc6fe4c27d8ee232040ee82c4d79d1c7bf3e2605aad101741ff8b7b899942419475546921c57c71467874cfa52207cafb22e37ee64f968abf2e623f6538d7176a5842733ce2b55af2bcd67fce17c6553673bfc0e669ef71fef6ea9a2fb974bfbf3c59bfed7d5fa897dab62c7fc60057d90697abcfea7aa90368a846476920a5e1ca3488c5bf0d70dbd390bc244f54c81303515415195e00d9f8e8ae3f95470fefc3a3da071a4f16aac91aa92485a8bacaa131d1ca80f82ea3e319ac56b7029b700ebf519f9725b2755b2f4e5c592a434bfd7ebb71921dd3e4555dbbd984369e1ec2541dfd142dff317de33adf9ac4221b1f957116c077f401393e88c51e4e56b0c76e3c53d31531cd6309e442088f72943f6f1dc385e18bf4c80f285c7b6a4a7f36af657b864d64d5c5d48601604487f49f82618837e7901fc334eded1a827d4ca9e2ff07b818f2dc8d45afd5b690005698bd6ed57d499383f4c7e14619b6b50754e6f5d46dd40bca16036d9b444a324baa5e90a75ed79744af23470a8f7496b43ed9d475deeb8a6b0a85cf7daf8b5d506810c17c99ab374c46053b109e833d5fa2a440e839c713be0eb0987b1fbc2086e894bac13e52993dfc8a8c650749179f71b2f4bcc5cd97c4697eddee6ebea5001f22bfcb4bbc2ccbb124ae42f25df75d36a57bdeb2e51ae38454707095efb7f80bb938f4205908c117c86e73bbbe36849ebd319509a590213bf1c7627a8e7d401ac922e39e167f64d1311b3eb8621ab63e535d44549a0b6cc4266ccab1f51faf1e2e352e2d51916e886b64e1fb59b64e7e796b830e9ec754e14f83691ee23535c5dfe398576d0ad470c9454ec07e7cc755e5e547c3a16ad372778bb9e33532a8e9b441a2e585160b55918d06dd86dfa89f14805524cf1e0fb87fc96a115970b997bcbf240b69abb9cd49ea0754c7f5b593db4da431f39ef422c5d352d7f3bab01f628aa9d8abc50aa9a9e051efde7b5ddfa7813820e7e973f4290953655e231d371d82de366ed1006cafc5470f149f7034a7e87ed9bc98005c6d49fd97bb70faae8bbb953db3be12cc339405b8a4de7a9be6c152433604d1dcc1edf41b7588d7b56f88b18e3748743ae7487f6415fe8bff6c69b909508cda931f8d7568fcae1735f9c4ef62277f61ca8000f1005014e2043c2c4a5c2d830f52c24bfea51e74d6e3f0902bfa029f00936915a1b87593fda40133b7ad893a6edd550b4ddd3212bc3672a86a284f9632e29ad407242eb568584e30c7f0495adbe0dc92ed4b647b7f2b019cb73cb4efe143a66de3ec8fa5199b96c4773cfd4538fe7c1fa197551e8d7201b1cbedc57792bb040bec098cfa0e971437f87ee476db0e1644259c222926bb704fe00fb72c99973b3398c7fc1361f60b9260c9c0dadb853b2d75d26c640781f623822a1008df05977de780d51a139eee73f45c5071cdc364afb3c2d92bc60e56a700a5dc74015c6826f43e3315f98aaa2c4d7f26fcb1f218d5b73e0a161daebf37b576351c3dff416280d25f59e4bdb1d877d47c0b04b63bf095e0b7481f9c3c304ca464ee9ad8c03506bcdca2139315869ad18b23dbf25bcb8f3035b5adc6c6e5d1ce2cee0ba0f993c4b0f7e8501093b6fc0534bc5a594f6486fc44ded3978e7d5d1981b8e34744bd8e4602b3faf89684aa550309d031c7108bc622c46bf97e2e1ce447d1b60143cbdf1f141c73735849746c5899ea0a47beef223c35e4c3d9b71c7e94efcc6d9b1d22ac7bcbc93b3cc573af2dc7e51960a645f237b5aa1eb52f9dc97479a7246f42823cc822f7e3ce9a5576c8052ba5d8ea55db3a853a7529984ca0225b1a76a4b69f923e360b6e908ec7e78e50682a65bb8c5361504c160c8962bc50266861b760e5cbdd7a4bc5973d11710f3678aa483ef93c425a086f7947152a938fd7384a40a83abe32e3055e8f7483a836cb5cc5b4517c45b458821bc614d219ff5ec23bdb30a52ec1b41a3080ee215a07812b2e6efbc05e0f1e4ad5831923859686da594065d61026e20fc3d8da8a9c910aa5924262acbbd897ea89c27eadf4049c394669c8005920686c2c36dca51fb6af0b0d91a81131d053e51bc272c4038b7c84de4ee31ed7a48d32f3a1a765d970cfa80089698727faf6cad7f302279e0f0a8b864393d497515141e22d6c9b0fad78244311d9d75a5595f9949a881aed5bc030b1c5f4e1d5491d4eac22163016fd6931bbc952c1bb64f27bbd709e7f1428e7a45efe838966c24657a96c5323962baba38e2c32512fe5fb41e81968217aef3bbfce5755f9f7e36ea3669b61523ce7fe038165854039ac5e3451f7a9933483baf284913e3e03ae69463acecbf17798f214006100fe8000000000000000000000000000bb00cf224c58952f894cc1cbef201d1e30c31e400f7c3e793769cbdb99ff3f4fce6cac7023940ad0d0f6f805d599feb507e62f52fd0409932b56a89ed142a0fa82e0e79c18c7a6805de4cbe9644b27fcab3c1bb050ba291ebcb714658ecf6b3a22f38d4e824805306f40d29c120ab599024ad070ff12b36dc5aebcef2330eef4cec9ed430907e0b3d76508eea0e73017ba0cf706c9a0ab20e26b054edd75ce8c85a02e403020cc46f941484aa3f0bb3f11e1fc874636c89d3e501be61069fa7427c9cadb3e903027a69414fb7d0bf9000000"], 0x2760}, 0x1, 0x0, 0x0, 0x80}, 0x4) ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020662a, &(0x7f0000000240)=ANY=[@ANYBLOB="00080000000000000400000000000000020000000500000006000000000000000004000000000000020000000000000002000000000000000000000000000000000000000000000000200000000000000000000000000000050000006036768f0000000077f0ffffffffffff000000000000000000000000000000000000000000000000000400000000000000000000000000000010000000000000001000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000ffff0000000000000000000000000000000200000000000000000000000000000000000000000000001200000000000000000000000000003a11ffffffffffffffffffff00000000050000000000000000000000000000000000000000000000000200000000000000000000000000000001000000000000ffffffff00000000250700000000000000000000000000000000000000000000000800"/368]) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB="2cf88b0c2cae7c8c0500"]) dup2(r3, r5) [ 1329.362012] FAULT_INJECTION: forcing a failure. [ 1329.362012] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.363306] CPU: 0 PID: 15619 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.363922] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.364644] Call Trace: [ 1329.364899] dump_stack+0x107/0x167 [ 1329.365223] should_fail.cold+0x5/0xa [ 1329.365571] ? create_object.isra.0+0x3a/0xa20 [ 1329.365978] should_failslab+0x5/0x20 [ 1329.366322] kmem_cache_alloc+0x5b/0x310 [ 1329.366687] ? lock_release+0x680/0x680 [ 1329.367046] create_object.isra.0+0x3a/0xa20 [ 1329.367442] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.367901] kmem_cache_alloc+0x159/0x310 [ 1329.368272] kmem_cache_create_usercopy+0x190/0x2f0 [ 1329.368753] p9_client_create+0xc2b/0x11c0 [ 1329.369133] ? p9_client_flush+0x430/0x430 [ 1329.369509] ? trace_hardirqs_on+0x5b/0x180 [ 1329.369899] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.370324] ? __raw_spin_lock_init+0x36/0x110 [ 1329.370730] v9fs_session_init+0x1dd/0x1680 [ 1329.371119] ? lock_release+0x680/0x680 [ 1329.371475] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.371896] ? v9fs_show_options+0x690/0x690 [ 1329.372296] ? trace_hardirqs_on+0x5b/0x180 [ 1329.372674] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.373094] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.373541] v9fs_mount+0x79/0x8f0 [ 1329.373857] ? v9fs_write_inode+0x60/0x60 [ 1329.374229] legacy_get_tree+0x105/0x220 [ 1329.374587] vfs_get_tree+0x8e/0x300 [ 1329.374925] path_mount+0x1429/0x2120 [ 1329.375265] ? strncpy_from_user+0x9e/0x470 [ 1329.375653] ? finish_automount+0xa90/0xa90 [ 1329.376036] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.376453] ? _copy_from_user+0xfb/0x1b0 [ 1329.376827] __x64_sys_mount+0x282/0x300 [ 1329.377192] ? copy_mnt_ns+0xa00/0xa00 [ 1329.377538] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.378003] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.378470] do_syscall_64+0x33/0x40 [ 1329.378796] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.379253] RIP: 0033:0x7f0b176ffb19 [ 1329.379586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.379817] FAULT_INJECTION: forcing a failure. [ 1329.379817] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.381174] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.381220] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.384314] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.384939] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.385559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.386184] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1329.386837] CPU: 1 PID: 15620 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1329.387957] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.389294] Call Trace: [ 1329.389735] dump_stack+0x107/0x167 [ 1329.390339] should_fail.cold+0x5/0xa [ 1329.390963] ? p9_client_create+0xaf/0x11c0 [ 1329.391673] should_failslab+0x5/0x20 [ 1329.392302] kmem_cache_alloc_trace+0x55/0x320 [ 1329.393047] ? find_held_lock+0x2c/0x110 [ 1329.393070] p9_client_create+0xaf/0x11c0 [ 1329.393090] ? lock_downgrade+0x6d0/0x6d0 [ 1329.393115] ? p9_client_flush+0x430/0x430 [ 1329.393141] ? trace_hardirqs_on+0x5b/0x180 [ 1329.394168] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.394195] ? __raw_spin_lock_init+0x36/0x110 [ 1329.394221] v9fs_session_init+0x1dd/0x1680 [ 1329.395261] ? lock_release+0x680/0x680 [ 1329.398418] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.399196] ? v9fs_show_options+0x690/0x690 [ 1329.399759] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1329.399877] ? trace_hardirqs_on+0x5b/0x180 [ 1329.401330] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.402070] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.402899] v9fs_mount+0x79/0x8f0 [ 1329.403486] ? v9fs_write_inode+0x60/0x60 [ 1329.404165] legacy_get_tree+0x105/0x220 [ 1329.404848] vfs_get_tree+0x8e/0x300 [ 1329.405445] path_mount+0x1429/0x2120 [ 1329.406071] ? strncpy_from_user+0x9e/0x470 [ 1329.406767] ? finish_automount+0xa90/0xa90 [ 1329.407459] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.408206] ? _copy_from_user+0xfb/0x1b0 [ 1329.408887] __x64_sys_mount+0x282/0x300 [ 1329.409542] ? copy_mnt_ns+0xa00/0xa00 [ 1329.410180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.411026] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.411867] do_syscall_64+0x33/0x40 [ 1329.412471] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.413306] RIP: 0033:0x7f0d74438b19 [ 1329.413912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.416905] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.418119] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1329.419261] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.420414] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.421590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.422753] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:54:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:48 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49) [ 1329.518263] FAULT_INJECTION: forcing a failure. [ 1329.518263] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.518412] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1329.519316] CPU: 0 PID: 15706 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.519322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.519326] Call Trace: [ 1329.519344] dump_stack+0x107/0x167 [ 1329.519356] should_fail.cold+0x5/0xa [ 1329.519372] ? __kmem_cache_create+0x10e/0x520 [ 1329.519385] should_failslab+0x5/0x20 [ 1329.519395] kmem_cache_alloc_node+0x55/0x330 [ 1329.519410] __kmem_cache_create+0x10e/0x520 [ 1329.519424] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1329.519440] p9_client_create+0xc2b/0x11c0 [ 1329.519456] ? p9_client_flush+0x430/0x430 [ 1329.519469] ? trace_hardirqs_on+0x5b/0x180 [ 1329.519481] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.519496] ? __raw_spin_lock_init+0x36/0x110 [ 1329.519511] v9fs_session_init+0x1dd/0x1680 [ 1329.519522] ? lock_release+0x680/0x680 [ 1329.519537] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.519547] ? v9fs_show_options+0x690/0x690 [ 1329.519562] ? trace_hardirqs_on+0x5b/0x180 [ 1329.519575] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.519586] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.519601] v9fs_mount+0x79/0x8f0 [ 1329.519613] ? v9fs_write_inode+0x60/0x60 [ 1329.519626] legacy_get_tree+0x105/0x220 [ 1329.519637] vfs_get_tree+0x8e/0x300 [ 1329.519648] path_mount+0x1429/0x2120 [ 1329.519670] ? strncpy_from_user+0x9e/0x470 [ 1329.531206] ? finish_automount+0xa90/0xa90 [ 1329.531565] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.531958] ? _copy_from_user+0xfb/0x1b0 [ 1329.532305] __x64_sys_mount+0x282/0x300 [ 1329.532639] ? copy_mnt_ns+0xa00/0xa00 [ 1329.532976] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.533403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.533830] do_syscall_64+0x33/0x40 [ 1329.534155] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.534567] RIP: 0033:0x7f0b176ffb19 [ 1329.534871] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.536355] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.536990] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.537571] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.538163] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.538737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.539319] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1329.539967] kmem_cache_create(9p-fcall-cache) failed with error -22 [ 1329.540486] CPU: 0 PID: 15706 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.541056] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.541720] Call Trace: [ 1329.541935] dump_stack+0x107/0x167 [ 1329.542234] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1329.542660] p9_client_create+0xc2b/0x11c0 [ 1329.543009] ? p9_client_flush+0x430/0x430 [ 1329.543354] ? trace_hardirqs_on+0x5b/0x180 [ 1329.543702] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.544098] ? __raw_spin_lock_init+0x36/0x110 [ 1329.544468] v9fs_session_init+0x1dd/0x1680 [ 1329.544837] ? lock_release+0x680/0x680 [ 1329.545167] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.545564] ? v9fs_show_options+0x690/0x690 [ 1329.545926] ? trace_hardirqs_on+0x5b/0x180 [ 1329.546285] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.546658] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.547082] v9fs_mount+0x79/0x8f0 [ 1329.547375] ? v9fs_write_inode+0x60/0x60 [ 1329.547722] legacy_get_tree+0x105/0x220 [ 1329.548055] vfs_get_tree+0x8e/0x300 [ 1329.548365] path_mount+0x1429/0x2120 [ 1329.548677] ? strncpy_from_user+0x9e/0x470 [ 1329.549040] ? finish_automount+0xa90/0xa90 [ 1329.549394] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.549780] ? _copy_from_user+0xfb/0x1b0 [ 1329.550124] __x64_sys_mount+0x282/0x300 [ 1329.550461] ? copy_mnt_ns+0xa00/0xa00 [ 1329.550813] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.551251] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.551669] do_syscall_64+0x33/0x40 [ 1329.551976] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.552391] RIP: 0033:0x7f0b176ffb19 [ 1329.552698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.554175] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.554796] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.555377] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.555960] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.556538] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.557124] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:54:48 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 21) 04:54:48 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xffff0000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:54:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) 04:54:48 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:48 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) recvmsg$unix(r1, &(0x7f0000000880)={&(0x7f0000000240)=@abs, 0x6e, &(0x7f0000000780)=[{&(0x7f00000002c0)=""/204, 0xcc}, {&(0x7f0000000440)=""/137, 0x89}, {&(0x7f0000000500)=""/119, 0x77}, {&(0x7f00000003c0)=""/61, 0x3d}, {&(0x7f0000000580)=""/196, 0xc4}, {&(0x7f0000000680)=""/75, 0x4b}, {&(0x7f0000000700)=""/65, 0x41}], 0x7, &(0x7f0000000800)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x58}, 0x1) ioctl$sock_inet_SIOCGIFADDR(r6, 0x8915, &(0x7f00000008c0)={'veth0_to_bridge\x00', {0x2, 0x0, @multicast1}}) sendfile(r0, r5, &(0x7f0000000100)=0xe1c, 0x6) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r7, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r7}, 0x2c, {'wfdno', 0x3d, r2}}) 04:54:48 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50) 04:54:48 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1329.675014] FAULT_INJECTION: forcing a failure. [ 1329.675014] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.675962] CPU: 0 PID: 15738 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.676517] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.677171] Call Trace: [ 1329.677390] dump_stack+0x107/0x167 [ 1329.677682] should_fail.cold+0x5/0xa [ 1329.677999] ? __kmem_cache_create+0x10e/0x520 [ 1329.678368] should_failslab+0x5/0x20 [ 1329.678677] kmem_cache_alloc_node+0x55/0x330 [ 1329.679038] __kmem_cache_create+0x10e/0x520 [ 1329.679399] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1329.679813] p9_client_create+0xc2b/0x11c0 [ 1329.680163] ? p9_client_flush+0x430/0x430 [ 1329.680506] ? trace_hardirqs_on+0x5b/0x180 [ 1329.680866] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.681259] ? __raw_spin_lock_init+0x36/0x110 [ 1329.681627] v9fs_session_init+0x1dd/0x1680 [ 1329.681980] ? lock_release+0x680/0x680 [ 1329.682300] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.682689] ? v9fs_show_options+0x690/0x690 [ 1329.683050] ? trace_hardirqs_on+0x5b/0x180 [ 1329.683399] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.683767] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.684192] v9fs_mount+0x79/0x8f0 [ 1329.684484] ? v9fs_write_inode+0x60/0x60 [ 1329.684833] legacy_get_tree+0x105/0x220 [ 1329.685158] vfs_get_tree+0x8e/0x300 [ 1329.685452] path_mount+0x1429/0x2120 [ 1329.685764] ? strncpy_from_user+0x9e/0x470 [ 1329.686111] ? finish_automount+0xa90/0xa90 [ 1329.686455] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.686832] ? _copy_from_user+0xfb/0x1b0 [ 1329.687165] __x64_sys_mount+0x282/0x300 [ 1329.687493] ? copy_mnt_ns+0xa00/0xa00 [ 1329.687814] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.688232] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.688639] do_syscall_64+0x33/0x40 [ 1329.688949] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.689366] RIP: 0033:0x7f0b176ffb19 [ 1329.689666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.691115] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.691728] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.692310] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.692882] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.693457] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.694033] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1329.694741] kmem_cache_create(9p-fcall-cache) failed with error -22 [ 1329.695294] CPU: 0 PID: 15738 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.695862] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.696530] Call Trace: [ 1329.696752] dump_stack+0x107/0x167 [ 1329.697046] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1329.697476] p9_client_create+0xc2b/0x11c0 [ 1329.697821] ? p9_client_flush+0x430/0x430 [ 1329.698166] ? trace_hardirqs_on+0x5b/0x180 [ 1329.698514] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.698892] ? __raw_spin_lock_init+0x36/0x110 [ 1329.699264] v9fs_session_init+0x1dd/0x1680 [ 1329.699605] ? lock_release+0x680/0x680 [ 1329.699934] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.700315] ? v9fs_show_options+0x690/0x690 [ 1329.700671] ? trace_hardirqs_on+0x5b/0x180 [ 1329.701026] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.701399] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.701808] v9fs_mount+0x79/0x8f0 [ 1329.702099] ? v9fs_write_inode+0x60/0x60 [ 1329.702432] legacy_get_tree+0x105/0x220 [ 1329.702762] vfs_get_tree+0x8e/0x300 [ 1329.703061] path_mount+0x1429/0x2120 [ 1329.703374] ? strncpy_from_user+0x9e/0x470 [ 1329.703717] ? finish_automount+0xa90/0xa90 [ 1329.704067] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.704437] ? _copy_from_user+0xfb/0x1b0 [ 1329.704784] __x64_sys_mount+0x282/0x300 [ 1329.705107] ? copy_mnt_ns+0xa00/0xa00 [ 1329.705426] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.705843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.706269] do_syscall_64+0x33/0x40 [ 1329.706565] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.706978] RIP: 0033:0x7f0b176ffb19 [ 1329.707275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.708759] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.709369] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.709942] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.710518] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.711100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.711677] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1329.719981] FAULT_INJECTION: forcing a failure. [ 1329.719981] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.721817] CPU: 1 PID: 15751 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1329.722882] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.724136] Call Trace: [ 1329.724549] dump_stack+0x107/0x167 [ 1329.725150] should_fail.cold+0x5/0xa [ 1329.725729] ? create_object.isra.0+0x3a/0xa20 [ 1329.726468] should_failslab+0x5/0x20 [ 1329.727052] kmem_cache_alloc+0x5b/0x310 [ 1329.727715] ? kernel_text_address+0xf2/0x120 [ 1329.728402] create_object.isra.0+0x3a/0xa20 [ 1329.728483] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1329.729121] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.729153] kmem_cache_alloc_trace+0x151/0x320 [ 1329.731413] ? find_held_lock+0x2c/0x110 [ 1329.732091] p9_client_create+0xaf/0x11c0 [ 1329.732786] ? lock_downgrade+0x6d0/0x6d0 [ 1329.733468] ? p9_client_flush+0x430/0x430 [ 1329.734160] ? trace_hardirqs_on+0x5b/0x180 [ 1329.734867] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.735637] ? __raw_spin_lock_init+0x36/0x110 [ 1329.736387] v9fs_session_init+0x1dd/0x1680 [ 1329.737101] ? lock_release+0x680/0x680 [ 1329.737758] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.738529] ? v9fs_show_options+0x690/0x690 [ 1329.739254] ? trace_hardirqs_on+0x5b/0x180 [ 1329.739957] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.740698] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.741537] v9fs_mount+0x79/0x8f0 [ 1329.742117] ? v9fs_write_inode+0x60/0x60 [ 1329.742783] legacy_get_tree+0x105/0x220 [ 1329.743407] vfs_get_tree+0x8e/0x300 [ 1329.744007] path_mount+0x1429/0x2120 [ 1329.744616] ? strncpy_from_user+0x9e/0x470 [ 1329.745286] ? finish_automount+0xa90/0xa90 [ 1329.745979] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.746683] ? _copy_from_user+0xfb/0x1b0 [ 1329.747368] __x64_sys_mount+0x282/0x300 [ 1329.747976] ? copy_mnt_ns+0xa00/0xa00 [ 1329.748620] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.749494] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.750343] do_syscall_64+0x33/0x40 [ 1329.750956] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.751798] RIP: 0033:0x7f0d74438b19 [ 1329.752409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.755410] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.756657] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1329.757840] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.759004] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 04:54:48 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) [ 1329.760167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.761520] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:54:48 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:54:48 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xffffff8c, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1329.812376] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1329.840670] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:54:48 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000180)) r4 = socket$packet(0x11, 0x2, 0x300) sendmmsg(r4, &(0x7f0000002380)=[{{&(0x7f0000000c40)=@caif=@dgm={0x25, 0x2}, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000cc0)="bf", 0x1}], 0x1}}, {{&(0x7f0000000fc0)=@ieee802154={0x24, @short}, 0x80, 0x0}}], 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000040)) [ 1329.931339] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 ioctl$BTRFS_IOC_SPACE_INFO(r4, 0xc0109414, &(0x7f000000b9c0)=ANY=[@ANYBLOB="710600000000000050a9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e45942b241e6dfa5fa89fa97207f2946064ecc70337e713755de0993e9a1f516842a2dc91a26de8a6e461085fcd9cf8c3a1b18f4ec32e4a9ff24f958db8adb52d6c2204f57fcc9aff8c886c34ced4e48818e88bacd797e1677e3a4d9bc8d5823e89bfcdcda04833bf3b7b7c5241dd1af55edd85aabfa858f7175af7d2970561921bd04301396caeaf4519f56826300f740291510ec67a8e245703c1c1aad09d8d4709f22d514cf77c6bf7d21a83ee413fc7c79bd23742ef60c9935e482a289a25746a7d4b86d77dd60f952263f2af8fd340f2ef5348bf8cf4acc5e"]) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:54:49 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) 04:54:49 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51) [ 1329.937331] FAULT_INJECTION: forcing a failure. [ 1329.937331] name failslab, interval 1, probability 0, space 0, times 0 [ 1329.938326] CPU: 0 PID: 15916 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1329.938920] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1329.939609] Call Trace: [ 1329.939838] dump_stack+0x107/0x167 [ 1329.940148] should_fail.cold+0x5/0xa [ 1329.940477] ? create_object.isra.0+0x3a/0xa20 [ 1329.940873] should_failslab+0x5/0x20 [ 1329.941214] kmem_cache_alloc+0x5b/0x310 [ 1329.941572] create_object.isra.0+0x3a/0xa20 [ 1329.941942] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.942368] kmem_cache_alloc_node+0x169/0x330 [ 1329.942754] __kmem_cache_create+0x10e/0x520 [ 1329.943134] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1329.943575] p9_client_create+0xc2b/0x11c0 [ 1329.943945] ? p9_client_flush+0x430/0x430 [ 1329.944310] ? trace_hardirqs_on+0x5b/0x180 [ 1329.944678] ? lockdep_init_map_type+0x2c7/0x780 [ 1329.945087] ? __raw_spin_lock_init+0x36/0x110 [ 1329.945477] v9fs_session_init+0x1dd/0x1680 [ 1329.945838] ? lock_release+0x680/0x680 [ 1329.946172] ? kmem_cache_alloc_trace+0x151/0x320 [ 1329.946562] ? v9fs_show_options+0x690/0x690 [ 1329.946918] ? trace_hardirqs_on+0x5b/0x180 [ 1329.947260] ? kasan_unpoison_shadow+0x33/0x50 [ 1329.947628] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1329.948040] v9fs_mount+0x79/0x8f0 [ 1329.948325] ? v9fs_write_inode+0x60/0x60 [ 1329.948659] legacy_get_tree+0x105/0x220 [ 1329.948992] vfs_get_tree+0x8e/0x300 [ 1329.949296] path_mount+0x1429/0x2120 [ 1329.949607] ? strncpy_from_user+0x9e/0x470 [ 1329.949956] ? finish_automount+0xa90/0xa90 [ 1329.950304] ? getname_flags.part.0+0x1dd/0x4f0 [ 1329.950678] ? _copy_from_user+0xfb/0x1b0 [ 1329.951028] __x64_sys_mount+0x282/0x300 [ 1329.951350] ? copy_mnt_ns+0xa00/0xa00 [ 1329.951666] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1329.952086] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1329.952511] do_syscall_64+0x33/0x40 [ 1329.952824] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1329.953243] RIP: 0033:0x7f0b176ffb19 [ 1329.953543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1329.955040] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1329.955655] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1329.956238] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1329.956821] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1329.957406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1329.957990] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:55:04 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 22) 04:55:04 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:04 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xfffffff6, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:04 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1345.086928] FAULT_INJECTION: forcing a failure. [ 1345.086928] name failslab, interval 1, probability 0, space 0, times 0 [ 1345.088620] CPU: 1 PID: 15979 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1345.089674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1345.090868] Call Trace: [ 1345.091253] dump_stack+0x107/0x167 04:55:04 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52) [ 1345.091782] should_fail.cold+0x5/0xa [ 1345.092511] should_failslab+0x5/0x20 [ 1345.093081] __kmalloc_track_caller+0x79/0x370 [ 1345.093742] ? p9_client_create+0x41d/0x11c0 [ 1345.094394] kstrdup+0x36/0x70 [ 1345.094863] p9_client_create+0x41d/0x11c0 [ 1345.095488] ? lock_downgrade+0x6d0/0x6d0 [ 1345.096103] ? p9_client_flush+0x430/0x430 [ 1345.096734] ? trace_hardirqs_on+0x5b/0x180 [ 1345.097388] ? lockdep_init_map_type+0x2c7/0x780 [ 1345.098106] ? __raw_spin_lock_init+0x36/0x110 [ 1345.098787] v9fs_session_init+0x1dd/0x1680 [ 1345.099428] ? lock_release+0x680/0x680 [ 1345.100022] ? kmem_cache_alloc_trace+0x151/0x320 [ 1345.100735] ? v9fs_show_options+0x690/0x690 [ 1345.101400] ? trace_hardirqs_on+0x5b/0x180 [ 1345.102045] ? kasan_unpoison_shadow+0x33/0x50 [ 1345.102706] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.103443] v9fs_mount+0x79/0x8f0 [ 1345.103967] ? v9fs_write_inode+0x60/0x60 [ 1345.104577] legacy_get_tree+0x105/0x220 [ 1345.104886] FAULT_INJECTION: forcing a failure. [ 1345.104886] name failslab, interval 1, probability 0, space 0, times 0 [ 1345.105176] vfs_get_tree+0x8e/0x300 [ 1345.105202] path_mount+0x1429/0x2120 [ 1345.107842] ? strncpy_from_user+0x9e/0x470 [ 1345.108472] ? finish_automount+0xa90/0xa90 [ 1345.109104] ? getname_flags.part.0+0x1dd/0x4f0 [ 1345.109780] ? _copy_from_user+0xfb/0x1b0 [ 1345.110396] __x64_sys_mount+0x282/0x300 [ 1345.110985] ? copy_mnt_ns+0xa00/0xa00 [ 1345.111555] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1345.112314] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1345.113073] do_syscall_64+0x33/0x40 [ 1345.113623] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1345.114362] RIP: 0033:0x7f0d74438b19 [ 1345.114909] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1345.117547] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.118646] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1345.119676] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1345.120703] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1345.121741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1345.122768] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1345.123816] CPU: 0 PID: 15982 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1345.124841] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1345.126055] Call Trace: [ 1345.126442] dump_stack+0x107/0x167 [ 1345.126984] should_fail.cold+0x5/0xa [ 1345.127545] ? create_object.isra.0+0x3a/0xa20 [ 1345.128224] should_failslab+0x5/0x20 [ 1345.128784] kmem_cache_alloc+0x5b/0x310 [ 1345.129389] ? mark_held_locks+0x9e/0xe0 [ 1345.129991] create_object.isra.0+0x3a/0xa20 [ 1345.130647] kmemleak_alloc_percpu+0xa0/0x100 [ 1345.131314] pcpu_alloc+0x4e2/0x1240 [ 1345.131874] __kmem_cache_create+0x35a/0x520 [ 1345.132533] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1345.133308] p9_client_create+0xc2b/0x11c0 [ 1345.133944] ? p9_client_flush+0x430/0x430 [ 1345.134567] ? trace_hardirqs_on+0x5b/0x180 [ 1345.135211] ? lockdep_init_map_type+0x2c7/0x780 [ 1345.135915] ? __raw_spin_lock_init+0x36/0x110 [ 1345.136597] v9fs_session_init+0x1dd/0x1680 [ 1345.137247] ? lock_release+0x680/0x680 [ 1345.137847] ? kmem_cache_alloc_trace+0x151/0x320 [ 1345.138551] ? v9fs_show_options+0x690/0x690 [ 1345.139226] ? trace_hardirqs_on+0x5b/0x180 [ 1345.139865] ? kasan_unpoison_shadow+0x33/0x50 [ 1345.140544] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.141327] v9fs_mount+0x79/0x8f0 [ 1345.141874] ? v9fs_write_inode+0x60/0x60 [ 1345.142491] legacy_get_tree+0x105/0x220 [ 1345.143105] vfs_get_tree+0x8e/0x300 [ 1345.143677] path_mount+0x1429/0x2120 [ 1345.144255] ? strncpy_from_user+0x9e/0x470 [ 1345.144907] ? finish_automount+0xa90/0xa90 [ 1345.145555] ? getname_flags.part.0+0x1dd/0x4f0 [ 1345.146253] ? _copy_from_user+0xfb/0x1b0 [ 1345.146885] __x64_sys_mount+0x282/0x300 [ 1345.147483] ? copy_mnt_ns+0xa00/0xa00 [ 1345.148082] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1345.148852] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1345.149616] do_syscall_64+0x33/0x40 [ 1345.150182] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1345.150950] RIP: 0033:0x7f0b176ffb19 [ 1345.151517] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1345.154201] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.155346] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1345.155368] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1345.157459] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1345.157471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1345.157482] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:55:04 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) 04:55:04 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) connect$inet(r2, &(0x7f0000000100)={0x2, 0x4e23, @local}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r3, 0xc0189373, &(0x7f0000000180)={{0x1, 0x1, 0x18, r0, {0x7}}, './file1\x00'}) ioctl$SG_GET_VERSION_NUM(r4, 0x2282, &(0x7f0000000240)) 04:55:04 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1345.221568] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1345.258203] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:04 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 23) 04:55:04 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r1 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r1, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r1, 0x8008330e, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r3, 0x1}, 0x14}}, 0x0) sendfile(r2, 0xffffffffffffffff, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:04 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53) 04:55:04 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={&(0x7f0000000180), 0x4}, 0x2410, 0x0, 0x2, 0x2}, 0x0, 0x2, 0xffffffffffffffff, 0xa) r1 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r1, 0x1, &(0x7f0000000440)={0xca, 0x3, 0x1ff, "f5f6ebaa11d5b63d1a5813d264e348380148b491460d5f3d98886614d05032cd252002ab6aeb62872f0879aee42a3edd6993843a320fd74927776e298e0314859bacb71b9e8b6e451ab5f1dcded6f06a6dd7e013a82f0d5977911e4c51f3af0dfeeff4f21b44467d398e02b35b21096e4cee8b4c734aa8b0667c005bc5237cadb4a305f2f4b04fecba9dca90a881ffd478ad70c1cee4bbbded95bfb404360e3a330f37c9d4ffcd095773a9d5562905f8a29692b7bad6d339ac84535b1657dd3fc7c1be6020a08aa41728"}) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xa, &(0x7f0000000340)=0x8, 0x4) ioctl$PERF_EVENT_IOC_DISABLE(r0, 0x2401, 0xffffffffffffff5c) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r5 = fork() perf_event_open(&(0x7f0000000540)={0x4, 0x80, 0x0, 0x0, 0xf8, 0x81, 0x0, 0xffffffff, 0x441, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x14ef, 0x1, @perf_bp={&(0x7f0000000380)}, 0x1000, 0x101, 0x8, 0x8, 0x9f24, 0xffffffff, 0x101, 0x0, 0xffffffff, 0x0, 0x2}, r5, 0x5, r2, 0xa) r6 = accept$unix(r2, &(0x7f0000000240), &(0x7f0000000100)=0x6e) r7 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000a40), 0x60042, 0x0) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000a80)=ANY=[@ANYBLOB="ffffffffffffffff00000000000000000700000000000000", @ANYRES32=r6, @ANYBLOB="00000000ffffff7f00"/28, @ANYRES32=r4, @ANYBLOB="00000000f7ffffffffffffff00"/28, @ANYRES32=r0, @ANYBLOB='\x00\x00\x00\x00\t\x00'/28, @ANYRES32=r3, @ANYBLOB="00000000a8ea00"/28, @ANYRES32=r2, @ANYBLOB="000000000500"/28, @ANYRES32=r7, @ANYBLOB="000000005806000000000000000000006140cac6636c7c3c00000000", @ANYRES32=r0, @ANYBLOB="0000000081c1395100"/28]) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r2}}) getsockopt$IPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x43, &(0x7f00000002c0)={'NETMAP\x00'}, &(0x7f0000000300)=0x1e) [ 1345.343679] FAULT_INJECTION: forcing a failure. [ 1345.343679] name failslab, interval 1, probability 0, space 0, times 0 [ 1345.345418] CPU: 0 PID: 16097 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1345.346428] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1345.347622] Call Trace: [ 1345.348019] dump_stack+0x107/0x167 [ 1345.348551] should_fail.cold+0x5/0xa [ 1345.349118] ? create_object.isra.0+0x3a/0xa20 [ 1345.349784] should_failslab+0x5/0x20 [ 1345.350345] kmem_cache_alloc+0x5b/0x310 [ 1345.350947] ? lock_downgrade+0x6d0/0x6d0 [ 1345.351577] create_object.isra.0+0x3a/0xa20 [ 1345.352234] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.353009] __kmalloc_track_caller+0x177/0x370 [ 1345.353701] ? p9_client_create+0x41d/0x11c0 [ 1345.354371] kstrdup+0x36/0x70 [ 1345.354851] p9_client_create+0x41d/0x11c0 [ 1345.355472] ? lock_downgrade+0x6d0/0x6d0 [ 1345.356083] ? p9_client_flush+0x430/0x430 [ 1345.356707] ? trace_hardirqs_on+0x5b/0x180 [ 1345.357348] ? lockdep_init_map_type+0x2c7/0x780 [ 1345.358044] ? __raw_spin_lock_init+0x36/0x110 [ 1345.358719] v9fs_session_init+0x1dd/0x1680 [ 1345.359350] ? lock_release+0x680/0x680 [ 1345.359947] ? kmem_cache_alloc_trace+0x151/0x320 [ 1345.360652] ? v9fs_show_options+0x690/0x690 [ 1345.361314] ? trace_hardirqs_on+0x5b/0x180 [ 1345.361953] ? kasan_unpoison_shadow+0x33/0x50 [ 1345.362626] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.363374] v9fs_mount+0x79/0x8f0 [ 1345.363902] ? v9fs_write_inode+0x60/0x60 [ 1345.364509] legacy_get_tree+0x105/0x220 [ 1345.365113] vfs_get_tree+0x8e/0x300 [ 1345.365659] path_mount+0x1429/0x2120 [ 1345.366227] ? strncpy_from_user+0x9e/0x470 [ 1345.366860] ? finish_automount+0xa90/0xa90 [ 1345.367493] ? getname_flags.part.0+0x1dd/0x4f0 [ 1345.368174] ? _copy_from_user+0xfb/0x1b0 [ 1345.368787] __x64_sys_mount+0x282/0x300 [ 1345.369387] ? copy_mnt_ns+0xa00/0xa00 [ 1345.369971] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1345.370738] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1345.371513] do_syscall_64+0x33/0x40 [ 1345.372062] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1345.372815] RIP: 0033:0x7f0d74438b19 [ 1345.373369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1345.376020] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.377133] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1345.378167] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1345.379202] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1345.380235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1345.381276] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1345.453186] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1345.473837] FAULT_INJECTION: forcing a failure. [ 1345.473837] name failslab, interval 1, probability 0, space 0, times 0 [ 1345.475547] CPU: 1 PID: 16105 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1345.476575] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1345.477774] Call Trace: [ 1345.478167] dump_stack+0x107/0x167 [ 1345.478705] should_fail.cold+0x5/0xa [ 1345.479273] ? __kernfs_new_node+0xd4/0x860 [ 1345.479904] should_failslab+0x5/0x20 [ 1345.480463] kmem_cache_alloc+0x5b/0x310 [ 1345.481078] __kernfs_new_node+0xd4/0x860 [ 1345.481693] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1345.482397] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1345.483175] kernfs_new_node+0x18d/0x250 [ 1345.483773] kernfs_create_dir_ns+0x49/0x160 [ 1345.484419] sysfs_create_dir_ns+0x127/0x290 [ 1345.485067] ? sysfs_create_mount_point+0xb0/0xb0 [ 1345.485774] ? rwlock_bug.part.0+0x90/0x90 [ 1345.486397] ? do_raw_spin_unlock+0x4f/0x220 [ 1345.487043] kobject_add_internal+0x25e/0xa30 [ 1345.487704] kobject_init_and_add+0x101/0x160 [ 1345.488358] ? kobject_create_and_add+0xb0/0xb0 [ 1345.489049] ? wait_for_completion_io+0x270/0x270 [ 1345.489749] ? kernfs_name_hash+0xe7/0x110 [ 1345.490380] sysfs_slab_add+0x172/0x200 [ 1345.490974] __kmem_cache_create+0x3db/0x520 [ 1345.491618] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1345.492352] p9_client_create+0xc2b/0x11c0 [ 1345.492989] ? p9_client_flush+0x430/0x430 [ 1345.493606] ? trace_hardirqs_on+0x5b/0x180 [ 1345.494235] ? lockdep_init_map_type+0x2c7/0x780 [ 1345.494929] ? __raw_spin_lock_init+0x36/0x110 [ 1345.495597] v9fs_session_init+0x1dd/0x1680 [ 1345.496230] ? lock_release+0x680/0x680 [ 1345.496824] ? kmem_cache_alloc_trace+0x151/0x320 [ 1345.497534] ? v9fs_show_options+0x690/0x690 [ 1345.498184] ? trace_hardirqs_on+0x5b/0x180 [ 1345.498817] ? kasan_unpoison_shadow+0x33/0x50 [ 1345.499486] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.500233] v9fs_mount+0x79/0x8f0 [ 1345.500754] ? v9fs_write_inode+0x60/0x60 [ 1345.501371] legacy_get_tree+0x105/0x220 [ 1345.501966] vfs_get_tree+0x8e/0x300 [ 1345.502506] path_mount+0x1429/0x2120 [ 1345.503072] ? strncpy_from_user+0x9e/0x470 [ 1345.503699] ? finish_automount+0xa90/0xa90 [ 1345.504328] ? getname_flags.part.0+0x1dd/0x4f0 [ 1345.505014] ? _copy_from_user+0xfb/0x1b0 [ 1345.505626] __x64_sys_mount+0x282/0x300 [ 1345.506216] ? copy_mnt_ns+0xa00/0xa00 [ 1345.506795] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1345.507554] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1345.508302] do_syscall_64+0x33/0x40 [ 1345.508850] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1345.509597] RIP: 0033:0x7f0b176ffb19 [ 1345.510141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1345.512771] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.513871] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1345.514893] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1345.515920] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1345.516952] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1345.517981] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1345.519929] kobject_add_internal failed for 9p-fcall-cache (error: -12 parent: slab) [ 1345.521230] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1345.522191] CPU: 1 PID: 16105 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1345.523186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1345.524388] Call Trace: [ 1345.524775] dump_stack+0x107/0x167 [ 1345.525315] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1345.526084] p9_client_create+0xc2b/0x11c0 [ 1345.526710] ? p9_client_flush+0x430/0x430 [ 1345.527336] ? trace_hardirqs_on+0x5b/0x180 [ 1345.527968] ? lockdep_init_map_type+0x2c7/0x780 [ 1345.528656] ? __raw_spin_lock_init+0x36/0x110 [ 1345.529337] v9fs_session_init+0x1dd/0x1680 [ 1345.529978] ? lock_release+0x680/0x680 [ 1345.530568] ? kmem_cache_alloc_trace+0x151/0x320 [ 1345.531271] ? v9fs_show_options+0x690/0x690 [ 1345.531931] ? trace_hardirqs_on+0x5b/0x180 [ 1345.532580] ? kasan_unpoison_shadow+0x33/0x50 [ 1345.533268] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1345.534013] v9fs_mount+0x79/0x8f0 [ 1345.534535] ? v9fs_write_inode+0x60/0x60 [ 1345.535149] legacy_get_tree+0x105/0x220 [ 1345.535741] vfs_get_tree+0x8e/0x300 [ 1345.536286] path_mount+0x1429/0x2120 [ 1345.536847] ? strncpy_from_user+0x9e/0x470 [ 1345.537485] ? finish_automount+0xa90/0xa90 [ 1345.538117] ? getname_flags.part.0+0x1dd/0x4f0 [ 1345.538801] ? _copy_from_user+0xfb/0x1b0 [ 1345.539421] __x64_sys_mount+0x282/0x300 [ 1345.540014] ? copy_mnt_ns+0xa00/0xa00 [ 1345.540593] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1345.541374] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1345.542138] do_syscall_64+0x33/0x40 [ 1345.542683] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1345.543437] RIP: 0033:0x7f0b176ffb19 [ 1345.543983] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1345.546636] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1345.547732] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1345.548765] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1345.549801] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1345.550830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1345.551870] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:55:18 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54) 04:55:18 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 24) 04:55:18 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xedc000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:18 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:18 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) 04:55:18 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:18 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:18 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) r3 = socket$inet_icmp(0x2, 0x2, 0x1) connect$inet(r3, &(0x7f0000000100)={0x2, 0x4e23, @multicast1}, 0x10) [ 1358.970026] FAULT_INJECTION: forcing a failure. [ 1358.970026] name failslab, interval 1, probability 0, space 0, times 0 [ 1358.971985] CPU: 1 PID: 16118 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1358.973050] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1358.974320] Call Trace: [ 1358.974731] dump_stack+0x107/0x167 [ 1358.975285] should_fail.cold+0x5/0xa [ 1358.975868] ? create_object.isra.0+0x3a/0xa20 [ 1358.976564] should_failslab+0x5/0x20 [ 1358.977156] kmem_cache_alloc+0x5b/0x310 [ 1358.977783] create_object.isra.0+0x3a/0xa20 [ 1358.978441] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1358.979201] kmem_cache_alloc+0x159/0x310 [ 1358.979826] __kernfs_new_node+0xd4/0x860 [ 1358.980457] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1358.981191] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1358.981989] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1358.982771] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1358.983569] kernfs_new_node+0x18d/0x250 [ 1358.984179] kernfs_create_dir_ns+0x49/0x160 [ 1358.984203] sysfs_create_dir_ns+0x127/0x290 [ 1358.984222] ? sysfs_create_mount_point+0xb0/0xb0 [ 1358.984242] ? rwlock_bug.part.0+0x90/0x90 [ 1358.984271] ? do_raw_spin_unlock+0x4f/0x220 [ 1358.987490] kobject_add_internal+0x25e/0xa30 [ 1358.988161] kobject_init_and_add+0x101/0x160 [ 1358.988819] ? kobject_create_and_add+0xb0/0xb0 [ 1358.989515] ? wait_for_completion_io+0x270/0x270 [ 1358.990224] ? kernfs_name_hash+0xe7/0x110 [ 1358.990856] ? kernfs_find_ns+0x256/0x380 [ 1358.991478] sysfs_slab_add+0x172/0x200 [ 1358.992073] __kmem_cache_create+0x3db/0x520 [ 1358.992743] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1358.993499] p9_client_create+0xc2b/0x11c0 [ 1358.994141] ? p9_client_flush+0x430/0x430 [ 1358.994762] ? trace_hardirqs_on+0x5b/0x180 [ 1358.995396] ? lockdep_init_map_type+0x2c7/0x780 [ 1358.996123] ? __raw_spin_lock_init+0x36/0x110 [ 1358.996808] v9fs_session_init+0x1dd/0x1680 [ 1358.997446] ? lock_release+0x680/0x680 [ 1358.998058] ? kmem_cache_alloc_trace+0x151/0x320 [ 1358.998775] ? v9fs_show_options+0x690/0x690 [ 1358.999446] ? trace_hardirqs_on+0x5b/0x180 [ 1359.000101] ? kasan_unpoison_shadow+0x33/0x50 [ 1359.000785] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1359.001556] v9fs_mount+0x79/0x8f0 [ 1359.002099] ? v9fs_write_inode+0x60/0x60 [ 1359.002733] legacy_get_tree+0x105/0x220 [ 1359.003353] vfs_get_tree+0x8e/0x300 [ 1359.003898] path_mount+0x1429/0x2120 [ 1359.004468] ? strncpy_from_user+0x9e/0x470 [ 1359.005127] ? finish_automount+0xa90/0xa90 [ 1359.005780] ? getname_flags.part.0+0x1dd/0x4f0 [ 1359.006484] ? _copy_from_user+0xfb/0x1b0 [ 1359.007122] __x64_sys_mount+0x282/0x300 [ 1359.007737] ? copy_mnt_ns+0xa00/0xa00 [ 1359.008316] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1359.009087] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1359.009860] do_syscall_64+0x33/0x40 [ 1359.010408] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1359.011164] RIP: 0033:0x7f0b176ffb19 [ 1359.011711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1359.014419] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1359.015528] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1359.016584] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1359.017650] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1359.018690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1359.019741] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1359.028946] FAULT_INJECTION: forcing a failure. [ 1359.028946] name failslab, interval 1, probability 0, space 0, times 0 [ 1359.030594] CPU: 1 PID: 16129 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1359.031586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1359.032777] Call Trace: [ 1359.033175] dump_stack+0x107/0x167 [ 1359.033708] should_fail.cold+0x5/0xa [ 1359.034287] should_failslab+0x5/0x20 [ 1359.034844] __kmalloc_track_caller+0x79/0x370 [ 1359.035530] ? p9_client_create+0x51e/0x11c0 [ 1359.036190] kmemdup_nul+0x2d/0xa0 [ 1359.036726] p9_client_create+0x51e/0x11c0 [ 1359.037370] ? p9_client_flush+0x430/0x430 [ 1359.038025] ? trace_hardirqs_on+0x5b/0x180 [ 1359.038659] ? lockdep_init_map_type+0x2c7/0x780 [ 1359.039127] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1359.039376] ? __raw_spin_lock_init+0x36/0x110 [ 1359.041334] v9fs_session_init+0x1dd/0x1680 [ 1359.041986] ? lock_release+0x680/0x680 [ 1359.042597] ? kmem_cache_alloc_trace+0x151/0x320 [ 1359.043309] ? v9fs_show_options+0x690/0x690 [ 1359.043968] ? trace_hardirqs_on+0x5b/0x180 [ 1359.044604] ? kasan_unpoison_shadow+0x33/0x50 [ 1359.045288] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1359.046055] v9fs_mount+0x79/0x8f0 [ 1359.046596] ? v9fs_write_inode+0x60/0x60 [ 1359.047216] legacy_get_tree+0x105/0x220 [ 1359.047829] vfs_get_tree+0x8e/0x300 [ 1359.048380] path_mount+0x1429/0x2120 [ 1359.048967] ? strncpy_from_user+0x9e/0x470 [ 1359.049605] ? finish_automount+0xa90/0xa90 [ 1359.050264] ? getname_flags.part.0+0x1dd/0x4f0 [ 1359.050957] ? _copy_from_user+0xfb/0x1b0 [ 1359.051593] __x64_sys_mount+0x282/0x300 [ 1359.052199] ? copy_mnt_ns+0xa00/0xa00 [ 1359.052789] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1359.052808] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1359.052833] do_syscall_64+0x33/0x40 [ 1359.054902] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1359.055666] RIP: 0033:0x7f0d74438b19 [ 1359.056219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1359.058952] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1359.060069] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1359.061138] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1359.062200] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1359.063244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1359.064309] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1359.099696] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:32 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1373.217625] FAULT_INJECTION: forcing a failure. [ 1373.217625] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.219250] CPU: 1 PID: 16247 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1373.220201] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1373.221284] Call Trace: [ 1373.221653] dump_stack+0x107/0x167 [ 1373.222148] should_fail.cold+0x5/0xa [ 1373.222679] ? create_object.isra.0+0x3a/0xa20 [ 1373.223308] should_failslab+0x5/0x20 [ 1373.223839] kmem_cache_alloc+0x5b/0x310 [ 1373.224405] create_object.isra.0+0x3a/0xa20 [ 1373.225009] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.225717] __kmalloc_track_caller+0x177/0x370 [ 1373.226364] ? p9_client_create+0x51e/0x11c0 [ 1373.226973] kmemdup_nul+0x2d/0xa0 [ 1373.227466] p9_client_create+0x51e/0x11c0 [ 1373.228071] ? p9_client_flush+0x430/0x430 04:55:32 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, 0xffffffffffffffff, 0x0, 0xffe3) copy_file_range(r3, &(0x7f00000003c0)=0x1000, r0, &(0x7f00000004c0)=0x6, 0xffffffff00000000, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r4, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x81001, &(0x7f00000005c0)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f3d9bcdc704615dce14f301ea1e5e", @ANYBLOB="0f063b915d7d8401f4dd0b4ffba01f0079b193e05712e882864784bbde694691dded9bf9e20d94187f8d4eaabd78ef6a1dc2973a36d14a95a1327f22cb42c1e23aae085fbbecc0ac3df0788d812f14d1fdc4f132cd94e42303711730f6e1123d4d2ce9d6fd141d6f48527b3ea5b836d54d59a425d5b78819846b10245325f6ee74825236a1f5900561402c15ba78a48be4e85aa24a513a5b1e50176b5e4385db2f4e1a199609cb73dad779f65a490d164dfe482162b3867c4d7b23dc2b3cfb293d7d4b74f63d4002094c7af0c901d9fb49f33fa402260707f676306b3b615a54308a17098fe47ddc0b301c8fc7bf91173babe320d17ec6579caeaad3cbe4f55c83d91c74f2fc7082c825fed14d6e20546ab27b197e171e6c6d0c9e38b1390bee7f48c408b2e79e9c8b63bf9633145953b7a74e7613dcb71b8ade38b23cc715927b76aad54c826cd9a44844e39dcb500e43b076d91077c84015c36a0fc43b433bad0941e1c1b72c3f02eccf81cb8479dc1709f54a6cb0045d22f6d22d6509e27c5541789a5b4d7fa35fb8f1faafe0477fb821c9a294a703e6048b330d2fb64d7010356742d8c6c2baf59e510a2c4bee0d036337e2bbf60f09b9af1c7bfc5dba5693ca415b9feb600d703fcb9d7740a2f7673ab87972b1b83859120aa94f2bfa8072fcc564b2c2cb6f8d546634a8565d008ab0d974750d7f3203adfd3a2a7db247eb86a64d938289cbc33d13160f2db6b6f73c2121d64fca8476c9101d300e319ad6093bbb7f13b7cbb980bd81de502a183e8fc1d5009b4e9d59b155819cfdcd38c9ba4fb2ea1d7fd8a60d7c18a486bc5193eb6e286526faa3b12c7153db28765f147f42d3569579bc1e211365afe43cbdec41e998f3a939b38686a8adea111656cab203d75700c984eb71a08fa55573ff3eed7caf6ca5e321d6dfdbbd3c70c3822dc081858e545440d77c19b53c44874b34026735d7bde9c62b0ccf47eb3f893c39ed3a34f6d966575b34edc134333307b037f017132705e57880641fc26e2e167ab9715a6e03b619788628c422f4b7de68cc9f10b6ed1de9c0a5bfc5772e318d4ea4c96f7d408059097da358843893ff4534a8090019ffd747e71a3e530b57f33343b1185e1651d4d1f1b9d91e090a7a8d16ae3ee2871bad42eaebf8e239a45ba3559951ba7d7759cd75401d402d1408e4acdb2131b1741c8750e047fd9ae33f2bb05f6024d5a9c2c9b0fdbec2fb7ce0129098c0ea7501e7c9bc59c49fbbd3bb05b14a9b809246c516451ddcc24464cefd192917b40f1c53622424dd57bbe7ee76e8c2c832d97e87691ac279888d7e0633a39992fc57956904418cddf07f7f355476e329ec04fcecb2fa8e9acc641ca0462e38a6e5fb37894e2d6252cb17af894929d24b6493cb659e6a7b13000aede638435c050172e9baa4ab93587b6f65c814d00f78d678a7128811afec11663c34f0868685668d493a0925f9a0b63e8f26c9879047f461276f171384917ef502be2eecbd24c9164fabe7db9a0905188a7c77527a6000adf6a901a91e944e40392e0b7dca0e5e39b07b07cab06b9af274008f8bfa6fa3bb7d375a9a66f075b351db7b4cd135b0ef591f8cd9cd2dccf39553ea4e4b18d3a141bb67863d3814c9d4114bc7874b36cf2fa0766cc7b9d98f7d2e894dcc143433e8c261de3cc864130c7bdae41128ef2c7c30b3da6e9da1feed93857577f0277613b38a18a73cc22c3d6b763d0fd7d226b783725ba879abe3bbe652490690a6ae8022faefbd07a83e16ee76c5d83ef048b4a2447a28b884c38c1aa7b9c9ea5a55b3c137be60d09c03ba9aca7c05e635bf3ed31f57599b2b9aa275222bbb7d5ecce4a56ff6e72dd3e9463f5eb99ea36ff947a0f07b334700ad0b7d789f472b278030c73210a0bcfebcf7f2491662314e1e97b64ec16e96c37fcd88d3d5ec484edf93b9f8ab2334a32df2ba343894fa89a293c41f74d9b9fccda6851e2d65304c01c42b1045b3eb37d66e2369988c2d9fef4f83a5527e1f71b9257766e41841c9ae29fd15b78a07e6ee9861da646efdc5a8507013422639634752372b3a4535fd99ee45e0b19930991edfff231e356165285ddd6fe4dd46f795e8431dc1d98f6a19eccec890376abd10b1b9ff7c61ba9fc202e2471ecc15c3902d8dd7398e0a176fcf1ebc06f3b04503cabfbe404bc642f0bfb802c39c51501c380e11aea5f2ea31abf1ceadf22500483ae9a45ad1a079955533d3d149b24483738f68300503373b5ee50b6b8f3452ed9343c1d5a5499e113bd573c5681b2c64840cc2588f39a9f6311fc8fead7ffcffb4be0e5a5a53d5981a9cdff14cd9733254bc41c480885cb112aad8a40657affe8cd471dc512f469badac06ab4fb804c153e576e4f98ddb9598502cc4e6cd5faae831f431f2777a792930c7c62225fa5bee27ecd5d412b842e0aa0a7a339cecb422ce84fd6ff52557b97a1eaede66232f71c94e6f360903a6e4c463ad1cf210cba6330ba40c105e99b9633a8f4911f93b3e3a06cb9095ee888563c183e73028cf0b0772e8617e37949f83f82aa494af339750353530733c56a34ad0a9005e7e8d88af4c20857819a1b41e4d76269e09bb2e8d32abea774ff9b8502291d9f2f15b71ea55416ff54cebdda25f332413f8df083afc8ac0009f51d27393d496051fe6fe4e88c83fc4f8e8c950772199d9199f75d6e9c9d7b91fba3d8993c61f20c3ba72b376e068ef82a35102260bec0604ba7c0474b90878af7663dfbca6674e75fcb49dfcd91547ab724ce6119b5baa4c2d33bb06e17941560d3222dcebfbc553ed16226081cf5db44b07001ee3342f69933941fbe92dbcf7ea82cac0d299163d9252db61da9dd6f8522a8916e2cd8dab35430d1824e5d5bf8797cf1ac59730ff929c199f75c8553e3ff898a6e8bd4a777a073741b71e5f1825d98034925b3db38e32bb6f6a97969c9933132eaef0f7f366d0a57126afef91056f7dae85e1e4aeba742d0994668a3a51dbff6feea69c821ee94823e44c87651b099aa953e46a17c29ec77b485002f05f0ad4362f25e62157f50ffd2dba29f6a4da97fd6a479a2154881930ba6a514e74ed105adc7963a3364adae47be49f2be1895d6eb6403ef498fd3dda1a02a68aea4cd6a424c294b2f90876f68b12bf3ddc9215e5bf1b58a901eb411560344fd970a9111328c46ef8a7a958e6e00a2c0ec7f6e0a4253be32ef568aa1d4d197458a4968975108b9ed89077c8bf5a67786c91a3564efdb02c389366383e0b9b5f4ee8b85e953cea918beeba89ee738781981fe90212d984aaff9a498c35b1ad43b6d1a0f82e12f87f6c2557812aa5739a3d805d97c14ba000c39a9adb497d360e894a68aa0df896db1fecf57bf9992a5412bfb59d83561fce6c8e265b318563831b059e02c54de8939dae13d4fdacbc8c5894a9da7e378da373a907423082a5d3cbabc2270e240850554fe1bbc41b32b94a07c510a233ce6abf15209f1b5371308a0984e99193ca381dfcd3fac79a1ba2f85c5ddfab3a2ae17ab148903e35500ba7062c0a367e9935f71ed7d50bed19540917fa3cd8334888286a5b20384fd08cd060c91dec902b409daafadd6425c6c8ebbc835230dd5e009a8c2e73a1d5a112eab878b5f2a9a7fc5a6b4f6d19b84cf26d810b944a90023d7fa2101a0abed13ccca01f08e64609ed3d38db4576626ea42d399b61cac8293511bf00b95bc77c6ced670a74798ed84c3606a7b2ff2f53f59620198270a428966dbb0695f0c1ef68940a575c8540a1974974c668134fe47ca9f485d294208b9b21d069823e944258258ba8d8886f2e810a434e7868df7236d93b2871adf008b60bca7dea4f2aa56d0b260634fe48d05189a85e448467dbd74c94a32d3c75fde1fabcc44e43179d0c010231940ed0204b3970c145bdf95f46af829e2a747e18bb8980380890753e68c9f72754195197ecbf72453f9c1deefc6d5abe38d32ccf1fd99be7d4f866cc50b337932877f37110faa30324ffb394deef7dce5d750d0151fe46ad65cd4e07256317931fbd0efefbe529faf7fb14eadf03c381c42e222937e3a6e3f8928fd6c748c3c31172566601c68887c013c33fe8fe90bd587229bb11e09d3ee6bd9a8ea2de4f7fafbf5a36b4842745f408784387877d0d6a3509eba0319300fb1ac0929b4d49edb4e58d9ff8c079519328b22f80d883226923296ff11ba41f98f69eeefc8142e6356944cc27a300467683797fb82cc1c3898a1e163cdfb0048fc9e8ebf6dcea96687b24099b8f0e90c1fbffa4f5a1aaddb0cb9c7494f541b2f1c863cd2af172aaad4e7ccf6e0a6a3cfc23c22f896f8e07c988e8bb5602df1261930d4d7805f1434fcb9e64ec1cac95af6f1309c4ac11163e63a1d4ecc2423442594fbf3ce51b8705dc0e42f870d51bb953e7a2103c5d546b520697276640493246cca1bb40cde16d545963c7e1dd83471e5958c283cb16f3eed056018df4fc2996b5d62aa17646b0011a26157d2f0a589e0a8dfc23eae4c93fc197b556954250b3d9b41028a786f4b03ff729d90cd8775d89640100000000000000b1b7c132ad5ba41f1de7e2f89cf7fc75a6f8c3571ec74994841d9bc556da92da3ae3a995373873e213c2841d49ca2cb560b0a51817dead6494ea62bd2b8806c02b6bf990cf563e57ca814982651ffa1d7ed843ba1ad13b9aa6661ae3579e5633da3988558c27c92f3baf76c20612593945ff602497c96ee5990ca81f80c5c87f5fa9e0fbd8c70c200ac6dea5250f84ed0e5c8388f13bb8966ebf8446fc83f4c9cc79a8deac2f91506c0864b16dbce9f2569aab80e55034c80f15fe05b59a24793c62c9b27baeeaa90bf916f38de660e150a59019fcdd2a94c5a86fd3bbbd026b245c2b95d8a6a52ff013b609a1d83ebc7ddf508c3d649db9b8d3a96bb416da76dacfbc056b063450ad8498fa1d0ee31089393e8246709b8c1daea43b6ac6b30d554336a915b956eb73d49d4a84b011465f61299e9eaf7bfb6a91d0ee5352b6cde6f3b1a033d77148b2ded817a2b828fe81a4bc8db88186be304ea4b3a68e8fec3823f7dcb0b9bf381ce84c504d9c6a7ed6db7fffd906a7815cfd73004d24299518f503f0ed80b465c284a3119aa4ce630f6d39a2f6d76b01c1b4a38e71c18318e2500e74505508e388e0693294785263d436b5a5026e5f1abffa102e3a567840f536ac0d14f39dadcd00584dd053fe1095e8f778218fb7ae561c0f54562fbb4ca393d9d2724c9c677ae12f74afca00fbdbfa77e4e8bf49b66c4d67215ba7706522bd2883d30a0559f985b417c00e79a157b8530323c45ff6d3789a8be9ee64e59e7e366718fc46c62d93f4553c84edc88b854d8e481f47520f5db8678a4648c79df4a4795178648b231218c49f924adfa6f2cc28febd3c321d9b899094b17bd9b542d769e85da0a3a5134640aba20435e4fc7b16a3fa4e4455b7ada22ae077a4628071b6374ce8ba44e01abcca79d98946be0e1bcf9be448502441ce9aa065f9cf08fd08f8352f36830a3709ad6cde02f0250a29458cefaf49a2c4c1d0ebab2d9c5d8b41cccb9e9aca35bc1640938fbd3f565a44d783d937ba7620d91299d35eba76e4d03f2eafc17534c23463da1ccaa9261bcb0e2be20a26fe272bf8a493cc7483d824147910b6bfd1ffd5de449ac6ffce3d0ed308d2146ef78b6ab1e487b604216aceb10d6e6aefea6c287249cfb58b2e97334543900c6e9d67b0133ef01224b61a2535ee4f3765c5665940c802c5a6ed81e2dd", @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB='\x00\x00']) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) lchown(&(0x7f0000000500)='./file1\x00', 0x0, 0xee01) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0xffe3) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000240)=@abs={0x1, 0x0, 0x4e23}, 0x6e, &(0x7f0000000100)=[{&(0x7f00000002c0)="376d28782fb1ea0f2ad37f6ed49a7b7d2a94b93cbf098d86de34eb419fe03d5c894cca64a73a64f36028cb99106f2a63dcb271ba43fea94c7881dc9fd07027bbac7752a7b2db28a5a8c698169e1d0815d3624a1b50be5c7fca3690cfbde95177e143c818b177c59d5c6f726df291a57683ce67156e3e714896a8a2b0078089f92aa33eae8e173d0326b7bc498b19a474265f742040cf6e962ad9e5e8e75da46d9fa5e84715f6a04986afd2fed639219f64f0c23c728038518122b06db57650dec9e369bdb08b4814d72590cad5bc4c51b2f438cdc5b0e67e87a67db070e475fdfaced82f087c3cfac3cc52a61a32f42bec", 0xf1}], 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r0, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRES32=r5, @ANYBLOB="0000000014000012000000902500000001000000", @ANYRES32=r4, @ANYBLOB='\x00\x00\x00\x00'], 0x48, 0x4000080}, 0x0) [ 1373.228835] ? trace_hardirqs_on+0x5b/0x180 [ 1373.229578] ? lockdep_init_map_type+0x2c7/0x780 [ 1373.230241] ? __raw_spin_lock_init+0x36/0x110 [ 1373.230886] v9fs_session_init+0x1dd/0x1680 [ 1373.231489] ? lock_release+0x680/0x680 [ 1373.232056] ? kmem_cache_alloc_trace+0x151/0x320 [ 1373.233028] ? v9fs_show_options+0x690/0x690 04:55:32 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 55) 04:55:32 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:32 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:32 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) 04:55:32 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x1000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:32 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 25) [ 1373.233813] ? trace_hardirqs_on+0x5b/0x180 [ 1373.234597] ? kasan_unpoison_shadow+0x33/0x50 [ 1373.235321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.235988] v9fs_mount+0x79/0x8f0 [ 1373.236487] ? v9fs_write_inode+0x60/0x60 [ 1373.237045] legacy_get_tree+0x105/0x220 [ 1373.237613] vfs_get_tree+0x8e/0x300 [ 1373.238121] path_mount+0x1429/0x2120 [ 1373.238648] ? strncpy_from_user+0x9e/0x470 [ 1373.239251] ? finish_automount+0xa90/0xa90 [ 1373.239845] ? getname_flags.part.0+0x1dd/0x4f0 [ 1373.240499] ? _copy_from_user+0xfb/0x1b0 [ 1373.241083] __x64_sys_mount+0x282/0x300 [ 1373.241643] ? copy_mnt_ns+0xa00/0xa00 [ 1373.242181] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1373.242913] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1373.243641] do_syscall_64+0x33/0x40 [ 1373.244158] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.244866] RIP: 0033:0x7f0d74438b19 [ 1373.245317] FAULT_INJECTION: forcing a failure. [ 1373.245317] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.246860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.246870] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1373.246888] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1373.246899] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1373.246909] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1373.246918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.246928] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1373.256724] CPU: 0 PID: 16252 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1373.257805] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1373.259080] Call Trace: [ 1373.259495] dump_stack+0x107/0x167 [ 1373.260061] should_fail.cold+0x5/0xa [ 1373.260662] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1373.261573] should_failslab+0x5/0x20 [ 1373.262164] kmem_cache_alloc+0x5b/0x310 [ 1373.262805] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1373.263672] idr_get_free+0x4b5/0x8f0 [ 1373.264275] idr_alloc_u32+0x170/0x2d0 [ 1373.264899] ? __fprop_inc_percpu_max+0x130/0x130 [ 1373.265661] ? lock_acquire+0x197/0x470 [ 1373.266280] ? __kernfs_new_node+0xff/0x860 [ 1373.266957] idr_alloc_cyclic+0x102/0x230 [ 1373.267598] ? idr_alloc+0x130/0x130 [ 1373.268178] ? rwlock_bug.part.0+0x90/0x90 [ 1373.268844] __kernfs_new_node+0x117/0x860 [ 1373.269511] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1373.270260] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1373.271091] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1373.271914] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.272744] kernfs_new_node+0x18d/0x250 [ 1373.273390] kernfs_create_dir_ns+0x49/0x160 [ 1373.274073] sysfs_create_dir_ns+0x127/0x290 [ 1373.274758] ? sysfs_create_mount_point+0xb0/0xb0 [ 1373.275514] ? rwlock_bug.part.0+0x90/0x90 [ 1373.276176] ? do_raw_spin_unlock+0x4f/0x220 [ 1373.276873] kobject_add_internal+0x25e/0xa30 [ 1373.277586] kobject_init_and_add+0x101/0x160 [ 1373.278282] ? kobject_create_and_add+0xb0/0xb0 [ 1373.279014] ? wait_for_completion_io+0x270/0x270 [ 1373.279757] ? kernfs_name_hash+0xe7/0x110 [ 1373.280416] ? kernfs_find_ns+0x256/0x380 [ 1373.281069] sysfs_slab_add+0x172/0x200 [ 1373.281707] __kmem_cache_create+0x3db/0x520 [ 1373.282401] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1373.283184] p9_client_create+0xc2b/0x11c0 [ 1373.283214] ? p9_client_flush+0x430/0x430 [ 1373.283235] ? trace_hardirqs_on+0x5b/0x180 [ 1373.283256] ? lockdep_init_map_type+0x2c7/0x780 [ 1373.283281] ? __raw_spin_lock_init+0x36/0x110 [ 1373.283306] v9fs_session_init+0x1dd/0x1680 [ 1373.283326] ? lock_release+0x680/0x680 [ 1373.283354] ? kmem_cache_alloc_trace+0x151/0x320 [ 1373.283372] ? v9fs_show_options+0x690/0x690 [ 1373.283400] ? trace_hardirqs_on+0x5b/0x180 [ 1373.283429] ? kasan_unpoison_shadow+0x33/0x50 [ 1373.290555] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.291349] v9fs_mount+0x79/0x8f0 [ 1373.291880] ? v9fs_write_inode+0x60/0x60 [ 1373.292524] legacy_get_tree+0x105/0x220 [ 1373.293133] vfs_get_tree+0x8e/0x300 [ 1373.293713] path_mount+0x1429/0x2120 [ 1373.294273] ? strncpy_from_user+0x9e/0x470 [ 1373.294951] ? finish_automount+0xa90/0xa90 [ 1373.295580] ? getname_flags.part.0+0x1dd/0x4f0 [ 1373.296309] ? _copy_from_user+0xfb/0x1b0 [ 1373.296929] __x64_sys_mount+0x282/0x300 [ 1373.297566] ? copy_mnt_ns+0xa00/0xa00 [ 1373.298133] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1373.298963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1373.299712] do_syscall_64+0x33/0x40 [ 1373.300293] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.301035] RIP: 0033:0x7f0b176ffb19 [ 1373.301607] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.304278] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1373.305391] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1373.306415] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1373.307453] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1373.308492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.309531] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1373.334031] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:32 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r0, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffe3) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r0, 0x40189429, &(0x7f0000000100)={0x1, 0x7f, 0x9e7}) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x4, @perf_config_ext={0x1}, 0x0, 0x0, 0x2, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) r2 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r5, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r5, r6, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) sendmmsg$inet(r3, &(0x7f0000001600)=[{{&(0x7f0000000180)={0x2, 0x4e23, @multicast1}, 0x10, &(0x7f0000001580)=[{&(0x7f0000000240)="d8e8fef829b571967a4f792580748da51d53844f9773866fbdf9799c086bc59b417ef42c3c72eee96e94bbd9f85ca295a60693abffa1a0971d753dd11baba878e619e982932a949f5d20cad8762de2abce2c98917b308d7071bcd264d72ed7c87c321d5a73ddc83998ec2e0e8d8df45b3052003d2e371f9d955b49392c64c7d3f0e9fbab", 0x84}, {&(0x7f0000000440)="0786a44e5275d9e02352906185a21a5cfb6930016279e87da012cb5638222fc7ff96716e0a625ecf6f008f9a7afed6318052a32424089bb6351491594856311c14ae5a5e6860dc0ab9227e81222b273e8b50c8ad0d540cbf479fd08652e97539ce56c8dd1ee667c99667a3e0a650c8d27417e3d16bc068d83282030b3b1f8bae08638d83a933499195c73849d60dd3fab82367d25ec16997f788811abb011a06ad8ab8eda78331e4757779b19022d6f624295bc2696f89596d5090d32869f547bf6db361d0992dfb5849a2f38234a025e6a263d7712fa272b50532ed857c2324f027e43640ae7455081c8101aeab256b2a28605c08a306d6619da5d5f3ec31a381bc4b071aaa4488b6b8fcfda07980becb85099ce8e2c0b30b1e9c7395dc7384ec94a5bdf75aa6f5e59fc62e485f485dd21dd00459e31f9592caa03bd8a687b3a1718db52ff4d2746ef647641d19733b0e1b6e711ecb5d7e6c6ae63951209a3d3c208d2ee62431141a9fdc0874ab5f6f0b01f7f5be5fcc972009d6448a73321a624871dc8af44b44edb9e94fb2851ebbb44332c497a3889e8eee89d42c4960ef5013dfc1db69c7df3eb6c398eb44582170862d6c9ca401c4c6760f40ee723b8e744623265108775436d1661451ecfebc711c62f360df9ab1d340479b1c38a536a0361c8858e5bd4890088a8185f90393e2e9a0803eab7410978711ae3e209a0ed9bfe33a5565469b7d683150d4948cc8c1f6fa1c22c552bd6fd0a17e91ca0d1f1cec4fe11215c56c8138b72eefc66ae3f6a867099525316f7217bc21a1252782f6be4cde91e7d87bc5e5cbdd6a0fc62549fcbbc7e193bba66458f2f2862b2b7bc2b369c1e7f7ab81d0fdcc6cdc6b7d95a66c22efa7cea1d127e6f5152aa3735e067d7002581d2e3c98b0a3504260a4b36c066c95e425ab81587f1331a6e3a2326a0fa19a2573ae42c10d6fabff5487ec4019c0ec16e7280e7e0f3c1582617e267839634b53036e972b6956b590b645b0a657178ee6b9e1aad73adca133dd9b071fff9f0b27aa7130790c8a1da8f0325e5a07097a4ac17db5d011224683a000b11d9ad647036f90e9871039a1d01417be3834824daadebeb4eb0d3b59bac9dc4b367457cbb64fc0aa0611c324b231f0f4c17fc3c011b5887a71b3253daa12eb5a0adadea7b8097b3a8cf3186accc79052aa561b558297bd39186ababec99bb347e19404d571261c725e6056936b06e9f600cb4f51a3a7aab7a06d7161484ff0692a4c2a194a4ec48670ed143d757301457cd781cae578b2c10738eb7bf6ca144524fabb9b8ab7991a779fe3314b1a1fb04dd880bf6682f21bada846c0cc9992c40dcd47a61048fb43ae5b17b0c1e1d18a286f2e22ab1f9a8ea102ade128c3d1a8f81733a18332fecf63c0898e2752984f4a52c336afaf48ff1e02e1b76609e0837139c9e4e412a1bb6b93aa0e8bdbc170374a0772ec05345760965127140ca38b045c5ad3562133f48552218d46b8864d689967b8aa510194eb4dade05c5868902ade081ba6cefd1882fc35ab36ada6cd43ab5a1d532c1912c29da1568b66d56a118e9170bac8333ba149bb8f525664743ddcb1269bc4e38b4200dfe75e792505e34fac616769132cef589b6028b233e6119155bf3f7bbd369d2d0eb6639cf5f704c9b512b1bdf377a7d216568bbcef5d42dfc29d2f465dfe726a926a5c7695e163b69a68b71104c3197914232c492f39302fbdee75b11a2229a47141543440d7079872873fda5c333f4452f042cd763eae65ad18c72fb3574e77f23072c985035eecece8aa5ef2090c8daee10ceef6209c3125dfcb0c2120caa8a92c6f09023aa99b965a755a9c60c1b74ce2de59bc4ae31cea418d37cb0b2e62f4556ae2c0a64c08a48e631b817ba1766b55d18eb6c298335852dd2384ce29a542b94b365ec36719f35e8de315a023fb3e726ba2240e9e94db3b4e797d1f48dca375592fa29be995a768765c6fe99d062492194e6de785a610bd17efe385e015954673130d3ec0f0380dc9bab64929b698db7df3efa04e1f1f38aa6ff70ce26290dff13f04d1f246b534c34cb9bc5fc8fdfe71466d95acb3083e0f61c9a5308adb5d731db259855a48073c39378b103ee2e6b5557abdaf886257fff19c636c2bc049ba56129b386a0137d060492bf732a83d4b9179d2dcdfac526b9c799fb1534e7a7b9eb203ede3d83527c650d07ce1596b0e40942aaad8be417a10e93e626f9875a5b001b56117be6e738b072fcbb8f11ba802310bf8103f543eab1b9f7d822dd15eb11227fb61173d657edeef62d3b3ce950da7960e6e8cdf64c23b76377423527e0e2e296af968325c826e02716a6aea2edf7c0a34504e52b978f05a374ae780ea81df97c58dc2b78c1407658215c0ccf41ae150e91b0d8b3ae2cc78e7cb0c2342535e012edf8fd900deaa98569df1e33556b342ada46d50f8a7d8fbbc3eb05b77974c50e559156fa7238eb8fdcceb0410a603c4ebdb1a8783fa6fd5b81ff54583aa4d7e86649b1415f369433582814c06aab4557bfb08317e2e5fbb95899d05b3e073dd8976476364705f9219c6777bc4aad7e232abd24de741e97a74ed23ada04e189bc31c5ffe1cd6442883b55fdb421ceeb01a0f2f859d27e256a6bde963e42d0690f7e4f9e9b231b5282d2c6439bf54d2ae592040e24a869fa9970b0023d897475032a4c8023a0022fc2d835602ab3b581145553bf56a288d9d6565bfd4cdee85c913d9dfb16e3af392d0a2a0b90fa14377cb1ee0a0da10e3310bc5cf0c0352dd4869dd7a9b6f5083ef73253e78c56662fd950a1ade537efdf275fa124a12d8f19cd8540ce4ac67917502e0d1caaae57fd1f7f6172c5e8aa96ecd93125f171de4c4b423e8e3423944998b50fb7339724a9b9ea59c46830cff4ba6c662738b0a7ba69c302fcc7d37eabe8492870e4b2176209191b457c52d15901df423ea9877045d3d7bb20f871fccf9b956d4d8031a0cc72425735fefb83ab05343fe1a3155b7271a1c4700e6e652da884ffb34f55e00e26fa33764862cd0677c7ba7dfd87158c092325667a99a561b8af0770e636cc2f129f1e64312233f856bc6f8fcb2adf0ba2803c3af8171585956568067d7fef97eda522d1e5d89d97115fe74ff6b21c93fd9e25b451eb9004505bf936419abe9ebb7f6bcde5daac6ba649777bd86f38fccf6fd3c7761c2816e5cdfe4412a8fe325ed26a7c55c9dc2c8c0ea61bc4b897c455fbaada34166f02b848d600679f96dcee0c2af22c60fb22b6598743dc79773797a2d7f9d242ea555e898a997c93f4c294b098027735533a6fc35eeffa697725c79a6005b7a53e5135c08f833909c3bef3858033509f6f48419ae9b57835099932cbf39895259fc6f32d49005c4e6aa3222224dc52e45a2e8642654af15683c8958b7069bd4e5bee92df3f66b8aaf548b6b64803da99215cb08ad9e175d7c07850d89ef0319574cc23acaa23b18a05d0ac9588961d664c7ff1640b96594dd8ff163d33ce05013b2079d793833543dcf236019c5a5ccbd63985105e26bfb61fb1c9080f8f7df7fa7f43eba9923f8df05d52132f3a69fee5fe6d41cb4b12fb059f6ffcdd815ff4f30926a61a3705d8f0148633f5a88b42498fbf0539964595741d7ab5a5d1f7249fe2650a4113aa329940883950cd31b21211b4ffbe3bc70bbdb257d57ee2d8f04cb3687ceff98e425686a5390d35fe523c2b3a66e6810507560ef13213b456f4d9080d51421d5c9ceeb3738c906bd9552a4a23594471b103f8d476351eecbfd1803277aeb349fd08c88cd1b0d0eccc9ea75dbde51dd8fe28f0d92061d73075c758cce22dd86a13269432bab81e8dfbb53079f0639e5d390d0c7782711596f47293e504e1274aec394c0ff949a38c20c207a2e83445810a5acfd6255b6816e4023d9ed88c81446d7be53250d77c30b1a1e0512ba37b74bd0e89a2ed9e5e17418f847b63c54848bb0292e33482dec369ed9c14591de600e9127ceda2abf857942b46a9dba83b7b30f4343f9cd6839baca390463bdc861972d33f58b06bf0c6d959c907efb343c0d4b53e1c94c251c4acb51cd8c20e88a4b22616ac724013414c6d54f46410675e109be4341b2c34401542278f5194a52e86c3d476664b8662aeb3ba78d3adf2c115a5d69d851e379622130bf005d69ebda3742e801731c688920affdd1e4d6846e2b1d7e45ea09537dfe51faa67dbd3409f1cbfc6febe50a3a38b7c33a74963fa9ba3b03ea9a74d687b5ea11a277a3c18a17ff1e18b69b360ca7cb0aa8227ab0e3c0fa3768c7d5f42a0055efe29b27e071c2df4460aefc7adc6267e040dd5c72d0ec2ef363866246b8d8dff75ef6f6b91869401a9106840d3c4950e15ebec912b54b614a2ef4ef655237a64cbba39defb3140b5fd379c65f183a712d421e56ec5a77330917bdf965ac5cf583649aafe66cbda449e096243a1c9afbe338eec458e8da24a9ce077e8ae8395ed13f9ada6ace384b95ef9b0fe2b64b5348c99a2a84f5110146cafb718c824c0c56f7891d9b9dcc3682e7303f110867ed6646ce5d01d0009fac3b92467b4eade262a4404ce7d5e48b0d9267264fc3cb8ed1d0ba9e93fed7dd023538f1a3a08cdd5af9cfbcb14fe94782663b8940d4a0b9128c8eab4291169fcd3925c56700f71da6e8f900099372cd8d3e863bdd519f8d2411bf21c813db060aefe296db36306a06e67ac23003a0b3a61b75e0d28de1173045706ba47dad293fae2b3e471a5dc37f64a317d9b86249c39fe4755ea6761094d584b7e4c77167306c4b3cd17a363f83e879d5a2bd431161e2fc9f6e7da4a4abbfb91e3b9795ebd8920d835ad9f65b4074174ed2ea0fa8fed48e8df7cc9da3fc8cc3518e7a127b446357d4caacf04fb60692fbc2b229078c4c8908df211fdc8b522cc62ae7f0aeffce0c4c89dc593479872f59a823316a67d13cc65b4223fc29a3abb62df09327cdbf55ab27a4e54384ea1a0c87003b1e4467ee9f1c8edc346a94d8fccd0cac5220d34ab5ec610460b96ff57a8679d4ffa141568e4e87aff4ef8abf7e6e34b1f0137748d9b8dca29933a1cff42bbaded875f6d5edd114edf3a57a7db96ceb3ea49e41904b678778f3b9a7e832f5bc7dcc41f64a624befe5686ca1de53fa99b39ab18a75d99f5ffc65f22ffc6529a6a6b5c8de69c51934e1177f6144eca58eeb3775e8444257465d9b03a1b57337a4d7af7cdf171bc0a42ad7b9ff3e29041e4b59d6f3c4f4df2f72ea5fa029b304a285714fbd29b6ed041d1d92d55d7e5639e5321e4a46efb43b17a24125011332e88c398e96f2466924d83d6c674b87418247db386f50c6af94a0f43cc37e1584663c291669cf376272f72d0d1f159e02990182e840d97a22689b332cf4b274999a422e3950135cbd534e6ba788ccf64a8619813a3387d1dcfc6a119830d6a75452c0be837a9d979c836b746aee4062f20298e10daee7788e5ef147ec74372f085633c10ad9cbd01f08408a7f47532bc30c5b4a0567bbb262430c8c5166a1e7e66c6640d837c6532a3fec2176b251c57804adb1a5aa7545fc499ee8fef92375ef46429152eac816d0395d8ee1740d5af0e5cd175ea81e5e351d67a93c5d1717e266670ff9bb68229a553f07bfe4570d7a760ab5de9afafa312444a1050baaff3c994b47151aeab46d59e0c262fa443dabc7d364cc9c194d1f607f19b283b61d72502b46b0c6fc47934c389d8000140c9097e2808c6e3d99e452c2ae33a01ad7502ca18ece72", 0x1000}, {&(0x7f0000000300)="4145268559badd5b894842fc469d9d391687c8f2d6e2751a7cf1815277f9e314fff893b543e60498e77a8d7ed825c53c82c7ef5e84fbc8622e20dd48fc4e03066a935cdcc571043bb5a95395558eb7312468fafa74c1daa5980bfc8b5bf50a3a1137fc1611e4101c975d79b720117e2fccd81fc245a67c8057dd23a77a984759e93d44637bb390602deae0d2e236309e482c1736caa603166eb10f0d", 0x9c}, {&(0x7f0000001440)="4d1b85d44a1ab012b09500199a6f94078197ba3236bc4a81b4202bd2944860132f123bc4024af7508e27d1c02f595c42facbf4e364176d7ce183775043e3b7daf149383919f0adbb3cbeaa023975badb770636983daab319af1508313eb5252b9e026f5484901f7110", 0x69}, {&(0x7f00000014c0)="d81562fdf3b3e4864c876decc5e8c3d7d8ef8c07c11153f3303d5d23f8625829f0a23ea977b4f4355633596b6ad41191f64d10873834afd50f7422fe6163b0091d2177706ca29dbf508e3a0a9f7ee3e3a3a8b14c0a808f0f83c76b0c61bf194630132dd206a423d02cedb83863dc56e1f355b8ae019a40420e03a7987f1838ead18ff226a54a312ab89aabbce793eff4ba9db25638dfd3ac5f89f5690f72b8b777c85b6dad5aa7d63aec02977f17d5d95160c2bf476eb831e48882c28661d2", 0xbf}], 0x5, &(0x7f00000003c0)=[@ip_tos_u8={{0x11, 0x0, 0x1, 0x7f}}], 0x18}}], 0x1, 0x8810) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x8e84d8, &(0x7f0000000200)=ANY=[@ANYBLOB='tra\t\x00\x00\x00d,\x00fdnoF', @ANYRESHEX=r6, @ANYBLOB=',wfdno=', @ANYRESHEX=r4, @ANYBLOB=',\x00']) sendfile(r2, 0xffffffffffffffff, &(0x7f0000001640)=0x4, 0x7) 04:55:32 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:32 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x8000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:32 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) 04:55:32 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, 0x0, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:32 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) sendfile(r1, r0, &(0x7f0000000100)=0x3, 0x93f2) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r1, @ANYBLOB="ff03"]) read(r2, &(0x7f0000000180)=""/10, 0xa) [ 1373.518562] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:32 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x100000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:32 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:32 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 56) 04:55:32 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) 04:55:32 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 26) [ 1373.675558] FAULT_INJECTION: forcing a failure. [ 1373.675558] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.677337] CPU: 0 PID: 16506 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1373.678311] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1373.679467] Call Trace: [ 1373.679852] dump_stack+0x107/0x167 [ 1373.680369] should_fail.cold+0x5/0xa [ 1373.680914] ? create_object.isra.0+0x3a/0xa20 [ 1373.681580] should_failslab+0x5/0x20 [ 1373.682117] kmem_cache_alloc+0x5b/0x310 [ 1373.682702] create_object.isra.0+0x3a/0xa20 [ 1373.683327] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.684086] kmem_cache_alloc+0x159/0x310 [ 1373.684692] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1373.684788] FAULT_INJECTION: forcing a failure. [ 1373.684788] name failslab, interval 1, probability 0, space 0, times 0 [ 1373.685518] idr_get_free+0x4b5/0x8f0 [ 1373.685554] idr_alloc_u32+0x170/0x2d0 [ 1373.687771] ? __fprop_inc_percpu_max+0x130/0x130 [ 1373.688498] ? lock_acquire+0x197/0x470 [ 1373.689082] ? __kernfs_new_node+0xff/0x860 [ 1373.689747] idr_alloc_cyclic+0x102/0x230 [ 1373.690364] ? idr_alloc+0x130/0x130 [ 1373.690928] ? rwlock_bug.part.0+0x90/0x90 [ 1373.691565] __kernfs_new_node+0x117/0x860 [ 1373.692207] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1373.692916] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1373.693712] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1373.694486] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.695296] kernfs_new_node+0x18d/0x250 [ 1373.695906] kernfs_create_dir_ns+0x49/0x160 [ 1373.696567] sysfs_create_dir_ns+0x127/0x290 [ 1373.697218] ? sysfs_create_mount_point+0xb0/0xb0 [ 1373.697951] ? rwlock_bug.part.0+0x90/0x90 [ 1373.698588] ? do_raw_spin_unlock+0x4f/0x220 [ 1373.699248] kobject_add_internal+0x25e/0xa30 [ 1373.699913] kobject_init_and_add+0x101/0x160 [ 1373.700585] ? kobject_create_and_add+0xb0/0xb0 [ 1373.701282] ? wait_for_completion_io+0x270/0x270 [ 1373.701995] ? kernfs_name_hash+0xe7/0x110 [ 1373.702622] ? kernfs_find_ns+0x256/0x380 [ 1373.703247] sysfs_slab_add+0x172/0x200 [ 1373.703836] __kmem_cache_create+0x3db/0x520 [ 1373.704488] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1373.705230] p9_client_create+0xc2b/0x11c0 [ 1373.705877] ? p9_client_flush+0x430/0x430 [ 1373.706503] ? trace_hardirqs_on+0x5b/0x180 [ 1373.707141] ? lockdep_init_map_type+0x2c7/0x780 [ 1373.707845] ? __raw_spin_lock_init+0x36/0x110 [ 1373.708520] v9fs_session_init+0x1dd/0x1680 [ 1373.709160] ? lock_release+0x680/0x680 [ 1373.709765] ? kmem_cache_alloc_trace+0x151/0x320 [ 1373.710467] ? v9fs_show_options+0x690/0x690 [ 1373.711128] ? trace_hardirqs_on+0x5b/0x180 [ 1373.711772] ? kasan_unpoison_shadow+0x33/0x50 [ 1373.712449] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.713202] v9fs_mount+0x79/0x8f0 [ 1373.713739] ? v9fs_write_inode+0x60/0x60 [ 1373.714353] legacy_get_tree+0x105/0x220 [ 1373.714950] vfs_get_tree+0x8e/0x300 [ 1373.715495] path_mount+0x1429/0x2120 [ 1373.716064] ? strncpy_from_user+0x9e/0x470 [ 1373.716701] ? finish_automount+0xa90/0xa90 [ 1373.717352] ? getname_flags.part.0+0x1dd/0x4f0 [ 1373.718039] ? _copy_from_user+0xfb/0x1b0 [ 1373.718660] __x64_sys_mount+0x282/0x300 [ 1373.719261] ? copy_mnt_ns+0xa00/0xa00 [ 1373.719839] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1373.720602] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1373.721372] do_syscall_64+0x33/0x40 [ 1373.721922] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.722671] RIP: 0033:0x7f0b176ffb19 [ 1373.723224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.725917] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1373.727026] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1373.728072] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1373.729113] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1373.730168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.731208] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1373.732280] CPU: 1 PID: 16530 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1373.732950] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1373.733759] Call Trace: [ 1373.734022] dump_stack+0x107/0x167 [ 1373.734386] should_fail.cold+0x5/0xa [ 1373.734755] should_failslab+0x5/0x20 [ 1373.735121] __kmalloc_track_caller+0x79/0x370 [ 1373.735581] ? parse_opts.part.0+0x8e/0x340 [ 1373.736014] kstrdup+0x36/0x70 [ 1373.736321] parse_opts.part.0+0x8e/0x340 [ 1373.736722] ? p9_fd_show_options+0x1c0/0x1c0 [ 1373.737157] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1373.737660] ? quarantine_put+0x8b/0x1a0 [ 1373.737672] ? trace_hardirqs_on+0x5b/0x180 [ 1373.737693] ? kfree+0xd7/0x340 [ 1373.739019] p9_fd_create+0x98/0x4a0 [ 1373.739373] ? p9_conn_create+0x510/0x510 [ 1373.739778] ? p9_client_create+0x798/0x11c0 [ 1373.740209] ? kfree+0xd7/0x340 [ 1373.740542] ? do_raw_spin_unlock+0x4f/0x220 04:55:32 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1373.740968] p9_client_create+0x7ff/0x11c0 [ 1373.741555] ? p9_client_flush+0x430/0x430 [ 1373.741966] ? trace_hardirqs_on+0x5b/0x180 [ 1373.742383] ? lockdep_init_map_type+0x2c7/0x780 [ 1373.742852] ? __raw_spin_lock_init+0x36/0x110 [ 1373.743287] v9fs_session_init+0x1dd/0x1680 [ 1373.743713] ? lock_release+0x680/0x680 [ 1373.744107] ? kmem_cache_alloc_trace+0x151/0x320 [ 1373.744583] ? v9fs_show_options+0x690/0x690 [ 1373.745013] ? trace_hardirqs_on+0x5b/0x180 [ 1373.745444] ? kasan_unpoison_shadow+0x33/0x50 [ 1373.745898] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1373.746395] v9fs_mount+0x79/0x8f0 [ 1373.746735] ? v9fs_write_inode+0x60/0x60 [ 1373.747134] legacy_get_tree+0x105/0x220 [ 1373.747530] vfs_get_tree+0x8e/0x300 [ 1373.747890] path_mount+0x1429/0x2120 [ 1373.748267] ? strncpy_from_user+0x9e/0x470 [ 1373.748686] ? finish_automount+0xa90/0xa90 [ 1373.749104] ? getname_flags.part.0+0x1dd/0x4f0 [ 1373.749566] ? _copy_from_user+0xfb/0x1b0 [ 1373.749986] __x64_sys_mount+0x282/0x300 [ 1373.750363] ? copy_mnt_ns+0xa00/0xa00 [ 1373.750735] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1373.751246] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1373.751738] do_syscall_64+0x33/0x40 [ 1373.752097] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1373.752579] RIP: 0033:0x7f0d74438b19 [ 1373.752932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1373.754682] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1373.755416] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1373.756086] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1373.756765] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1373.757446] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1373.758116] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1373.758931] 9pnet: Insufficient options for proto=fd [ 1373.759121] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:32 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:32 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) [ 1373.945337] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:45 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext={0x8, 0x1}, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) pwrite64(r1, &(0x7f0000000240)="4a4955e47aa1d9cd2020639a011b6f44136dd2957ee456bee71ffc1f2fdc918dfa63dff28b1f8e7b768a05021963857a4a1551e6469a125db671b7201480b18b06e1280f76a86f90a0fd7588cc13bea77e04cb8e097d2d3d8f4742b82422bd681353aa1aecece844b2c6166d4fbb8c5f2f2d4be0698ba7a6bf577e1e82dc1cacce3605c4", 0x84, 0xd083) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="0000040000dc7e", @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:55:45 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:45 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:45 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 27) 04:55:45 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x200000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:45 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:45 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 57) 04:55:45 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) [ 1386.723970] FAULT_INJECTION: forcing a failure. [ 1386.723970] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.725595] CPU: 0 PID: 16613 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1386.726533] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.727654] Call Trace: [ 1386.728028] dump_stack+0x107/0x167 [ 1386.728529] should_fail.cold+0x5/0xa [ 1386.729050] ? create_object.isra.0+0x3a/0xa20 [ 1386.729698] should_failslab+0x5/0x20 [ 1386.730220] kmem_cache_alloc+0x5b/0x310 [ 1386.730781] ? legacy_get_tree+0x105/0x220 [ 1386.731359] ? vfs_get_tree+0x8e/0x300 [ 1386.731900] create_object.isra.0+0x3a/0xa20 [ 1386.732517] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1386.733211] __kmalloc_track_caller+0x177/0x370 [ 1386.734018] ? parse_opts.part.0+0x8e/0x340 [ 1386.734671] kstrdup+0x36/0x70 [ 1386.735146] parse_opts.part.0+0x8e/0x340 [ 1386.735762] ? p9_fd_show_options+0x1c0/0x1c0 [ 1386.736432] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.737240] ? quarantine_put+0x8b/0x1a0 [ 1386.737995] ? trace_hardirqs_on+0x5b/0x180 [ 1386.738660] ? kfree+0xd7/0x340 [ 1386.739276] p9_fd_create+0x98/0x4a0 [ 1386.739875] ? p9_conn_create+0x510/0x510 [ 1386.740487] ? p9_client_create+0x798/0x11c0 [ 1386.741136] ? kfree+0xd7/0x340 [ 1386.741633] ? do_raw_spin_unlock+0x4f/0x220 [ 1386.742301] p9_client_create+0x7ff/0x11c0 [ 1386.743013] ? p9_client_flush+0x430/0x430 [ 1386.743760] ? trace_hardirqs_on+0x5b/0x180 [ 1386.744535] ? lockdep_init_map_type+0x2c7/0x780 [ 1386.745455] ? __raw_spin_lock_init+0x36/0x110 [ 1386.746299] v9fs_session_init+0x1dd/0x1680 [ 1386.747048] ? lock_release+0x680/0x680 [ 1386.747667] ? kmem_cache_alloc_trace+0x151/0x320 [ 1386.748524] ? v9fs_show_options+0x690/0x690 [ 1386.749249] ? trace_hardirqs_on+0x5b/0x180 [ 1386.749940] ? kasan_unpoison_shadow+0x33/0x50 [ 1386.750618] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1386.751391] v9fs_mount+0x79/0x8f0 [ 1386.751919] ? v9fs_write_inode+0x60/0x60 [ 1386.752635] legacy_get_tree+0x105/0x220 [ 1386.753394] vfs_get_tree+0x8e/0x300 [ 1386.754062] path_mount+0x1429/0x2120 [ 1386.754722] ? strncpy_from_user+0x9e/0x470 [ 1386.755464] ? finish_automount+0xa90/0xa90 [ 1386.756123] ? getname_flags.part.0+0x1dd/0x4f0 [ 1386.756837] ? _copy_from_user+0xfb/0x1b0 [ 1386.757473] __x64_sys_mount+0x282/0x300 [ 1386.758085] ? copy_mnt_ns+0xa00/0xa00 [ 1386.758669] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.759452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.760224] do_syscall_64+0x33/0x40 [ 1386.760782] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.761565] RIP: 0033:0x7f0d74438b19 [ 1386.762130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.765124] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1386.766328] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1386.767462] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1386.768508] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1386.769575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1386.770609] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1386.784708] FAULT_INJECTION: forcing a failure. [ 1386.784708] name failslab, interval 1, probability 0, space 0, times 0 [ 1386.786446] CPU: 0 PID: 16622 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1386.787473] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.788714] Call Trace: [ 1386.789114] dump_stack+0x107/0x167 [ 1386.789666] should_fail.cold+0x5/0xa [ 1386.790230] ? __kernfs_new_node+0xd4/0x860 [ 1386.790879] should_failslab+0x5/0x20 [ 1386.791443] kmem_cache_alloc+0x5b/0x310 [ 1386.792056] __kernfs_new_node+0xd4/0x860 [ 1386.792677] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1386.793401] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1386.794128] ? wait_for_completion_io+0x270/0x270 [ 1386.794858] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1386.795645] kernfs_new_node+0x18d/0x250 [ 1386.796251] __kernfs_create_file+0x51/0x350 [ 1386.796912] sysfs_add_file_mode_ns+0x221/0x560 [ 1386.797617] internal_create_group+0x324/0xb30 [ 1386.798308] ? sysfs_remove_group+0x170/0x170 [ 1386.798969] ? kernfs_name_hash+0xe7/0x110 [ 1386.799607] sysfs_slab_add+0x188/0x200 [ 1386.800210] __kmem_cache_create+0x3db/0x520 [ 1386.800862] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1386.801606] p9_client_create+0xc2b/0x11c0 [ 1386.802250] ? p9_client_flush+0x430/0x430 [ 1386.802886] ? trace_hardirqs_on+0x5b/0x180 [ 1386.803535] ? lockdep_init_map_type+0x2c7/0x780 [ 1386.804250] ? __raw_spin_lock_init+0x36/0x110 [ 1386.804928] v9fs_session_init+0x1dd/0x1680 [ 1386.805573] ? lock_release+0x680/0x680 [ 1386.806177] ? kmem_cache_alloc_trace+0x151/0x320 [ 1386.806902] ? v9fs_show_options+0x690/0x690 [ 1386.807570] ? trace_hardirqs_on+0x5b/0x180 [ 1386.808222] ? kasan_unpoison_shadow+0x33/0x50 [ 1386.808896] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1386.809661] v9fs_mount+0x79/0x8f0 [ 1386.810192] ? v9fs_write_inode+0x60/0x60 [ 1386.810808] legacy_get_tree+0x105/0x220 [ 1386.811409] vfs_get_tree+0x8e/0x300 [ 1386.811960] path_mount+0x1429/0x2120 [ 1386.812526] ? strncpy_from_user+0x9e/0x470 [ 1386.813164] ? finish_automount+0xa90/0xa90 [ 1386.813809] ? getname_flags.part.0+0x1dd/0x4f0 [ 1386.814498] ? _copy_from_user+0xfb/0x1b0 [ 1386.815117] __x64_sys_mount+0x282/0x300 [ 1386.815716] ? copy_mnt_ns+0xa00/0xa00 [ 1386.816295] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.817067] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.817834] do_syscall_64+0x33/0x40 [ 1386.818391] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.819142] RIP: 0033:0x7f0b176ffb19 [ 1386.819691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.822349] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1386.823465] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1386.824500] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1386.825545] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1386.826582] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1386.827614] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1386.857084] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:45 executing program 2: r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r1 = openat$cdrom(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) dup2(r0, r1) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = signalfd(r0, &(0x7f0000000100)={[0x6]}, 0x8) shutdown(r4, 0x1) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="f524a2968e1e26e27daac8646e6f3d", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',\x00']) 04:55:46 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x700000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1386.883438] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1386.884580] CPU: 0 PID: 16622 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1386.885618] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1386.886837] Call Trace: [ 1386.887234] dump_stack+0x107/0x167 [ 1386.887789] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1386.888565] p9_client_create+0xc2b/0x11c0 [ 1386.889211] ? p9_client_flush+0x430/0x430 [ 1386.889855] ? trace_hardirqs_on+0x5b/0x180 [ 1386.890503] ? lockdep_init_map_type+0x2c7/0x780 [ 1386.891224] ? __raw_spin_lock_init+0x36/0x110 [ 1386.891975] v9fs_session_init+0x1dd/0x1680 [ 1386.892617] ? lock_release+0x680/0x680 [ 1386.893217] ? kmem_cache_alloc_trace+0x151/0x320 [ 1386.893937] ? v9fs_show_options+0x690/0x690 [ 1386.894594] ? trace_hardirqs_on+0x5b/0x180 [ 1386.895233] ? kasan_unpoison_shadow+0x33/0x50 [ 1386.895906] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1386.896655] v9fs_mount+0x79/0x8f0 [ 1386.897237] ? v9fs_write_inode+0x60/0x60 [ 1386.897902] legacy_get_tree+0x105/0x220 [ 1386.898492] vfs_get_tree+0x8e/0x300 [ 1386.899043] path_mount+0x1429/0x2120 [ 1386.899606] ? strncpy_from_user+0x9e/0x470 [ 1386.900239] ? finish_automount+0xa90/0xa90 [ 1386.900868] ? getname_flags.part.0+0x1dd/0x4f0 [ 1386.901574] ? _copy_from_user+0xfb/0x1b0 [ 1386.901597] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1386.902181] __x64_sys_mount+0x282/0x300 [ 1386.902198] ? copy_mnt_ns+0xa00/0xa00 [ 1386.902220] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1386.902247] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1386.906152] do_syscall_64+0x33/0x40 [ 1386.906697] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1386.907445] RIP: 0033:0x7f0b176ffb19 [ 1386.907996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1386.910673] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1386.911783] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1386.912821] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1386.913871] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1386.914915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1386.915965] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:55:46 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440), 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1387.006508] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:55:46 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:59 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:59 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x800000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1400.435642] FAULT_INJECTION: forcing a failure. [ 1400.435642] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.436694] CPU: 1 PID: 16857 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1400.437301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.438042] Call Trace: [ 1400.438280] dump_stack+0x107/0x167 [ 1400.438607] should_fail.cold+0x5/0xa [ 1400.438953] should_failslab+0x5/0x20 [ 1400.439296] __kmalloc_track_caller+0x79/0x370 [ 1400.439706] ? match_number+0xaf/0x1d0 [ 1400.440057] kmemdup_nul+0x2d/0xa0 [ 1400.440374] match_number+0xaf/0x1d0 [ 1400.440702] ? match_u64+0x190/0x190 [ 1400.441032] ? __kmalloc_track_caller+0x2c6/0x370 [ 1400.441459] ? memcpy+0x39/0x60 [ 1400.441777] parse_opts.part.0+0x1f3/0x340 [ 1400.442152] ? p9_fd_show_options+0x1c0/0x1c0 [ 1400.442560] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.443024] ? trace_hardirqs_on+0x5b/0x180 [ 1400.443427] ? kfree+0xd7/0x340 [ 1400.443728] p9_fd_create+0x98/0x4a0 [ 1400.444072] ? p9_conn_create+0x510/0x510 [ 1400.444448] ? p9_client_create+0x798/0x11c0 [ 1400.444851] ? kfree+0xd7/0x340 [ 1400.445154] ? do_raw_spin_unlock+0x4f/0x220 [ 1400.445564] p9_client_create+0x7ff/0x11c0 [ 1400.445957] ? p9_client_flush+0x430/0x430 [ 1400.446340] ? trace_hardirqs_on+0x5b/0x180 [ 1400.446735] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.447165] ? __raw_spin_lock_init+0x36/0x110 [ 1400.447585] v9fs_session_init+0x1dd/0x1680 [ 1400.448196] ? lock_release+0x680/0x680 [ 1400.448568] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.449007] ? v9fs_show_options+0x690/0x690 [ 1400.449406] ? trace_hardirqs_on+0x5b/0x180 [ 1400.449831] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.450349] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.450932] v9fs_mount+0x79/0x8f0 04:55:59 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:59 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r0, 0x2288, &(0x7f0000000180)) r4 = socket$packet(0x11, 0x2, 0x300) sendmmsg(r4, &(0x7f0000002380)=[{{&(0x7f0000000c40)=@caif=@dgm={0x25, 0x2}, 0x80, &(0x7f0000000f40)=[{&(0x7f0000000cc0)="bf", 0x1}], 0x1}}, {{&(0x7f0000000fc0)=@ieee802154={0x24, @short}, 0x80, 0x0}}], 0x2, 0x0) openat$null(0xffffffffffffff9c, &(0x7f0000000100), 0x8001, 0x0) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000040)) [ 1400.451357] ? v9fs_write_inode+0x60/0x60 [ 1400.451878] legacy_get_tree+0x105/0x220 [ 1400.452266] vfs_get_tree+0x8e/0x300 [ 1400.452602] path_mount+0x1429/0x2120 [ 1400.452953] ? strncpy_from_user+0x9e/0x470 [ 1400.453341] ? finish_automount+0xa90/0xa90 [ 1400.453763] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.454195] ? _copy_from_user+0xfb/0x1b0 [ 1400.454574] __x64_sys_mount+0x282/0x300 [ 1400.454939] ? copy_mnt_ns+0xa00/0xa00 [ 1400.455295] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.455773] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.456247] do_syscall_64+0x33/0x40 [ 1400.456592] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.457054] RIP: 0033:0x7f0d74438b19 [ 1400.457387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.459071] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.459747] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1400.460390] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.461046] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.461703] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.462339] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1400.504703] FAULT_INJECTION: forcing a failure. [ 1400.504703] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.506575] CPU: 0 PID: 16870 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1400.507581] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.508784] Call Trace: [ 1400.509173] dump_stack+0x107/0x167 [ 1400.509721] should_fail.cold+0x5/0xa [ 1400.510285] ? __kernfs_new_node+0xd4/0x860 [ 1400.510922] should_failslab+0x5/0x20 [ 1400.511482] kmem_cache_alloc+0x5b/0x310 [ 1400.512086] __kernfs_new_node+0xd4/0x860 [ 1400.512697] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1400.513393] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1400.514177] ? kernfs_add_one+0x124/0x4d0 [ 1400.514792] ? kernfs_create_dir_ns+0x10b/0x160 [ 1400.515476] kernfs_new_node+0x18d/0x250 [ 1400.516075] __kernfs_create_file+0x51/0x350 [ 1400.516722] sysfs_add_file_mode_ns+0x221/0x560 [ 1400.517418] internal_create_group+0x324/0xb30 [ 1400.518105] ? sysfs_remove_group+0x170/0x170 [ 1400.518759] ? kernfs_name_hash+0xe7/0x110 [ 1400.519379] ? kernfs_find_ns+0x256/0x380 [ 1400.519996] sysfs_slab_add+0x188/0x200 [ 1400.520590] __kmem_cache_create+0x3db/0x520 [ 1400.521239] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1400.521977] p9_client_create+0xc2b/0x11c0 [ 1400.522606] ? p9_client_flush+0x430/0x430 [ 1400.523225] ? trace_hardirqs_on+0x5b/0x180 [ 1400.523865] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.524560] ? __raw_spin_lock_init+0x36/0x110 [ 1400.525232] v9fs_session_init+0x1dd/0x1680 [ 1400.525875] ? lock_release+0x680/0x680 [ 1400.526470] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.527183] ? v9fs_show_options+0x690/0x690 [ 1400.527863] ? trace_hardirqs_on+0x5b/0x180 [ 1400.528509] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.529193] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.529466] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1400.529933] v9fs_mount+0x79/0x8f0 [ 1400.529956] ? v9fs_write_inode+0x60/0x60 [ 1400.529980] legacy_get_tree+0x105/0x220 [ 1400.532398] vfs_get_tree+0x8e/0x300 [ 1400.532943] path_mount+0x1429/0x2120 [ 1400.533508] ? strncpy_from_user+0x9e/0x470 [ 1400.534095] 9pnet: Insufficient options for proto=fd [ 1400.534147] ? finish_automount+0xa90/0xa90 [ 1400.535194] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.535874] ? _copy_from_user+0xfb/0x1b0 [ 1400.536502] __x64_sys_mount+0x282/0x300 [ 1400.537105] ? copy_mnt_ns+0xa00/0xa00 [ 1400.537689] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.538488] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.539243] do_syscall_64+0x33/0x40 [ 1400.539806] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.540565] RIP: 0033:0x7f0b176ffb19 [ 1400.541108] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.541125] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.543789] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1400.544825] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.546056] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.547117] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.548147] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 ioctl$BTRFS_IOC_SPACE_INFO(r4, 0xc0109414, &(0x7f000000b9c0)=ANY=[@ANYBLOB="710600000000000050a9000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e45942b241e6dfa5fa89fa97207f2946064ecc70337e713755de0993e9a1f516842a2dc91a26de8a6e461085fcd9cf8c3a1b18f4ec32e4a9ff24f958db8adb52d6c2204f57fcc9aff8c886c34ced4e48818e88bacd797e1677e3a4d9bc8d5823e89bfcdcda04833bf3b7b7c5241dd1af55edd85aabfa858f7175af7d2970561921bd04301396caeaf4519f56826300f740291510ec67a8e245703c1c1aad09d8d4709f22d514cf77c6bf7d21a83ee413fc7c79bd23742ef60c9935e482a289a25746a7d4b86d77dd60f952263f2af8fd340f2ef5348bf8cf4acc5e"]) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r1}}) 04:55:59 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:59 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 58) 04:55:59 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 28) 04:55:59 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) readv(r0, &(0x7f0000001440)=[{&(0x7f0000000440)=""/4096, 0x1000}, {&(0x7f0000000240)=""/142, 0x8e}, {&(0x7f0000000300)=""/126, 0x7e}, {&(0x7f0000000100)=""/49, 0x31}, {&(0x7f0000000180)=""/35, 0x23}, {&(0x7f0000000380)=""/83, 0x53}], 0x6) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) perf_event_open(&(0x7f0000001500)={0x5, 0xd8, 0x1, 0x1f, 0xff, 0x7, 0x0, 0x6, 0x8, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0xa5d, 0x0, @perf_bp={&(0x7f00000014c0), 0x6}, 0x11010, 0x3, 0x101, 0x0, 0xa0dd, 0x1, 0x4, 0x0, 0xd4e8, 0x0, 0x7fffffff}, 0x0, 0x7, r0, 0x0) pipe(&(0x7f0000001580)) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) 04:55:59 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:59 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:59 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 29) [ 1400.588935] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1400.589517] CPU: 1 PID: 16870 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1400.590109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.590793] Call Trace: [ 1400.591026] dump_stack+0x107/0x167 [ 1400.591338] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1400.591800] p9_client_create+0xc2b/0x11c0 [ 1400.592157] ? p9_client_flush+0x430/0x430 [ 1400.592515] ? trace_hardirqs_on+0x5b/0x180 [ 1400.592880] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.593281] ? __raw_spin_lock_init+0x36/0x110 [ 1400.593686] v9fs_session_init+0x1dd/0x1680 [ 1400.594047] ? lock_release+0x680/0x680 [ 1400.594385] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.594784] ? v9fs_show_options+0x690/0x690 [ 1400.595152] ? trace_hardirqs_on+0x5b/0x180 [ 1400.595510] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.595894] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.596310] v9fs_mount+0x79/0x8f0 [ 1400.596607] ? v9fs_write_inode+0x60/0x60 [ 1400.596949] legacy_get_tree+0x105/0x220 [ 1400.597286] vfs_get_tree+0x8e/0x300 [ 1400.597606] path_mount+0x1429/0x2120 [ 1400.597931] ? strncpy_from_user+0x9e/0x470 [ 1400.598280] ? finish_automount+0xa90/0xa90 [ 1400.598640] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.599017] ? _copy_from_user+0xfb/0x1b0 [ 1400.599363] __x64_sys_mount+0x282/0x300 [ 1400.599694] ? copy_mnt_ns+0xa00/0xa00 [ 1400.600017] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.600445] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.600878] do_syscall_64+0x33/0x40 [ 1400.601183] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.601618] RIP: 0033:0x7f0b176ffb19 [ 1400.601927] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.603427] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.604038] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1400.604613] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.605184] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.605806] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.606385] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1400.629742] FAULT_INJECTION: forcing a failure. [ 1400.629742] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.630947] CPU: 1 PID: 16966 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1400.631483] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.632133] Call Trace: [ 1400.632350] dump_stack+0x107/0x167 [ 1400.632642] should_fail.cold+0x5/0xa [ 1400.632952] ? create_object.isra.0+0x3a/0xa20 [ 1400.633328] should_failslab+0x5/0x20 [ 1400.633671] kmem_cache_alloc+0x5b/0x310 [ 1400.634019] create_object.isra.0+0x3a/0xa20 [ 1400.634370] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.634780] __kmalloc_track_caller+0x177/0x370 [ 1400.635155] ? match_number+0xaf/0x1d0 [ 1400.635477] kmemdup_nul+0x2d/0xa0 [ 1400.635764] match_number+0xaf/0x1d0 [ 1400.636069] ? match_u64+0x190/0x190 [ 1400.636368] ? __kmalloc_track_caller+0x2c6/0x370 [ 1400.636775] ? memcpy+0x39/0x60 [ 1400.637058] parse_opts.part.0+0x1f3/0x340 [ 1400.637397] ? p9_fd_show_options+0x1c0/0x1c0 [ 1400.637771] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.638190] ? trace_hardirqs_on+0x5b/0x180 [ 1400.638536] ? kfree+0xd7/0x340 [ 1400.638814] p9_fd_create+0x98/0x4a0 [ 1400.639111] ? p9_conn_create+0x510/0x510 [ 1400.639439] ? p9_client_create+0x798/0x11c0 [ 1400.639803] ? kfree+0xd7/0x340 [ 1400.640074] ? do_raw_spin_unlock+0x4f/0x220 [ 1400.640436] p9_client_create+0x7ff/0x11c0 [ 1400.640772] ? p9_client_flush+0x430/0x430 [ 1400.641115] ? trace_hardirqs_on+0x5b/0x180 [ 1400.641478] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.641897] ? __raw_spin_lock_init+0x36/0x110 [ 1400.642269] v9fs_session_init+0x1dd/0x1680 [ 1400.642611] ? lock_release+0x680/0x680 [ 1400.642934] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.643336] ? v9fs_show_options+0x690/0x690 [ 1400.643685] ? trace_hardirqs_on+0x5b/0x180 [ 1400.644049] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.644412] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.644814] v9fs_mount+0x79/0x8f0 [ 1400.645102] ? v9fs_write_inode+0x60/0x60 [ 1400.645432] legacy_get_tree+0x105/0x220 [ 1400.645785] vfs_get_tree+0x8e/0x300 [ 1400.646085] path_mount+0x1429/0x2120 [ 1400.646398] ? strncpy_from_user+0x9e/0x470 [ 1400.646746] ? finish_automount+0xa90/0xa90 [ 1400.647108] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.647483] ? _copy_from_user+0xfb/0x1b0 [ 1400.647823] __x64_sys_mount+0x282/0x300 [ 1400.648147] ? copy_mnt_ns+0xa00/0xa00 [ 1400.648463] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.648895] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.649308] do_syscall_64+0x33/0x40 [ 1400.649621] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.650037] RIP: 0033:0x7f0d74438b19 [ 1400.650335] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.651827] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.652425] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1400.653009] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.653577] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.654148] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.654701] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:55:59 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x900000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:55:59 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:55:59 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) r5 = syz_open_dev$vcsn(&(0x7f0000000300), 0x9, 0x101002) r6 = syz_io_uring_setup(0x46b8, &(0x7f0000000340)={0x0, 0x2edc, 0x2, 0x0, 0x12e, 0x0, r5}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f00000003c0), &(0x7f0000000440)) sendto$inet(r4, &(0x7f0000000240)="740679416df097c4a8412cec4249c00e7a8bbf73a0e303c6b089f7b839d9503258d485fb215d28d2bcff05eb266469bda6dc9fb4d488e748a3c4e74d7960fdfbf0079db5c1d43c7fa331dfefe2f9685df3de21c39a72bb33a1cea30dabc04cc7dcc1f5ec3b7f2c0d367bf4a645ac09afb64be4911d92b43b8df91ba6a0adf39aa6a22bc5ca2966a1602ff36b5c2cf611116710157fef74049d4573d6dd14a64561136be9b29a281a74e8", 0xaa, 0xc0, &(0x7f0000000100)={0x2, 0x4e24, @empty}, 0x10) sendfile(r1, r2, 0x0, 0xffe3) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r7, 0x0, 0xffe3) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) io_submit(0x0, 0x6, &(0x7f0000000a40)=[&(0x7f0000000580)={0x0, 0x0, 0x0, 0x2, 0x401, r6, &(0x7f00000004c0)="63ae3375c89500f0c6bec443521be532982cb80073b1a4f624b63f1e73e74cf3e3be83111257bbfd5de166d9bad76c4adef52ba6ab33262a36d6acb55ce48f054699081628bc2a2bf488d24a43b4b5b92e4ca00f935cbd319ab3e7bd749373c7ca112a1526bffd97f428b7a2ee109b0c1a4b027875", 0x75, 0x27, 0x0, 0x2}, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x7, 0x5, 0xffffffffffffffff, &(0x7f0000000600)="b1e51e61d2584a16fac0266f6ffdb5d0f1497573477067a9179461953d1a0d36c5fcab", 0x23, 0x7}, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x8, 0x7, r0, &(0x7f00000006c0)="51e0051150a8982f92374f3a546666afde9d5367a53ff56274792be564154d03c6b51339352c7f928c9e172e9d40e42d8a43ce2484b7465eff7fb9224c93fe7e715bea7a2caa03c6bd045bdfff7d6f1bed079b03338e499cff9afa72f26eef6661a57363aac37a880804e0c13267e3ea43bdb3a9b8db98c9553796414e80926397eb4c63f41cab5632f958baba0949557e267b01173cd54500bfad717a4d026d92f66b0c40aa109ea2c8b2ce018374553e2c3858c575fc5fc754e043c50a4bcc5906babd831c1516bad460de5342", 0xce, 0x7f}, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x8, 0x400, 0xffffffffffffffff, &(0x7f0000000800)="8346ee34a64d9f470b48b116006ada8459e859e9d23f2f3caa", 0x19, 0x7, 0x0, 0x3, r4}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x5, 0x2, 0xffffffffffffffff, &(0x7f0000000880)="4628895d6001b4f58717452d4485301ada968fc06bbae99869848bc888a7cd44b6573c9a0732e5b816bbf4916df688d7405539606e79ee0cbe6b509052cde6a9a4d843342c51c1a5ab", 0x49, 0x9, 0x0, 0x2, r4}, &(0x7f0000000a00)={0x0, 0x0, 0x0, 0x7, 0x1, r8, &(0x7f0000000940)="8dec4ece5482d0669bed462ba7831777d0eed3d935ad5c618b2861a5ed06f32842e135d7a0923fc95baea9328479bf40e83f00cab997ff53a9aeaec4d2398acc7e6f67a3f138dd97cb03e70bf35e798c200d04f1582629ca330ebd7c16716af9768899f3133312b51d19e8883e0027c85902d40ebdd0d4c213fd7b5ca8cd7475fd9cc1ce3dc2cfd510404afd3c5017bd4603c9b0388b0f92e7c1bc90328d8f73e6d21c9460b4bed0cf5b5e62e69ecb0128e4", 0xb2, 0x8a21, 0x0, 0x1, r5}]) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d66642c7266646e6f0e", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',\x00']) 04:55:59 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:55:59 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:55:59 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 59) [ 1400.833240] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1400.901471] FAULT_INJECTION: forcing a failure. [ 1400.901471] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.903344] CPU: 0 PID: 17083 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1400.904389] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.905653] Call Trace: [ 1400.906056] dump_stack+0x107/0x167 [ 1400.906612] should_fail.cold+0x5/0xa [ 1400.907194] ? __kernfs_new_node+0xd4/0x860 [ 1400.907856] should_failslab+0x5/0x20 [ 1400.908431] kmem_cache_alloc+0x5b/0x310 [ 1400.909056] __kernfs_new_node+0xd4/0x860 [ 1400.909697] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1400.910424] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1400.911156] ? wait_for_completion_io+0x270/0x270 [ 1400.911883] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1400.912694] kernfs_new_node+0x18d/0x250 [ 1400.913316] __kernfs_create_file+0x51/0x350 [ 1400.913997] sysfs_add_file_mode_ns+0x221/0x560 [ 1400.914721] internal_create_group+0x324/0xb30 [ 1400.915426] ? sysfs_remove_group+0x170/0x170 [ 1400.916103] ? kernfs_name_hash+0xe7/0x110 [ 1400.916744] ? kernfs_find_ns+0x256/0x380 [ 1400.917358] sysfs_slab_add+0x188/0x200 [ 1400.917978] __kmem_cache_create+0x3db/0x520 [ 1400.918641] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1400.919398] p9_client_create+0xc2b/0x11c0 [ 1400.920048] ? p9_client_flush+0x430/0x430 [ 1400.920688] ? trace_hardirqs_on+0x5b/0x180 [ 1400.921345] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.922077] ? __raw_spin_lock_init+0x36/0x110 [ 1400.922777] v9fs_session_init+0x1dd/0x1680 [ 1400.923427] ? lock_release+0x680/0x680 [ 1400.924033] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.924767] ? v9fs_show_options+0x690/0x690 [ 1400.925444] ? trace_hardirqs_on+0x5b/0x180 [ 1400.926120] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.926816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.927597] v9fs_mount+0x79/0x8f0 [ 1400.928144] ? v9fs_write_inode+0x60/0x60 [ 1400.928781] legacy_get_tree+0x105/0x220 [ 1400.929390] vfs_get_tree+0x8e/0x300 [ 1400.929964] path_mount+0x1429/0x2120 [ 1400.930542] ? strncpy_from_user+0x9e/0x470 [ 1400.931173] ? finish_automount+0xa90/0xa90 [ 1400.931821] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.932530] ? _copy_from_user+0xfb/0x1b0 [ 1400.933174] __x64_sys_mount+0x282/0x300 [ 1400.933796] ? copy_mnt_ns+0xa00/0xa00 [ 1400.934400] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.935204] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.935982] do_syscall_64+0x33/0x40 [ 1400.936543] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.937313] RIP: 0033:0x7f0b176ffb19 [ 1400.937884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.940639] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.941751] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1400.942831] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.943904] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.944989] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.946080] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1400.947964] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1400.948566] CPU: 1 PID: 17083 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1400.949110] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1400.949792] Call Trace: [ 1400.950014] dump_stack+0x107/0x167 [ 1400.950308] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1400.950739] p9_client_create+0xc2b/0x11c0 [ 1400.951078] ? p9_client_flush+0x430/0x430 [ 1400.951420] ? trace_hardirqs_on+0x5b/0x180 [ 1400.951780] ? lockdep_init_map_type+0x2c7/0x780 [ 1400.952160] ? __raw_spin_lock_init+0x36/0x110 [ 1400.952544] v9fs_session_init+0x1dd/0x1680 [ 1400.952893] ? lock_release+0x680/0x680 [ 1400.953214] ? kmem_cache_alloc_trace+0x151/0x320 [ 1400.953603] ? v9fs_show_options+0x690/0x690 [ 1400.953961] ? trace_hardirqs_on+0x5b/0x180 [ 1400.954302] ? kasan_unpoison_shadow+0x33/0x50 [ 1400.954665] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1400.955082] v9fs_mount+0x79/0x8f0 [ 1400.955373] ? v9fs_write_inode+0x60/0x60 [ 1400.955709] legacy_get_tree+0x105/0x220 [ 1400.956032] vfs_get_tree+0x8e/0x300 [ 1400.956329] path_mount+0x1429/0x2120 [ 1400.956643] ? strncpy_from_user+0x9e/0x470 [ 1400.956990] ? finish_automount+0xa90/0xa90 [ 1400.957344] ? getname_flags.part.0+0x1dd/0x4f0 [ 1400.957738] ? _copy_from_user+0xfb/0x1b0 [ 1400.958073] __x64_sys_mount+0x282/0x300 [ 1400.958403] ? copy_mnt_ns+0xa00/0xa00 [ 1400.958726] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1400.959149] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1400.959566] do_syscall_64+0x33/0x40 [ 1400.959868] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1400.960282] RIP: 0033:0x7f0b176ffb19 [ 1400.960583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1400.962046] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1400.962657] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1400.963232] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1400.963803] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1400.964366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1400.964937] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:13 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 60) 04:56:13 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0), 0x400, 0x0) ioctl$SG_IO(r2, 0x2285, &(0x7f0000000600)={0x53, 0xffffffffffffffff, 0x17, 0x5, @scatter={0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000500)=""/83}, {&(0x7f0000000200)=""/34}, {&(0x7f00000003c0)=""/31}, {&(0x7f0000000580)=""/29}, {&(0x7f00000006c0)=""/184}, {&(0x7f00000005c0)=""/22}, {&(0x7f0000000780)=""/130}, {&(0x7f0000000840)=""/54}]}, &(0x7f0000000680)="8614967c86f55f22571bf2d1469729806b160bf0000000", &(0x7f0000000300)=""/130, 0x4, 0x10001, 0x2, &(0x7f0000000280)}) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r4, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) io_uring_enter(r4, 0x4e25, 0x91a7, 0x2, &(0x7f0000000100)={[0x100000001]}, 0x8) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r6 = openat$cgroup_int(r4, &(0x7f0000000440)='io.weight\x00', 0x2, 0x0) write(r6, &(0x7f0000000900)="e55050570c51c39a416ceac0ca70292205c0c21c7dc9a5b6eb196420dd453e8a6bc80f727993139f809eb69d954d3cb6f07452773cc33ea7e108da3214825640af479a90b19b5615b11c8d2b5420fb73ffc33aee89557293b1f31d27c3ddf0cd316e5e175974c2c86ac95e8c8036b40ea44d29e8e62fec552729a270492bd90d791d0c7ce658254365ebc5add4e0b5057f60245987e7a753d352267d23ded5b41f8af9bcc089190702f5a6d8d17f10e94082780b57c7c5df48a7b06d8f205dfa4e58b3a5624de2e48ed1d58fe807bd37ffb1b90a8aeb35c440de13aae9bc18291aaf623501185113349da27e0457c5fbbb0f252d1dd9fa16e8af0d0ecab3e4f83a278ad01d4a07bf799616a86c6de76d0a96f06d10b43b0e19665cc87cf409105fd95a67bc4c780aa052d086e57c2446f500e73c07d230232b13050bd3ae8a112a79f18da6e1dfe4393a02d9ed6a8296cfeeb761c1bc97252a932c4a245e07f1103458323666a4f1fafa1fbb2552e7e27ee309e1b85df2a09da117e0f7fcd85a29554bfb885ac7c103a7125245c79e63e4cbb0f58dc7535d4152e9dbb45a3feb52056c15d3066a01a5d8fbeacf6e8f77b227e37d8e5f981faee8c9642146b04957b9b2b53db76c42653e07d7c4ab122e41e6815311788be5eba430a61d27fc9e76a5d448119d5c682074c9b464b4c59d70c9bce28b87ec56ee62445ebd6771b728f5b892f998722edf7bced89d8b5271aed2f75c078aa07b0bf50a94ee4a766d014c188642a0fcbbdc1ee96d66c422ab97de2c4c3fdf5f9c2a85d5ed55d934ac300cf31abeefd966fa6e1c6d172eb54b0bfcc42887d58b97d31971661443d168e61f46c3b28556d9921453f6ba4e810cb1d251d5fcdc1c8f0b5f1bfc0063dc53aa8d568275cbfd723f533ead2d33b3c8ce7bcc87bfc702a8c9ddd927d49b084eab7f5b6190e3dc057acf7e3dfcb0cd3eaf8cf3f56a469a1bf5c3ffbfc7bf3bc1e5103e3cf1502703e90d754a9ad654559680a198e52a0d936c07ae50039db98c4c4e6268ac36bcf1d1b1510486d32d7cff9bff5c30b8f12fbb47f2ed923a68e4276a857c6ba48eee4c943b16dece51b13aa101105abf77bbd590e85ef8fb85a1c9617759a9e96e2f4ce184f29cac81751fbb57a27277643c9aefc8d2297fee3c5af9132e6491f39339cc04da441ad4f0bc553910f4b906c116077de621fc27ef7295cce1728f94052ee9c2ded3fbb0dbfed78d5678ee946f3feedccfebc45fe1e60c390e2275e7bde1dbe5007825aad25491ca5e55a6ee2985445f115cb845de42c00973699eab3be2cbb6c7915732d83c62e11d1e28090799a61aa29c03a2de7307be2a5c0e379516147e2411afa1baa4eef2f69ae3f0c4a401ed6d4773317daae17c2af3aceb113b7e5af318a2019e57fc43ef2fff94fe43ba8c065fc6bf7f826cb0d2639aba9707b631c15b21b11a0c0ae714db04c43cd715f95d5c8e17a86aec573fc8c601ddf9dd68ad0a0b29c7874bb589d235cf5ad37c87a21a984bf81af404683fcee085b064a32d87ef1c5e0517dc9eb550e7e2f67e2ac141b5d2fde675e832a966e7e53ce4e01a71736dd5c169f2d46b130aa0fa387eb0284a69b227175ecff774aa708d285b43940d6ff6bf125879ed81111143b7c83ad9add2dade47ab884d2e0ce997a2b27740110350da06e89048f5367f555432ca0b62bf19f8832694a375019b1bed9dd5f11d1054b0c5ddbb07789d43f431117f88ee034c48fa7168c297553018e2ae1ba0fa3c00f977693bf1f655b4ef14a62e8f20f0ad1eb35ed4d30c050fcdc1f788b62d056e0b76611b18fdb5b05a0775f98096e2972b4b47d8640307ae494c5f9333b1e3ad290c853d69d5596ee5a72e6b4bc4977615eab361c08e26a00b24810e7647154a931a50342131fd9bcca2513667efd443c88b934843433f34773194099092660c9fe78542f12122bd762543d815f715373739c39cbdda4256827f2b1a5da9bf886e7eb9d0465bb1445f56fb85c28249caf0d341bc0ae0154bde47910d55ae9e8e3018589f4253ef23f11488d373670076e6a7e75b1fddfa6469183306c6bc3ebef185d99e8337e5408af8bd889950fff661ead30030ee367f1ed93189a433c057dd1259c60eb1c1db7578f40ad3e5d97ec002ead3da9c323780a5dc3785c1f82d0fffd17dfcdc139eb5e764938c590b7876caa0bd2a5092ccc4d92c87a8225187851d42e1bb55c8abaf37b9a606652f8e8fa63678e954e794ed3f9b460d4d62ee7359d9e261548d6a5a982be1d435c797b644ecb4cfdcc80552fd64ac57190ae04eb0a06e4c08801649708ef197a73bd1f8f7264d08f3fe1b9aded24de33fbf9c83ecc296d18c3515d30a2146b3a8a2da7c72e7f99f27e161a803838275dee14fe1cc72f60df2c20cc90909d3c227ab8403194b01062a392b07d12ffa47e13cc2dfd97b536f297ef49de7c85b502f6e66d54f54d1122da77369e63b51950847be08b964c18241007936e7130b37760d9e9e899ba7f41b9a587d27f0341bd736b384a99333c8111b878bb270e79a44daf0b0369475f2fe772f8b52bc56b19cadbb3e5485a836c89386fdd658b575ac6e9982f68504791185e08e5e525aa142652805f8e2276f3e09d6a9936d2a67fefa81a2d12dadef66645a2c5220e10ed9a4d30d186005b2858c220dc8f6e44339b0362c9688047153b7c963a903c2a27b5565dd7e3490236261e4c2c94a1d117ab5d586364e8225f82d413a5518988ec9f235f4cda7082a9dc3ad04f939eb724922aadb7414b6394c26393d5e129a6629344b6b895b3d2228e7b0504baa44f25d1973fca375392eb1800073c902250510b7dce58e209b2dc47207c9646cfed4dfd237924a766ea2978cdec1c8f469b9d5053eb6f729defbe43e8c6d06fb649c1c4d1d5b6b04b210c276849fbfb837a4d903cb768ad417acd73e012748da56a6b0920ea61254b6966d47b2602f5ffce835034cacdbbd94b63aedfa59836826407ac0262bf0cbbdc4a176897b86caf3eb602b0a80734f2a890205194291e6ac3b19521a9daed68a56445151fc394f9f0794c035536e77445939fe67011c500a27d109e50b14f61de50af74f235e10576a7469282e6019b0d7b26388d96536eccd5560a97ae18176e4f2a315ab69a690047c2a715a7be361bfba6370a9cb4fa942a1fb2d4292d664302144828e23988d84b2f99c60bf3947c664c7530a950fb6cda7ea344fcc88bfc20e261a0b4ce7e1ddb52fb4040540846165a456e7cb9bb7906559095702f830083510465d9c014345d9de2df6d7bf73dc8fb6146c681a0866123fd91bca5be744544aa8e8639a705eee6f9bc80ad3d6f796e67e99733a9673f6d4a2d54782b2af51936b2249b883fd772e44d0be2393cedf29023cec6e6538c651dc4015e841280131906cffe79848e9d5906f23560d52e9cb4e2754efc54c752e422cd973f156df1a8dc55377f24c8dfa0fdeee3c655ceee0a1e29188775665f50cfa5b0d08173c0c90dafa4744c671286ec2dae733fc7115b0dea24de9cab4b25607e38055b47784c61aad8df1259807d9ab7622f9c69205074cd840aa08398780d3af425f40f3a502a8222d9e7fc0dddf01f6d5b25d86bb2b144438592bff600b2819bb7ad0889fe1b4f96502e1c4b1c592b33f1b59f0e5609107e1f4a05f4cdad16c10ee255c8f2add6e8e20181eef24673b6688abb65c130c54616e4f312502e53f79766e8475a8468eddf46b78348b99fe257e96eddd00721dad549f4b9489b0d47134564464c9c1f424123e3b92c766152c9519670259d947558e49dbf87ba3c4d9ed7a999b2b7e8751d7fa50c1da1eea6d292c43d974102d7ab86c0db426ffa9ab0007d3785c27ad8474d7816f76804a86970b1c554f22c1a7835e188cc61c98653d784dc211ea2e42557e8bea06c47f27da8fb3de85e36ab7b5c22f7d12eda2940803bee128655c30ab1e7262b5e1ed5f1911a37b7f68df0ffaf3df6a58c1836dbaa5009c6794bbd53cd65571ba860c7a7b3433f848ad03a3a7a3dcf2f35869186f3c9d7273842a9565a79afcad990ab3d652edb09abfed245cc803523ef1effb2996d2d16760f3363e247fe62a0725c3dadb12db5c73e2456d5ac5828c8d922e2eb3a6343a9d7460f32d7e798b6070484ec30c59d131dcfd8a257e14ad91c1fd70ea640febbc73b7b47db876c186769bd0836018359fb81ec4cdcff29722a09c1d7abfaefcbdc8b1772f9b5284e5223d7ae030d5b4489612bc3b285eb08b698bae983dadc24e0a59f06c33a9fbe973a5b727449ce965d9f38ecbacce17e038707eb9a941a3d95a5c0443bd3e5b012907f0f6e45fc3baeed38611147e5d11eff676551e34567aaf24d56c1c4e2c33a9b7692bbab07a09e1a5a0f088ac789e07612ff2b8fa12f63af5c93fabb69d697b62df0241a4be4cc4d49e9f2e1bd05ddb6af3caf8ef59bdec8ba41da6e35434c7a258af52fde6ab994d613e848a0f43c3a094627af48f56d8e427320b8a1440ccad871e9807c5427e6800537a584af7715e6eab53363640c0fc16a914a37ce9f74aa92746781c3f1ee207e6a3ba5b00ffec0955f8095fc37cad8a3d025a8c95481f330b58c020196b1d50c3c4240359565694bf45f996a96da951f7ceefc5c6b8fea5169b968609a499a2cb64af4cc0c2602051c2701a70b7b0eede8c87ec014e619cc1931e51d15313c912f7e33d05ac2a0ec46f4087703e63ab08818affa797860293ab6d5617213282eef8e26ac598e62fb6eecc9ba84b37232bdb8f71f7c6e1f0e2d03edd7dadf0b8f8bdbda43ffe83669de46a0a1b7d70f21001e4fcbebdf57b9745775738cde77f8487fea5d8a18247594bb991a181d523b7af3f111bbd3ed4c85bc3a193f980880424ffe27d583ce925900c8befd8e30f9b4f28f255ab48b05b5bedf624651cc51afc52956ce521e07bf9add910755c0686cccdc281c4d9c81c30557c4208ea084fbf8fe81fc476d2d93f935d947a5e4ace3c508573a2a51aa018162a73a7f8ced00c7c8187c428e809268653f9c058165b412535c35b93e38169f70fd38e7b7ebdd124a98d9e6bdc5c708fdb1a82cb4264647cc86043260a3e9923891d83fa9ed46632166833461f3f406dbc6171119fb697f4ccdd6b500d7453d731749cd902d0faf26fa967449b9a24741738d9b233753718bfcd47ef794afda824f8ee0382078f5ef5ecb4344b9acc9cf1075ca2539cd2b3324e8f0aad010ac5c3734621c6ac6327de187ced308dc26eb9dc88c2c033bac2685de0373e2bc94f5850c476833eb62085cebf9f12a84ab5abe3af093a6bfe51875c0e3ed03378df59725dd79b8b10db108521593c4210c0ab5526301d14dad3cfb4cc4c946ae005d5dbfd7bb1c5278647f7d210506dd74e56eb6fbea1e273886579d16e502f8142c671dcc73fb9169d2634b065e8dc8ac9ba8c8118b980185db9f1acd176341c91a94638d38e078967d61fb7d7e54f3830cdf6c6d5f26cc42bf8ce67d85dbad5c67660fa14dc0465e4b48e3e8ba1d0e46d48e9258bb88f57e7f3bd0b04052eb876466a4ba3c42b59751d6bf856b3e98a8419625b9a0c03928f058d73b6c7f70723b3123adf914c7f3d79cb34bfc19bcea56e0eaa6a4da13bd51fa4f96dcf01cba0eb67cc41bb7df15e0167e147d52396d36ad6c1b7878422b3de43c43a365820a2ee78ca2f8dc16aa32929de56971bed0980da47808e4aca21f7cec3f6219705b153a4d6af344213bd51", 0x1000) sendfile(r1, r5, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000001900)=ANY=[@ANYBLOB="7472617d3a2eb11a9a8ea3ee217d", @ANYRESHEX=r5, @ANYBLOB="006bac73cd72dc081bd89e3508f54b9ab21300000066f8", @ANYRESHEX=r0, @ANYRES32=r1]) 04:56:13 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:13 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:13 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xa00000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:13 executing program 6: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$restrict_keyring(0x1d, r4, 0x0, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r4, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYRES64=r4, @ANYRESHEX=r1, @ANYBLOB=',\x00']) fcntl$setstatus(r0, 0x4, 0x44c00) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/msg\x00', 0x0, 0x0) 04:56:13 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 30) 04:56:13 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1414.856675] FAULT_INJECTION: forcing a failure. [ 1414.856675] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.857991] CPU: 0 PID: 17175 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1414.858735] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1414.859468] Call Trace: [ 1414.859714] dump_stack+0x107/0x167 [ 1414.860119] should_fail.cold+0x5/0xa [ 1414.860525] ? create_object.isra.0+0x3a/0xa20 [ 1414.861011] should_failslab+0x5/0x20 [ 1414.861436] kmem_cache_alloc+0x5b/0x310 [ 1414.861889] create_object.isra.0+0x3a/0xa20 [ 1414.862367] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1414.862924] kmem_cache_alloc+0x159/0x310 [ 1414.863387] __kernfs_new_node+0xd4/0x860 [ 1414.863835] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1414.864299] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1414.864738] ? wait_for_completion_io+0x270/0x270 [ 1414.865276] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1414.865861] kernfs_new_node+0x18d/0x250 [ 1414.866297] __kernfs_create_file+0x51/0x350 [ 1414.866770] sysfs_add_file_mode_ns+0x221/0x560 [ 1414.867269] internal_create_group+0x324/0xb30 [ 1414.867445] FAULT_INJECTION: forcing a failure. [ 1414.867445] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.867766] ? sysfs_remove_group+0x170/0x170 [ 1414.867776] ? kernfs_name_hash+0xe7/0x110 [ 1414.867804] sysfs_slab_add+0x188/0x200 [ 1414.870777] __kmem_cache_create+0x3db/0x520 [ 1414.871256] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1414.871789] p9_client_create+0xc2b/0x11c0 [ 1414.872251] ? p9_client_flush+0x430/0x430 [ 1414.872705] ? trace_hardirqs_on+0x5b/0x180 [ 1414.873168] ? lockdep_init_map_type+0x2c7/0x780 [ 1414.873680] ? __raw_spin_lock_init+0x36/0x110 [ 1414.874124] v9fs_session_init+0x1dd/0x1680 [ 1414.874588] ? lock_release+0x680/0x680 [ 1414.875018] ? kmem_cache_alloc_trace+0x151/0x320 [ 1414.875535] ? v9fs_show_options+0x690/0x690 [ 1414.876011] ? trace_hardirqs_on+0x5b/0x180 [ 1414.876467] ? kasan_unpoison_shadow+0x33/0x50 [ 1414.876953] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1414.877496] v9fs_mount+0x79/0x8f0 [ 1414.877820] ? v9fs_write_inode+0x60/0x60 [ 1414.878266] legacy_get_tree+0x105/0x220 [ 1414.878709] vfs_get_tree+0x8e/0x300 [ 1414.879102] path_mount+0x1429/0x2120 [ 1414.879507] ? strncpy_from_user+0x9e/0x470 [ 1414.879965] ? finish_automount+0xa90/0xa90 [ 1414.880368] ? getname_flags.part.0+0x1dd/0x4f0 [ 1414.880866] ? _copy_from_user+0xfb/0x1b0 [ 1414.881261] __x64_sys_mount+0x282/0x300 [ 1414.881706] ? copy_mnt_ns+0xa00/0xa00 [ 1414.882076] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1414.882633] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1414.883179] do_syscall_64+0x33/0x40 [ 1414.883570] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1414.884108] RIP: 0033:0x7f0b176ffb19 [ 1414.884432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.886368] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1414.887107] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1414.887855] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1414.888595] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1414.889340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1414.889965] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1414.890763] CPU: 1 PID: 17179 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1414.891839] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1414.893097] Call Trace: [ 1414.893513] dump_stack+0x107/0x167 [ 1414.894117] should_fail.cold+0x5/0xa [ 1414.894724] should_failslab+0x5/0x20 [ 1414.895328] __kmalloc_track_caller+0x79/0x370 [ 1414.896054] ? match_number+0xaf/0x1d0 [ 1414.896665] ? kfree+0xd7/0x340 [ 1414.897192] kmemdup_nul+0x2d/0xa0 [ 1414.897739] match_number+0xaf/0x1d0 [ 1414.898341] ? match_u64+0x190/0x190 [ 1414.898896] ? __kmalloc_track_caller+0x2c6/0x370 [ 1414.899653] ? memcpy+0x39/0x60 [ 1414.900159] parse_opts.part.0+0x1f3/0x340 [ 1414.900827] ? p9_fd_show_options+0x1c0/0x1c0 [ 1414.901499] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1414.902338] ? trace_hardirqs_on+0x5b/0x180 [ 1414.902985] ? kfree+0xd7/0x340 [ 1414.903502] p9_fd_create+0x98/0x4a0 [ 1414.904056] ? p9_conn_create+0x510/0x510 [ 1414.904696] ? p9_client_create+0x798/0x11c0 [ 1414.905338] ? kfree+0xd7/0x340 [ 1414.905866] ? do_raw_spin_unlock+0x4f/0x220 [ 1414.906511] p9_client_create+0x7ff/0x11c0 [ 1414.907190] ? p9_client_flush+0x430/0x430 [ 1414.907810] ? trace_hardirqs_on+0x5b/0x180 [ 1414.908477] ? lockdep_init_map_type+0x2c7/0x780 [ 1414.909175] ? __raw_spin_lock_init+0x36/0x110 [ 1414.909924] v9fs_session_init+0x1dd/0x1680 [ 1414.910555] ? lock_release+0x680/0x680 [ 1414.911172] ? kmem_cache_alloc_trace+0x151/0x320 [ 1414.911871] ? v9fs_show_options+0x690/0x690 [ 1414.912549] ? trace_hardirqs_on+0x5b/0x180 [ 1414.913202] ? kasan_unpoison_shadow+0x33/0x50 [ 1414.913940] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1414.914686] v9fs_mount+0x79/0x8f0 [ 1414.915248] ? v9fs_write_inode+0x60/0x60 [ 1414.915860] legacy_get_tree+0x105/0x220 [ 1414.916489] vfs_get_tree+0x8e/0x300 [ 1414.917043] path_mount+0x1429/0x2120 [ 1414.917632] ? strncpy_from_user+0x9e/0x470 [ 1414.918290] ? finish_automount+0xa90/0xa90 [ 1414.918959] ? getname_flags.part.0+0x1dd/0x4f0 [ 1414.919635] ? _copy_from_user+0xfb/0x1b0 [ 1414.920277] __x64_sys_mount+0x282/0x300 [ 1414.920869] ? copy_mnt_ns+0xa00/0xa00 [ 1414.921467] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1414.922269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1414.923073] do_syscall_64+0x33/0x40 [ 1414.923614] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1414.924400] RIP: 0033:0x7f0d74438b19 [ 1414.924948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1414.927783] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1414.928896] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1414.929979] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1414.931017] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1414.932039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1414.932051] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1414.932260] 9pnet: Insufficient options for proto=fd 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xb00000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1414.961599] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:56:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008040) 04:56:14 executing program 6: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x1000000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:14 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/bus/input/handlers\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r4, 0x8983, &(0x7f0000001d40)={0x1, 'veth0_to_bridge\x00', {}, 0x100}) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r5, 0x0, 0xffe3) recvmmsg(r3, &(0x7f0000001bc0)=[{{&(0x7f0000000140)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000000440)=[{&(0x7f0000000240)=""/238, 0xee}, {&(0x7f0000000340)=""/60, 0x3c}, {&(0x7f0000000380)=""/66, 0x42}], 0x3, &(0x7f0000000480)=""/63, 0x3f}, 0xe71e}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f00000004c0)=""/64, 0x40}, {&(0x7f0000000500)=""/43, 0x2b}, {&(0x7f0000000540)=""/46, 0x2e}, {&(0x7f0000000580)=""/46, 0x2e}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000015c0)=""/76, 0x4c}, {&(0x7f0000001640)=""/235, 0xeb}], 0x7}, 0x8}, {{&(0x7f00000017c0)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000001840)=""/253, 0xfd}, {&(0x7f0000001940)=""/186, 0xba}, {&(0x7f0000001a00)=""/216, 0xd8}], 0x3, &(0x7f0000001b40)=""/95, 0x5f}, 0xb31}], 0x3, 0x21, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000001e00)=ANY=[@ANYBLOB="7472616e733d6664c66f66646e6f3d", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="7de5f90e8da7d334e0d03bbe5c321597cf234d3d528edbd3112a485f53be505d6b8ca3734843ee419f29b7c6709b2edfbf892c6eaaed10d71a959f64342242260e173119126b9613534f9dc16e2a7df37d8abd40704a75e586b057fb14b43a245c"]) accept4$unix(r0, &(0x7f0000001c80)=@abs, &(0x7f0000001d00)=0x6e, 0x80000) 04:56:14 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:14 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 61) 04:56:14 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:14 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 31) [ 1415.152439] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1415.161966] FAULT_INJECTION: forcing a failure. [ 1415.161966] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.163692] CPU: 1 PID: 17427 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1415.164755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.166045] Call Trace: [ 1415.166467] dump_stack+0x107/0x167 [ 1415.167046] should_fail.cold+0x5/0xa [ 1415.167647] ? __kernfs_new_node+0xd4/0x860 [ 1415.168316] should_failslab+0x5/0x20 [ 1415.168927] kmem_cache_alloc+0x5b/0x310 [ 1415.169554] __kernfs_new_node+0xd4/0x860 [ 1415.170222] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1415.170955] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1415.171698] ? wait_for_completion_io+0x270/0x270 [ 1415.172442] ? kernfs_next_descendant_post+0x1a7/0x2a0 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2000000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1415.173260] kernfs_new_node+0x18d/0x250 [ 1415.174014] __kernfs_create_file+0x51/0x350 [ 1415.174672] sysfs_add_file_mode_ns+0x221/0x560 [ 1415.175412] internal_create_group+0x324/0xb30 [ 1415.176126] ? sysfs_remove_group+0x170/0x170 [ 1415.176808] ? kernfs_name_hash+0xe7/0x110 [ 1415.177472] sysfs_slab_add+0x188/0x200 [ 1415.178101] __kmem_cache_create+0x3db/0x520 [ 1415.178793] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1415.179564] p9_client_create+0xc2b/0x11c0 [ 1415.180234] ? p9_client_flush+0x430/0x430 [ 1415.180891] ? trace_hardirqs_on+0x5b/0x180 [ 1415.181559] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.182326] ? __raw_spin_lock_init+0x36/0x110 [ 1415.183028] v9fs_session_init+0x1dd/0x1680 [ 1415.183696] ? lock_release+0x680/0x680 [ 1415.184296] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.185024] ? v9fs_show_options+0x690/0x690 [ 1415.185711] ? trace_hardirqs_on+0x5b/0x180 [ 1415.186402] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.187111] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.187889] v9fs_mount+0x79/0x8f0 [ 1415.188434] ? v9fs_write_inode+0x60/0x60 [ 1415.189057] legacy_get_tree+0x105/0x220 [ 1415.189680] vfs_get_tree+0x8e/0x300 [ 1415.190269] path_mount+0x1429/0x2120 [ 1415.190370] FAULT_INJECTION: forcing a failure. [ 1415.190370] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.190855] ? strncpy_from_user+0x9e/0x470 [ 1415.190875] ? finish_automount+0xa90/0xa90 [ 1415.193080] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.193814] ? _copy_from_user+0xfb/0x1b0 [ 1415.194462] __x64_sys_mount+0x282/0x300 [ 1415.195083] ? copy_mnt_ns+0xa00/0xa00 [ 1415.195690] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.196488] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.197275] do_syscall_64+0x33/0x40 [ 1415.197873] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.198651] RIP: 0033:0x7f0b176ffb19 [ 1415.199220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.202011] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.203169] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1415.204250] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.205296] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.206328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.207363] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1415.208416] CPU: 0 PID: 17431 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1415.208980] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.209657] Call Trace: [ 1415.209891] dump_stack+0x107/0x167 [ 1415.210199] should_fail.cold+0x5/0xa [ 1415.210512] ? create_object.isra.0+0x3a/0xa20 [ 1415.210885] should_failslab+0x5/0x20 [ 1415.211211] kmem_cache_alloc+0x5b/0x310 [ 1415.211537] create_object.isra.0+0x3a/0xa20 [ 1415.211902] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.212315] __kmalloc_track_caller+0x177/0x370 [ 1415.212688] ? match_number+0xaf/0x1d0 [ 1415.213015] kmemdup_nul+0x2d/0xa0 [ 1415.213304] match_number+0xaf/0x1d0 [ 1415.213605] ? match_u64+0x190/0x190 [ 1415.213915] ? __kmalloc_track_caller+0x2c6/0x370 [ 1415.214300] ? memcpy+0x39/0x60 [ 1415.214571] parse_opts.part.0+0x1f3/0x340 [ 1415.214917] ? p9_fd_show_options+0x1c0/0x1c0 [ 1415.215285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.215704] ? trace_hardirqs_on+0x5b/0x180 [ 1415.216054] ? kfree+0xd7/0x340 [ 1415.216337] p9_fd_create+0x98/0x4a0 [ 1415.216648] ? p9_conn_create+0x510/0x510 [ 1415.216996] ? p9_client_create+0x798/0x11c0 [ 1415.217349] ? kfree+0xd7/0x340 [ 1415.217615] ? do_raw_spin_unlock+0x4f/0x220 [ 1415.217978] p9_client_create+0x7ff/0x11c0 [ 1415.218325] ? p9_client_flush+0x430/0x430 [ 1415.218666] ? trace_hardirqs_on+0x5b/0x180 [ 1415.219016] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.219401] ? __raw_spin_lock_init+0x36/0x110 [ 1415.219773] v9fs_session_init+0x1dd/0x1680 [ 1415.220121] ? lock_release+0x680/0x680 [ 1415.220444] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.220830] ? v9fs_show_options+0x690/0x690 [ 1415.221186] ? trace_hardirqs_on+0x5b/0x180 [ 1415.221539] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.221915] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.222327] v9fs_mount+0x79/0x8f0 [ 1415.222618] ? v9fs_write_inode+0x60/0x60 [ 1415.222958] legacy_get_tree+0x105/0x220 [ 1415.223288] vfs_get_tree+0x8e/0x300 [ 1415.223593] path_mount+0x1429/0x2120 [ 1415.223902] ? strncpy_from_user+0x9e/0x470 [ 1415.224245] ? finish_automount+0xa90/0xa90 [ 1415.224590] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.224965] ? _copy_from_user+0xfb/0x1b0 [ 1415.225306] __x64_sys_mount+0x282/0x300 [ 1415.225634] ? copy_mnt_ns+0xa00/0xa00 [ 1415.225964] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.226385] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.226804] do_syscall_64+0x33/0x40 [ 1415.227108] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.227522] RIP: 0033:0x7f0d74438b19 [ 1415.227826] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.229296] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.229918] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1415.230490] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.231059] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.231628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.232201] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:56:14 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008040) 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x2010000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1415.327398] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1415.332008] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1415.333117] CPU: 1 PID: 17427 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1415.334153] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.335359] Call Trace: [ 1415.335750] dump_stack+0x107/0x167 [ 1415.336296] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1415.337075] p9_client_create+0xc2b/0x11c0 [ 1415.337718] ? p9_client_flush+0x430/0x430 [ 1415.338365] ? trace_hardirqs_on+0x5b/0x180 [ 1415.339006] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.339709] ? __raw_spin_lock_init+0x36/0x110 [ 1415.340392] v9fs_session_init+0x1dd/0x1680 [ 1415.341029] ? lock_release+0x680/0x680 [ 1415.341631] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.342370] ? v9fs_show_options+0x690/0x690 [ 1415.343026] ? trace_hardirqs_on+0x5b/0x180 [ 1415.343668] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.344345] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.345098] v9fs_mount+0x79/0x8f0 [ 1415.345628] ? v9fs_write_inode+0x60/0x60 [ 1415.346269] legacy_get_tree+0x105/0x220 [ 1415.346879] vfs_get_tree+0x8e/0x300 [ 1415.347440] path_mount+0x1429/0x2120 [ 1415.348007] ? strncpy_from_user+0x9e/0x470 [ 1415.348643] ? finish_automount+0xa90/0xa90 [ 1415.349284] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.349993] ? _copy_from_user+0xfb/0x1b0 [ 1415.350616] __x64_sys_mount+0x282/0x300 [ 1415.351215] ? copy_mnt_ns+0xa00/0xa00 [ 1415.351799] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.352573] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.353331] do_syscall_64+0x33/0x40 [ 1415.353913] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.354664] RIP: 0033:0x7f0b176ffb19 [ 1415.355215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.357927] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.359045] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1415.360089] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.361137] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.362202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.363237] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x8cffffff00000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:14 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4008040) 04:56:14 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 62) 04:56:14 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:14 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xf6ffffff00000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) [ 1415.511691] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1415.560593] FAULT_INJECTION: forcing a failure. [ 1415.560593] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.561549] CPU: 0 PID: 17756 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1415.562129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.562799] Call Trace: [ 1415.563024] dump_stack+0x107/0x167 [ 1415.563322] should_fail.cold+0x5/0xa [ 1415.563641] ? __kernfs_new_node+0xd4/0x860 [ 1415.564005] should_failslab+0x5/0x20 [ 1415.564317] kmem_cache_alloc+0x5b/0x310 [ 1415.564672] __kernfs_new_node+0xd4/0x860 [ 1415.565035] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1415.565429] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1415.565843] ? wait_for_completion_io+0x270/0x270 [ 1415.566236] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1415.566671] kernfs_new_node+0x18d/0x250 [ 1415.567005] __kernfs_create_file+0x51/0x350 [ 1415.567372] sysfs_add_file_mode_ns+0x221/0x560 [ 1415.567755] internal_create_group+0x324/0xb30 [ 1415.568132] ? sysfs_remove_group+0x170/0x170 [ 1415.568497] ? kernfs_name_hash+0xe7/0x110 [ 1415.568846] ? kernfs_find_ns+0x256/0x380 [ 1415.569188] sysfs_slab_add+0x188/0x200 [ 1415.569515] __kmem_cache_create+0x3db/0x520 [ 1415.569885] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1415.570316] p9_client_create+0xc2b/0x11c0 [ 1415.570668] ? p9_client_flush+0x430/0x430 [ 1415.571017] ? trace_hardirqs_on+0x5b/0x180 [ 1415.571370] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.571764] ? __raw_spin_lock_init+0x36/0x110 [ 1415.572142] v9fs_session_init+0x1dd/0x1680 [ 1415.572494] ? lock_release+0x680/0x680 [ 1415.572823] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.573219] ? v9fs_show_options+0x690/0x690 [ 1415.573579] ? trace_hardirqs_on+0x5b/0x180 [ 1415.573948] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.574321] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.574739] v9fs_mount+0x79/0x8f0 [ 1415.575034] ? v9fs_write_inode+0x60/0x60 [ 1415.575374] legacy_get_tree+0x105/0x220 [ 1415.575708] vfs_get_tree+0x8e/0x300 [ 1415.576031] path_mount+0x1429/0x2120 [ 1415.576358] ? strncpy_from_user+0x9e/0x470 [ 1415.576710] ? finish_automount+0xa90/0xa90 [ 1415.577067] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.577452] ? _copy_from_user+0xfb/0x1b0 [ 1415.577799] __x64_sys_mount+0x282/0x300 [ 1415.578127] ? copy_mnt_ns+0xa00/0xa00 [ 1415.578447] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.578880] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.579297] do_syscall_64+0x33/0x40 [ 1415.579599] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.580019] RIP: 0033:0x7f0b176ffb19 [ 1415.580323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.581807] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.582421] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1415.582994] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.583571] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.584149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.584723] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:14 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:14 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 32) [ 1415.610172] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1415.610708] CPU: 0 PID: 17756 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1415.611275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.611953] Call Trace: [ 1415.612172] dump_stack+0x107/0x167 [ 1415.612472] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1415.612903] p9_client_create+0xc2b/0x11c0 [ 1415.613254] ? p9_client_flush+0x430/0x430 [ 1415.613601] ? trace_hardirqs_on+0x5b/0x180 [ 1415.613953] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.614343] ? __raw_spin_lock_init+0x36/0x110 [ 1415.614707] v9fs_session_init+0x1dd/0x1680 [ 1415.615059] ? lock_release+0x680/0x680 [ 1415.615378] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.615759] ? v9fs_show_options+0x690/0x690 [ 1415.616124] ? trace_hardirqs_on+0x5b/0x180 [ 1415.616475] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.616851] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.617271] v9fs_mount+0x79/0x8f0 [ 1415.617562] ? v9fs_write_inode+0x60/0x60 [ 1415.617915] legacy_get_tree+0x105/0x220 [ 1415.618248] vfs_get_tree+0x8e/0x300 [ 1415.618547] path_mount+0x1429/0x2120 [ 1415.618862] ? strncpy_from_user+0x9e/0x470 [ 1415.619212] ? finish_automount+0xa90/0xa90 [ 1415.619562] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.619942] ? _copy_from_user+0xfb/0x1b0 [ 1415.620288] __x64_sys_mount+0x282/0x300 [ 1415.620625] ? copy_mnt_ns+0xa00/0xa00 [ 1415.620948] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.621265] FAULT_INJECTION: forcing a failure. [ 1415.621265] name failslab, interval 1, probability 0, space 0, times 0 [ 1415.621392] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.621409] do_syscall_64+0x33/0x40 [ 1415.623979] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.624494] RIP: 0033:0x7f0b176ffb19 [ 1415.624869] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.626706] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.627469] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1415.628181] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.628891] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.629608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.630316] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1415.631055] CPU: 1 PID: 17862 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1415.632144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1415.633421] Call Trace: [ 1415.633862] dump_stack+0x107/0x167 [ 1415.634427] should_fail.cold+0x5/0xa [ 1415.635031] ? p9_fd_create+0x161/0x4a0 [ 1415.635661] should_failslab+0x5/0x20 [ 1415.636268] kmem_cache_alloc_trace+0x55/0x320 [ 1415.636985] p9_fd_create+0x161/0x4a0 [ 1415.637592] ? p9_conn_create+0x510/0x510 [ 1415.638272] ? p9_client_create+0x798/0x11c0 [ 1415.638970] ? kfree+0xd7/0x340 [ 1415.639500] ? do_raw_spin_unlock+0x4f/0x220 [ 1415.640207] p9_client_create+0x7ff/0x11c0 [ 1415.640884] ? p9_client_flush+0x430/0x430 [ 1415.641556] ? trace_hardirqs_on+0x5b/0x180 [ 1415.642270] ? lockdep_init_map_type+0x2c7/0x780 [ 1415.643017] ? __raw_spin_lock_init+0x36/0x110 [ 1415.643739] v9fs_session_init+0x1dd/0x1680 [ 1415.644414] ? lock_release+0x680/0x680 [ 1415.645047] ? kmem_cache_alloc_trace+0x151/0x320 [ 1415.645829] ? v9fs_show_options+0x690/0x690 [ 1415.646537] ? trace_hardirqs_on+0x5b/0x180 [ 1415.647217] ? kasan_unpoison_shadow+0x33/0x50 [ 1415.647943] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1415.648737] v9fs_mount+0x79/0x8f0 [ 1415.649303] ? v9fs_write_inode+0x60/0x60 [ 1415.649985] legacy_get_tree+0x105/0x220 [ 1415.650605] vfs_get_tree+0x8e/0x300 [ 1415.651191] path_mount+0x1429/0x2120 [ 1415.651784] ? strncpy_from_user+0x9e/0x470 [ 1415.652425] ? finish_automount+0xa90/0xa90 [ 1415.653086] ? getname_flags.part.0+0x1dd/0x4f0 [ 1415.653792] ? _copy_from_user+0xfb/0x1b0 [ 1415.654433] __x64_sys_mount+0x282/0x300 [ 1415.655051] ? copy_mnt_ns+0xa00/0xa00 [ 1415.655652] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1415.656462] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1415.657238] do_syscall_64+0x33/0x40 [ 1415.657838] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1415.658614] RIP: 0033:0x7f0d74438b19 [ 1415.659181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1415.661974] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1415.663127] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1415.664202] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1415.665276] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1415.666376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1415.667465] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1428.442331] FAULT_INJECTION: forcing a failure. [ 1428.442331] name failslab, interval 1, probability 0, space 0, times 0 [ 1428.443587] CPU: 1 PID: 17882 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1428.444272] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1428.445072] Call Trace: [ 1428.445335] dump_stack+0x107/0x167 [ 1428.445693] should_fail.cold+0x5/0xa [ 1428.446086] ? create_object.isra.0+0x3a/0xa20 [ 1428.446548] should_failslab+0x5/0x20 [ 1428.446930] kmem_cache_alloc+0x5b/0x310 [ 1428.447348] ? p9_fd_show_options+0x1c0/0x1c0 [ 1428.447805] create_object.isra.0+0x3a/0xa20 [ 1428.448262] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1428.448782] kmem_cache_alloc_trace+0x151/0x320 [ 1428.449271] p9_fd_create+0x161/0x4a0 [ 1428.449659] ? p9_conn_create+0x510/0x510 [ 1428.450078] ? p9_client_create+0x798/0x11c0 [ 1428.450525] ? kfree+0xd7/0x340 [ 1428.450858] ? do_raw_spin_unlock+0x4f/0x220 [ 1428.451519] p9_client_create+0x7ff/0x11c0 [ 1428.451999] ? p9_client_flush+0x430/0x430 04:56:27 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0xffff000000000000, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:27 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trNs=fd,rfdno=\x00', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:56:27 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:27 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 63) 04:56:27 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:27 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 33) 04:56:27 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:27 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1428.452570] ? trace_hardirqs_on+0x5b/0x180 [ 1428.453196] ? lockdep_init_map_type+0x2c7/0x780 [ 1428.453726] ? __raw_spin_lock_init+0x36/0x110 [ 1428.454188] v9fs_session_init+0x1dd/0x1680 [ 1428.454620] ? lock_release+0x680/0x680 [ 1428.455021] ? kmem_cache_alloc_trace+0x151/0x320 [ 1428.455500] ? v9fs_show_options+0x690/0x690 [ 1428.455949] ? trace_hardirqs_on+0x5b/0x180 [ 1428.456384] ? kasan_unpoison_shadow+0x33/0x50 [ 1428.456840] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1428.457339] v9fs_mount+0x79/0x8f0 [ 1428.457693] ? v9fs_write_inode+0x60/0x60 [ 1428.458114] legacy_get_tree+0x105/0x220 [ 1428.458546] vfs_get_tree+0x8e/0x300 [ 1428.458918] path_mount+0x1429/0x2120 [ 1428.459312] ? strncpy_from_user+0x9e/0x470 [ 1428.459730] ? finish_automount+0xa90/0xa90 [ 1428.460168] ? getname_flags.part.0+0x1dd/0x4f0 [ 1428.460624] ? _copy_from_user+0xfb/0x1b0 [ 1428.461043] __x64_sys_mount+0x282/0x300 [ 1428.461441] ? copy_mnt_ns+0xa00/0xa00 [ 1428.461832] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1428.462363] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1428.462893] do_syscall_64+0x33/0x40 [ 1428.463271] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1428.463785] RIP: 0033:0x7f0d74438b19 [ 1428.464233] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1428.466027] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1428.466785] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1428.467487] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1428.468204] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1428.468919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1428.469627] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1428.484383] FAULT_INJECTION: forcing a failure. [ 1428.484383] name failslab, interval 1, probability 0, space 0, times 0 [ 1428.485589] CPU: 1 PID: 17893 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1428.486295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1428.487123] Call Trace: [ 1428.487387] dump_stack+0x107/0x167 [ 1428.487756] should_fail.cold+0x5/0xa [ 1428.488144] ? __kernfs_new_node+0xd4/0x860 [ 1428.488581] should_failslab+0x5/0x20 [ 1428.488962] kmem_cache_alloc+0x5b/0x310 [ 1428.489381] __kernfs_new_node+0xd4/0x860 [ 1428.489813] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1428.490295] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1428.490780] ? wait_for_completion_io+0x270/0x270 [ 1428.491268] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1428.491801] kernfs_new_node+0x18d/0x250 [ 1428.492216] __kernfs_create_file+0x51/0x350 [ 1428.492665] sysfs_add_file_mode_ns+0x221/0x560 [ 1428.493156] internal_create_group+0x324/0xb30 [ 1428.493621] ? sysfs_remove_group+0x170/0x170 [ 1428.494072] ? kernfs_name_hash+0xe7/0x110 [ 1428.494505] sysfs_slab_add+0x188/0x200 [ 1428.494909] __kmem_cache_create+0x3db/0x520 [ 1428.495354] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1428.495861] p9_client_create+0xc2b/0x11c0 [ 1428.496304] ? p9_client_flush+0x430/0x430 [ 1428.496727] ? trace_hardirqs_on+0x5b/0x180 [ 1428.496742] ? lockdep_init_map_type+0x2c7/0x780 [ 1428.496760] ? __raw_spin_lock_init+0x36/0x110 [ 1428.496777] v9fs_session_init+0x1dd/0x1680 [ 1428.496798] ? lock_release+0x680/0x680 [ 1428.497934] ? kmem_cache_alloc_trace+0x151/0x320 [ 1428.497951] ? v9fs_show_options+0x690/0x690 [ 1428.497971] ? trace_hardirqs_on+0x5b/0x180 [ 1428.497987] ? kasan_unpoison_shadow+0x33/0x50 [ 1428.498002] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1428.498019] v9fs_mount+0x79/0x8f0 [ 1428.498034] ? v9fs_write_inode+0x60/0x60 [ 1428.498047] legacy_get_tree+0x105/0x220 [ 1428.498061] vfs_get_tree+0x8e/0x300 [ 1428.498073] path_mount+0x1429/0x2120 [ 1428.498089] ? strncpy_from_user+0x9e/0x470 [ 1428.498101] ? finish_automount+0xa90/0xa90 [ 1428.498113] ? getname_flags.part.0+0x1dd/0x4f0 [ 1428.498125] ? _copy_from_user+0xfb/0x1b0 [ 1428.498143] __x64_sys_mount+0x282/0x300 [ 1428.498154] ? copy_mnt_ns+0xa00/0xa00 [ 1428.498171] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1428.498190] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1428.499289] do_syscall_64+0x33/0x40 [ 1428.507848] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1428.508371] RIP: 0033:0x7f0b176ffb19 [ 1428.508743] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1428.510561] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1428.511317] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1428.512028] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1428.512757] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1428.513461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1428.514175] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1428.533504] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1428.534195] CPU: 1 PID: 17893 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1428.534867] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1428.535692] Call Trace: [ 1428.535956] dump_stack+0x107/0x167 [ 1428.536327] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1428.536860] p9_client_create+0xc2b/0x11c0 [ 1428.537297] ? p9_client_flush+0x430/0x430 [ 1428.537718] ? trace_hardirqs_on+0x5b/0x180 [ 1428.538158] ? lockdep_init_map_type+0x2c7/0x780 [ 1428.538640] ? __raw_spin_lock_init+0x36/0x110 [ 1428.539101] v9fs_session_init+0x1dd/0x1680 [ 1428.539539] ? lock_release+0x680/0x680 [ 1428.539952] ? kmem_cache_alloc_trace+0x151/0x320 [ 1428.540437] ? v9fs_show_options+0x690/0x690 [ 1428.540900] ? trace_hardirqs_on+0x5b/0x180 [ 1428.541353] ? kasan_unpoison_shadow+0x33/0x50 [ 1428.541813] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1428.542332] v9fs_mount+0x79/0x8f0 [ 1428.542699] ? v9fs_write_inode+0x60/0x60 [ 1428.543127] legacy_get_tree+0x105/0x220 [ 1428.543545] vfs_get_tree+0x8e/0x300 [ 1428.543921] path_mount+0x1429/0x2120 04:56:27 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1428.544307] ? strncpy_from_user+0x9e/0x470 [ 1428.544935] ? finish_automount+0xa90/0xa90 [ 1428.545374] ? getname_flags.part.0+0x1dd/0x4f0 [ 1428.545848] ? _copy_from_user+0xfb/0x1b0 [ 1428.546275] __x64_sys_mount+0x282/0x300 [ 1428.546672] ? copy_mnt_ns+0xa00/0xa00 [ 1428.547079] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1428.547590] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1428.548104] do_syscall_64+0x33/0x40 [ 1428.548467] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1428.548968] RIP: 0033:0x7f0b176ffb19 [ 1428.549332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1428.551142] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1428.551887] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1428.552590] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1428.553278] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1428.553981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1428.554668] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:27 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) write(r2, &(0x7f0000000240)="e95746a6c95efe6165d127f759798b6048cff01919b023deaed46b0b6264b7fad9873edd169ab9b653ce3a03ec35a6b35c09dd12217c11237248d260662c02b1e2c33a91590914bafb29d4728b7bc0a73871be2eda1cb609bcb0", 0x5a) sendfile(r1, r2, 0x0, 0xffe3) pipe2(&(0x7f00000002c0), 0x80000) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000100), 0x40800, 0x0) bind$inet(r3, &(0x7f0000000180)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRES64=r3, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYRES16]) [ 1428.581530] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:56:27 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:41 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:41 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x22, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:41 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:41 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) openat(0xffffffffffffffff, &(0x7f0000000100)='./file1\x00', 0x20080, 0x80) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="7472616e733d66642c7266270eac84", @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:56:41 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:41 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 64) 04:56:41 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:41 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 34) [ 1442.804712] FAULT_INJECTION: forcing a failure. [ 1442.804712] name failslab, interval 1, probability 0, space 0, times 0 [ 1442.806876] CPU: 0 PID: 18016 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1442.808097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1442.809578] Call Trace: [ 1442.810064] dump_stack+0x107/0x167 [ 1442.810715] should_fail.cold+0x5/0xa [ 1442.811389] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1442.812310] should_failslab+0x5/0x20 [ 1442.812980] kmem_cache_alloc+0x5b/0x310 [ 1442.813699] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1442.814604] p9_client_rpc+0x220/0x1370 [ 1442.815300] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1442.816215] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1442.817141] ? pipe_poll+0x21b/0x7f0 [ 1442.817787] ? p9_fd_close+0x4a0/0x4a0 [ 1442.818477] ? anon_pipe_buf_release+0x280/0x280 [ 1442.819314] ? p9_fd_poll+0x1e0/0x2c0 [ 1442.819995] ? p9_fd_create+0x357/0x4a0 [ 1442.820705] ? p9_conn_create+0x510/0x510 [ 1442.821422] ? p9_client_create+0x798/0x11c0 [ 1442.822200] ? kfree+0xd7/0x340 [ 1442.822783] ? do_raw_spin_unlock+0x4f/0x220 [ 1442.823511] p9_client_create+0xa76/0x11c0 [ 1442.824149] ? p9_client_flush+0x430/0x430 [ 1442.824771] ? trace_hardirqs_on+0x5b/0x180 [ 1442.825414] ? lockdep_init_map_type+0x2c7/0x780 [ 1442.826126] ? __raw_spin_lock_init+0x36/0x110 [ 1442.826812] v9fs_session_init+0x1dd/0x1680 [ 1442.827447] ? lock_release+0x680/0x680 [ 1442.828044] ? kmem_cache_alloc_trace+0x151/0x320 [ 1442.828750] ? v9fs_show_options+0x690/0x690 [ 1442.829397] ? trace_hardirqs_on+0x5b/0x180 [ 1442.830046] ? kasan_unpoison_shadow+0x33/0x50 [ 1442.830722] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1442.831482] v9fs_mount+0x79/0x8f0 [ 1442.832012] ? v9fs_write_inode+0x60/0x60 [ 1442.832626] legacy_get_tree+0x105/0x220 [ 1442.833228] vfs_get_tree+0x8e/0x300 [ 1442.833781] path_mount+0x1429/0x2120 [ 1442.834366] ? strncpy_from_user+0x9e/0x470 [ 1442.835005] ? finish_automount+0xa90/0xa90 [ 1442.835638] ? getname_flags.part.0+0x1dd/0x4f0 [ 1442.836319] ? _copy_from_user+0xfb/0x1b0 [ 1442.836931] __x64_sys_mount+0x282/0x300 [ 1442.837527] ? copy_mnt_ns+0xa00/0xa00 [ 1442.838111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1442.838880] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1442.839637] do_syscall_64+0x33/0x40 [ 1442.840185] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1442.840936] RIP: 0033:0x7f0d74438b19 [ 1442.841483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1442.844200] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1442.844221] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1442.844231] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1442.844242] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1442.844252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1442.844263] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1442.864895] 9pnet: Insufficient options for proto=fd 04:56:41 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1442.881528] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:56:42 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:42 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 35) 04:56:42 executing program 2: ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, &(0x7f0000000280)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(r5, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f0000000100)=0x1, 0x2) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB=',wfdKo=', @ANYRESHEX=r1, @ANYBLOB=',\x00']) [ 1442.925518] FAULT_INJECTION: forcing a failure. [ 1442.925518] name failslab, interval 1, probability 0, space 0, times 0 [ 1442.927250] CPU: 0 PID: 18023 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1442.928265] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1442.929487] Call Trace: [ 1442.929883] dump_stack+0x107/0x167 [ 1442.930427] should_fail.cold+0x5/0xa [ 1442.930992] ? create_object.isra.0+0x3a/0xa20 [ 1442.931672] should_failslab+0x5/0x20 [ 1442.932246] kmem_cache_alloc+0x5b/0x310 [ 1442.932854] create_object.isra.0+0x3a/0xa20 [ 1442.933515] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1442.934282] kmem_cache_alloc+0x159/0x310 [ 1442.934906] __kernfs_new_node+0xd4/0x860 [ 1442.935536] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1442.936271] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1442.936993] ? wait_for_completion_io+0x270/0x270 [ 1442.937716] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1442.938514] kernfs_new_node+0x18d/0x250 [ 1442.939119] __kernfs_create_file+0x51/0x350 [ 1442.939775] sysfs_add_file_mode_ns+0x221/0x560 [ 1442.940474] internal_create_group+0x324/0xb30 [ 1442.941159] ? sysfs_remove_group+0x170/0x170 [ 1442.941822] ? kernfs_name_hash+0xe7/0x110 [ 1442.942462] ? kernfs_find_ns+0x256/0x380 [ 1442.943089] sysfs_slab_add+0x188/0x200 [ 1442.943680] __kmem_cache_create+0x3db/0x520 [ 1442.944334] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1442.945081] p9_client_create+0xc2b/0x11c0 [ 1442.945715] ? p9_client_flush+0x430/0x430 [ 1442.946348] ? trace_hardirqs_on+0x5b/0x180 [ 1442.946990] ? lockdep_init_map_type+0x2c7/0x780 [ 1442.947697] ? __raw_spin_lock_init+0x36/0x110 [ 1442.948374] v9fs_session_init+0x1dd/0x1680 [ 1442.949023] ? kmem_cache_alloc_trace+0x151/0x320 [ 1442.949739] ? v9fs_show_options+0x690/0x690 [ 1442.950408] ? trace_hardirqs_on+0x5b/0x180 04:56:42 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1442.951049] ? kasan_unpoison_shadow+0x33/0x50 [ 1442.951812] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1442.952562] v9fs_mount+0x79/0x8f0 [ 1442.953094] ? v9fs_write_inode+0x60/0x60 [ 1442.953704] legacy_get_tree+0x105/0x220 [ 1442.954319] vfs_get_tree+0x8e/0x300 [ 1442.954867] path_mount+0x1429/0x2120 [ 1442.955435] ? strncpy_from_user+0x9e/0x470 [ 1442.956067] ? finish_automount+0xa90/0xa90 [ 1442.956703] ? getname_flags.part.0+0x1dd/0x4f0 [ 1442.957385] ? _copy_from_user+0xfb/0x1b0 [ 1442.958008] __x64_sys_mount+0x282/0x300 [ 1442.958619] ? copy_mnt_ns+0xa00/0xa00 [ 1442.959200] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1442.959970] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1442.960732] do_syscall_64+0x33/0x40 [ 1442.961280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1442.962037] RIP: 0033:0x7f0b176ffb19 [ 1442.962590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1442.965266] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1442.966390] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1442.967429] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1442.968467] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1442.969534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1442.970595] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:42 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1443.014277] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:56:42 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:56:42 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 1443.037671] FAULT_INJECTION: forcing a failure. [ 1443.037671] name failslab, interval 1, probability 0, space 0, times 0 [ 1443.038637] CPU: 1 PID: 18137 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1443.039218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1443.039931] Call Trace: [ 1443.040166] dump_stack+0x107/0x167 [ 1443.040493] should_fail.cold+0x5/0xa [ 1443.040816] ? create_object.isra.0+0x3a/0xa20 [ 1443.041197] should_failslab+0x5/0x20 [ 1443.041519] kmem_cache_alloc+0x5b/0x310 [ 1443.041858] create_object.isra.0+0x3a/0xa20 [ 1443.042220] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1443.042629] kmem_cache_alloc+0x159/0x310 [ 1443.042988] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1443.043416] p9_client_rpc+0x220/0x1370 [ 1443.043755] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1443.044194] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1443.044627] ? pipe_poll+0x21b/0x7f0 [ 1443.044935] ? p9_fd_close+0x4a0/0x4a0 [ 1443.045258] ? anon_pipe_buf_release+0x280/0x280 [ 1443.045652] ? p9_fd_poll+0x1e0/0x2c0 [ 1443.045980] ? p9_fd_create+0x357/0x4a0 [ 1443.046312] ? p9_conn_create+0x510/0x510 [ 1443.046652] ? p9_client_create+0x798/0x11c0 [ 1443.047021] ? kfree+0xd7/0x340 [ 1443.047304] ? do_raw_spin_unlock+0x4f/0x220 [ 1443.047672] p9_client_create+0xa76/0x11c0 [ 1443.048021] ? p9_client_flush+0x430/0x430 [ 1443.048367] ? trace_hardirqs_on+0x5b/0x180 [ 1443.048722] ? lockdep_init_map_type+0x2c7/0x780 [ 1443.049123] ? __raw_spin_lock_init+0x36/0x110 [ 1443.049504] v9fs_session_init+0x1dd/0x1680 [ 1443.049859] ? lock_release+0x680/0x680 [ 1443.050192] ? kmem_cache_alloc_trace+0x151/0x320 [ 1443.050582] ? v9fs_show_options+0x690/0x690 [ 1443.050957] ? trace_hardirqs_on+0x5b/0x180 [ 1443.051319] ? kasan_unpoison_shadow+0x33/0x50 [ 1443.051693] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1443.052112] v9fs_mount+0x79/0x8f0 [ 1443.052406] ? v9fs_write_inode+0x60/0x60 [ 1443.052746] legacy_get_tree+0x105/0x220 [ 1443.053079] vfs_get_tree+0x8e/0x300 [ 1443.053390] path_mount+0x1429/0x2120 [ 1443.053712] ? strncpy_from_user+0x9e/0x470 [ 1443.054082] ? finish_automount+0xa90/0xa90 [ 1443.054431] ? getname_flags.part.0+0x1dd/0x4f0 [ 1443.054818] ? _copy_from_user+0xfb/0x1b0 [ 1443.055158] __x64_sys_mount+0x282/0x300 [ 1443.055503] ? copy_mnt_ns+0xa00/0xa00 [ 1443.055844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1443.056279] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1443.056695] do_syscall_64+0x33/0x40 [ 1443.056997] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1443.057413] RIP: 0033:0x7f0d74438b19 [ 1443.057719] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1443.059219] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1443.059847] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1443.060423] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1443.061008] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1443.061590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1443.062188] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:56:42 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x2c, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:42 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280), 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1443.108447] 9pnet: Insufficient options for proto=fd [ 1443.126990] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:56:42 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:42 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) 04:56:42 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='tran{=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',\x00']) [ 1456.437066] FAULT_INJECTION: forcing a failure. [ 1456.437066] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.438183] CPU: 0 PID: 18267 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1456.438791] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1456.439508] Call Trace: [ 1456.439749] dump_stack+0x107/0x167 [ 1456.440071] should_fail.cold+0x5/0xa [ 1456.440416] ? p9_fcall_init+0x97/0x290 [ 1456.440775] should_failslab+0x5/0x20 [ 1456.441111] __kmalloc+0x72/0x390 [ 1456.441428] p9_fcall_init+0x97/0x290 [ 1456.441768] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1456.442230] p9_client_rpc+0x220/0x1370 [ 1456.442587] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.443052] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1456.443815] ? pipe_poll+0x21b/0x7f0 [ 1456.444160] ? p9_fd_close+0x4a0/0x4a0 [ 1456.444495] ? anon_pipe_buf_release+0x280/0x280 [ 1456.444934] ? p9_fd_poll+0x1e0/0x2c0 [ 1456.445287] ? p9_fd_create+0x357/0x4a0 [ 1456.445638] ? p9_conn_create+0x510/0x510 [ 1456.446008] ? p9_client_create+0x798/0x11c0 [ 1456.446401] ? kfree+0xd7/0x340 [ 1456.446690] ? do_raw_spin_unlock+0x4f/0x220 [ 1456.447083] p9_client_create+0xa76/0x11c0 [ 1456.447454] ? p9_client_flush+0x430/0x430 [ 1456.447820] ? trace_hardirqs_on+0x5b/0x180 [ 1456.448201] ? lockdep_init_map_type+0x2c7/0x780 [ 1456.448616] ? __raw_spin_lock_init+0x36/0x110 [ 1456.449022] v9fs_session_init+0x1dd/0x1680 [ 1456.449400] ? lock_release+0x680/0x680 [ 1456.449752] ? asm_sysvec_call_function_single+0x12/0x20 [ 1456.450231] ? trace_hardirqs_on+0x5b/0x180 [ 1456.450605] ? v9fs_show_options+0x690/0x690 [ 1456.450996] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 1456.451434] ? kasan_unpoison_shadow+0x33/0x50 [ 1456.451848] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1456.452315] v9fs_mount+0x79/0x8f0 [ 1456.452645] ? v9fs_write_inode+0x60/0x60 [ 1456.453027] legacy_get_tree+0x105/0x220 [ 1456.453382] vfs_get_tree+0x8e/0x300 [ 1456.453727] path_mount+0x1429/0x2120 [ 1456.454080] ? strncpy_from_user+0x9e/0x470 [ 1456.454465] ? finish_automount+0xa90/0xa90 [ 1456.454857] ? getname_flags.part.0+0x1dd/0x4f0 [ 1456.455280] ? _copy_from_user+0xfb/0x1b0 [ 1456.455665] __x64_sys_mount+0x282/0x300 [ 1456.456031] ? copy_mnt_ns+0xa00/0xa00 [ 1456.456379] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.456854] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1456.457310] do_syscall_64+0x33/0x40 [ 1456.457635] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1456.458081] RIP: 0033:0x7f0d74438b19 [ 1456.458417] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1456.458439] 9pnet: Insufficient options for proto=fd [ 1456.459985] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1456.459999] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1456.460006] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1456.460013] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1456.460030] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1456.463897] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1456.464060] FAULT_INJECTION: forcing a failure. 04:56:55 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 65) 04:56:55 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) 04:56:55 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280), 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:55 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x22, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:56:55 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) r0 = syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) io_setup(0x80, &(0x7f0000000100)=0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r4, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r4, r5, 0x0, 0xffe3) io_submit(r3, 0x2, &(0x7f0000000380)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x6, 0x6, r4, &(0x7f0000000240)="339bdc12ba2b11d1f775901070c66063de40d29954304c435a19cc731d1ef4700a55b1a2adc6742da0fb37ba16ca4f7883cbb9d0f6bca2ff5632a8dbf6ecb8eee9faf32dc50fcf42bed1999bfd0f927c0d2d5c9eff92f1893cebe39909a7388962908f4a6f0144132f63636ab459d1f92ac55a31b6ef5863a5d5a3c517315f2f2c2e772b8cd7c09852db3e16923dd8f951ddfbbda427d2a2d6b765d1a888bf8959a6e033ac930f6809a02e74b479289f0b77b7515d3c67fb06904bf6c31134fee96f", 0xc2, 0xed, 0x0, 0x1, r1}, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x3646, r0, &(0x7f0000000440)="4aa3a4687f0cc66dcd30afefb84b8f442f34230a2b40b755a31cce68033bc01521efdc3340db8c2f02907d1cd97b1322a949eb07ebef8ce740da46aa5ec3b5d0f82dffbfee13392c0268a462f15c6310d67ab2c4a306f93df31af3a1784e64d11df2de78a988812544ee4dcb75511aff04e3d9b0403fd294f5ab625a92834af3a4a3ddd4e65f02649f142793c6349b8d3e3e12cb77b43bbc1937529218cfd534e86b1a1fcfb64e14077bd6f58850e972456d9894b9478c7f2967a0e54d222be720690f137167", 0xc6, 0x80000001, 0x0, 0x0, r2}]) r6 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r6, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r6, r7, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB="2c77664c6e6f3db86ec9c85633f5f30172ad975e7f92f08e46283f9f564c1217f56e63db418cab22599d31aeb5b62b762410e70ecbf8918b5df18c12ecea8918c38c6df5e649e8ed6b26bc0a1ebf6969dbd22ae77cd52345555ed87191885d86010807", @ANYRESHEX=r2, @ANYBLOB=',\x00']) 04:56:55 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:55 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 36) 04:56:55 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1456.464060] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.466446] CPU: 1 PID: 18275 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1456.467432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1456.468603] Call Trace: [ 1456.468994] dump_stack+0x107/0x167 [ 1456.469534] should_fail.cold+0x5/0xa [ 1456.470092] ? __kernfs_new_node+0xd4/0x860 [ 1456.470744] should_failslab+0x5/0x20 [ 1456.471313] kmem_cache_alloc+0x5b/0x310 [ 1456.471909] __kernfs_new_node+0xd4/0x860 [ 1456.472512] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1456.473224] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1456.473921] ? wait_for_completion_io+0x270/0x270 [ 1456.474646] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1456.475427] kernfs_new_node+0x18d/0x250 [ 1456.476039] __kernfs_create_file+0x51/0x350 [ 1456.476702] sysfs_add_file_mode_ns+0x221/0x560 [ 1456.477385] internal_create_group+0x324/0xb30 [ 1456.478056] ? sysfs_remove_group+0x170/0x170 [ 1456.478700] ? kernfs_name_hash+0xe7/0x110 [ 1456.479317] ? kernfs_find_ns+0x256/0x380 [ 1456.479936] sysfs_slab_add+0x188/0x200 [ 1456.480516] __kmem_cache_create+0x3db/0x520 [ 1456.481164] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1456.481900] p9_client_create+0xc2b/0x11c0 [ 1456.482532] ? p9_client_flush+0x430/0x430 [ 1456.483150] ? trace_hardirqs_on+0x5b/0x180 [ 1456.483782] ? lockdep_init_map_type+0x2c7/0x780 [ 1456.484473] ? __raw_spin_lock_init+0x36/0x110 [ 1456.485145] v9fs_session_init+0x1dd/0x1680 [ 1456.485772] ? lock_release+0x680/0x680 [ 1456.486359] ? kmem_cache_alloc_trace+0x151/0x320 [ 1456.487056] ? v9fs_show_options+0x690/0x690 [ 1456.487700] ? trace_hardirqs_on+0x5b/0x180 [ 1456.488331] ? kasan_unpoison_shadow+0x33/0x50 [ 1456.488991] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1456.489730] v9fs_mount+0x79/0x8f0 [ 1456.490258] ? v9fs_write_inode+0x60/0x60 [ 1456.490868] legacy_get_tree+0x105/0x220 [ 1456.491460] vfs_get_tree+0x8e/0x300 [ 1456.491999] path_mount+0x1429/0x2120 [ 1456.492559] ? strncpy_from_user+0x9e/0x470 [ 1456.493185] ? finish_automount+0xa90/0xa90 [ 1456.493808] ? getname_flags.part.0+0x1dd/0x4f0 [ 1456.494485] ? _copy_from_user+0xfb/0x1b0 [ 1456.495092] __x64_sys_mount+0x282/0x300 [ 1456.495678] ? copy_mnt_ns+0xa00/0xa00 [ 1456.496247] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.497015] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1456.497764] do_syscall_64+0x33/0x40 [ 1456.498314] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1456.499054] RIP: 0033:0x7f0b176ffb19 [ 1456.499592] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1456.502230] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1456.503327] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1456.504353] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1456.505378] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1456.506408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1456.507438] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:56:55 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}}) 04:56:55 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:56:55 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 37) [ 1456.553563] FAULT_INJECTION: forcing a failure. [ 1456.553563] name failslab, interval 1, probability 0, space 0, times 0 [ 1456.554578] CPU: 0 PID: 18303 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1456.555163] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1456.555857] Call Trace: [ 1456.556087] dump_stack+0x107/0x167 [ 1456.556399] should_fail.cold+0x5/0xa [ 1456.556733] ? create_object.isra.0+0x3a/0xa20 [ 1456.557128] should_failslab+0x5/0x20 [ 1456.557448] kmem_cache_alloc+0x5b/0x310 [ 1456.557796] create_object.isra.0+0x3a/0xa20 [ 1456.558178] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1456.558618] __kmalloc+0x16e/0x390 [ 1456.558927] p9_fcall_init+0x97/0x290 [ 1456.559255] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1456.559693] p9_client_rpc+0x220/0x1370 [ 1456.560045] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.560487] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1456.560548] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1456.560935] ? pipe_poll+0x21b/0x7f0 [ 1456.560946] ? p9_fd_close+0x4a0/0x4a0 [ 1456.560957] ? anon_pipe_buf_release+0x280/0x280 [ 1456.560969] ? p9_fd_poll+0x1e0/0x2c0 [ 1456.560983] ? p9_fd_create+0x357/0x4a0 [ 1456.561002] ? p9_conn_create+0x510/0x510 [ 1456.564246] ? p9_client_create+0x798/0x11c0 [ 1456.564618] ? kfree+0xd7/0x340 [ 1456.564901] ? do_raw_spin_unlock+0x4f/0x220 [ 1456.565282] p9_client_create+0xa76/0x11c0 [ 1456.565651] ? p9_client_flush+0x430/0x430 [ 1456.566025] ? trace_hardirqs_on+0x5b/0x180 [ 1456.566405] ? lockdep_init_map_type+0x2c7/0x780 [ 1456.566805] ? __raw_spin_lock_init+0x36/0x110 [ 1456.567207] v9fs_session_init+0x1dd/0x1680 [ 1456.567570] ? lock_release+0x680/0x680 [ 1456.567907] ? kmem_cache_alloc_trace+0x151/0x320 [ 1456.568329] ? v9fs_show_options+0x690/0x690 [ 1456.568704] ? trace_hardirqs_on+0x5b/0x180 [ 1456.569078] ? kasan_unpoison_shadow+0x33/0x50 [ 1456.569463] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1456.569894] v9fs_mount+0x79/0x8f0 [ 1456.570197] ? v9fs_write_inode+0x60/0x60 [ 1456.570558] legacy_get_tree+0x105/0x220 [ 1456.570921] vfs_get_tree+0x8e/0x300 [ 1456.571231] path_mount+0x1429/0x2120 [ 1456.571559] ? strncpy_from_user+0x9e/0x470 [ 1456.571918] ? finish_automount+0xa90/0xa90 [ 1456.572287] ? getname_flags.part.0+0x1dd/0x4f0 [ 1456.572681] ? _copy_from_user+0xfb/0x1b0 [ 1456.573034] __x64_sys_mount+0x282/0x300 [ 1456.573370] ? copy_mnt_ns+0xa00/0xa00 [ 1456.573699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.574139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1456.574581] do_syscall_64+0x33/0x40 [ 1456.574894] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1456.575322] RIP: 0033:0x7f0d74438b19 [ 1456.575633] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1456.577173] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1456.577805] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1456.578412] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1456.579005] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1456.579607] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1456.580204] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1456.585245] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1456.586014] CPU: 0 PID: 18275 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1456.586606] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1456.587298] Call Trace: [ 1456.587524] dump_stack+0x107/0x167 [ 1456.587839] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1456.588280] p9_client_create+0xc2b/0x11c0 [ 1456.588639] ? p9_client_flush+0x430/0x430 [ 1456.588994] ? trace_hardirqs_on+0x5b/0x180 [ 1456.589356] ? lockdep_init_map_type+0x2c7/0x780 [ 1456.589758] ? __raw_spin_lock_init+0x36/0x110 [ 1456.590153] v9fs_session_init+0x1dd/0x1680 [ 1456.590525] ? lock_release+0x680/0x680 [ 1456.590868] ? kmem_cache_alloc_trace+0x151/0x320 [ 1456.591272] ? v9fs_show_options+0x690/0x690 [ 1456.591649] ? trace_hardirqs_on+0x5b/0x180 [ 1456.592015] ? kasan_unpoison_shadow+0x33/0x50 [ 1456.592400] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1456.592822] v9fs_mount+0x79/0x8f0 [ 1456.593126] ? v9fs_write_inode+0x60/0x60 [ 1456.593471] legacy_get_tree+0x105/0x220 [ 1456.593810] vfs_get_tree+0x8e/0x300 [ 1456.594119] path_mount+0x1429/0x2120 [ 1456.594448] ? strncpy_from_user+0x9e/0x470 [ 1456.594809] ? finish_automount+0xa90/0xa90 [ 1456.595177] ? getname_flags.part.0+0x1dd/0x4f0 [ 1456.595564] ? _copy_from_user+0xfb/0x1b0 [ 1456.595913] __x64_sys_mount+0x282/0x300 [ 1456.596257] ? copy_mnt_ns+0xa00/0xa00 [ 1456.596589] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1456.597024] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1456.597454] do_syscall_64+0x33/0x40 [ 1456.597770] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1456.598206] RIP: 0033:0x7f0b176ffb19 [ 1456.598519] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1456.600041] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1456.600670] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1456.601260] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1456.601850] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1456.602448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1456.603040] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1456.634206] 9pnet: Insufficient options for proto=fd 04:56:55 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280), 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:56:55 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x80000) fstatfs(r1, &(0x7f0000000200)=""/236) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r2, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r3, @ANYBLOB="1a5172b6aef8d890efe24bbd4687e0914b73dc273d55611efc2ec3d5ed3999f1eca5522b0c47ea6f2f512633ca0db3efb3e91b6cb04425f7ba18d17ed01d19192eef8caa5f80059149e03d69fd208f32a8d1263b8d0bfd9a43b8add8f069524b239af7e323e4efe80537f7d47f9de1952761f00275dc6c9ae9647d3e76d4d2ef5bb82995a34d3d8d74cdfb9a188f3b860425cba990fb607633edb10b4907dfe871ceec534fa85403a7659365fe8e1047de0b9b709b4e96", @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:56:55 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x22, r0}, 0x2c, {[{@version_u}]}}) 04:56:55 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}}) 04:56:55 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1456.722835] 9pnet: Insufficient options for proto=fd [ 1456.765109] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1456.813063] 9pnet: Insufficient options for proto=fd [ 1472.547091] FAULT_INJECTION: forcing a failure. [ 1472.547091] name failslab, interval 1, probability 0, space 0, times 0 [ 1472.548540] CPU: 1 PID: 18511 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1472.549180] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1472.549933] Call Trace: [ 1472.550198] dump_stack+0x107/0x167 [ 1472.550563] should_fail.cold+0x5/0xa [ 1472.550930] ? create_object.isra.0+0x3a/0xa20 [ 1472.551377] should_failslab+0x5/0x20 [ 1472.551750] kmem_cache_alloc+0x5b/0x310 [ 1472.552191] create_object.isra.0+0x3a/0xa20 [ 1472.552633] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.553171] kmem_cache_alloc+0x159/0x310 [ 1472.553596] __kernfs_new_node+0xd4/0x860 [ 1472.554050] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1472.554508] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1472.554920] ? wait_for_completion_io+0x270/0x270 [ 1472.555326] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1472.555767] kernfs_new_node+0x18d/0x250 [ 1472.556117] __kernfs_create_file+0x51/0x350 [ 1472.556489] sysfs_add_file_mode_ns+0x221/0x560 [ 1472.556892] internal_create_group+0x324/0xb30 [ 1472.557278] ? sysfs_remove_group+0x170/0x170 [ 1472.557653] ? kernfs_name_hash+0xe7/0x110 [ 1472.558012] ? kernfs_find_ns+0x256/0x380 [ 1472.558362] sysfs_slab_add+0x188/0x200 [ 1472.558703] __kmem_cache_create+0x3db/0x520 [ 1472.559083] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1472.559505] p9_client_create+0xc2b/0x11c0 [ 1472.559862] ? p9_client_flush+0x430/0x430 [ 1472.560224] ? trace_hardirqs_on+0x5b/0x180 [ 1472.560567] ? lockdep_init_map_type+0x2c7/0x780 [ 1472.560970] ? __raw_spin_lock_init+0x36/0x110 [ 1472.561326] v9fs_session_init+0x1dd/0x1680 [ 1472.561687] ? lock_release+0x680/0x680 [ 1472.562002] ? kmem_cache_alloc_trace+0x151/0x320 [ 1472.562412] ? v9fs_show_options+0x690/0x690 [ 1472.562752] ? trace_hardirqs_on+0x5b/0x180 [ 1472.563115] ? kasan_unpoison_shadow+0x33/0x50 [ 1472.563468] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.563892] v9fs_mount+0x79/0x8f0 [ 1472.564171] ? v9fs_write_inode+0x60/0x60 [ 1472.564520] legacy_get_tree+0x105/0x220 [ 1472.564836] vfs_get_tree+0x8e/0x300 [ 1472.565150] path_mount+0x1429/0x2120 [ 1472.565481] ? strncpy_from_user+0x9e/0x470 [ 1472.565842] ? finish_automount+0xa90/0xa90 [ 1472.566176] ? getname_flags.part.0+0x1dd/0x4f0 [ 1472.566581] ? _copy_from_user+0xfb/0x1b0 [ 1472.566945] __x64_sys_mount+0x282/0x300 [ 1472.567257] ? copy_mnt_ns+0xa00/0xa00 [ 1472.567586] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.567988] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1472.568419] do_syscall_64+0x33/0x40 [ 1472.568710] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1472.569135] RIP: 0033:0x7f0b176ffb19 [ 1472.569428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1472.570783] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1472.571357] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1472.571889] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1472.572417] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1472.572950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1472.573490] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:57:11 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 66) 04:57:11 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 38) 04:57:11 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:57:11 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x2c, r0}, 0x2c, {[{@version_u}]}}) 04:57:11 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB="2c7766648d89be", @ANYRESHEX=r0, @ANYBLOB=',\x00']) 04:57:11 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:11 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r2}}) 04:57:11 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0}, 0x4008040) [ 1472.585748] FAULT_INJECTION: forcing a failure. [ 1472.585748] name failslab, interval 1, probability 0, space 0, times 0 [ 1472.586680] CPU: 1 PID: 18526 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1472.587183] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1472.587843] Call Trace: [ 1472.588041] dump_stack+0x107/0x167 [ 1472.588335] should_fail.cold+0x5/0xa [ 1472.588622] ? create_object.isra.0+0x3a/0xa20 [ 1472.588996] should_failslab+0x5/0x20 [ 1472.589280] kmem_cache_alloc+0x5b/0x310 [ 1472.589586] create_object.isra.0+0x3a/0xa20 [ 1472.589911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.590329] __kmalloc+0x16e/0x390 [ 1472.590609] p9_fcall_init+0x97/0x290 [ 1472.590894] p9_client_prepare_req.part.0+0x8c/0xac0 [ 1472.591307] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.591699] p9_client_rpc+0x220/0x1370 [ 1472.592025] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.592426] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1472.592862] ? pipe_poll+0x21b/0x7f0 [ 1472.593142] ? p9_fd_close+0x4a0/0x4a0 [ 1472.593462] ? anon_pipe_buf_release+0x280/0x280 [ 1472.593815] ? p9_fd_poll+0x1e0/0x2c0 [ 1472.594133] ? p9_fd_create+0x357/0x4a0 [ 1472.594438] ? p9_conn_create+0x510/0x510 [ 1472.594776] ? p9_client_create+0x798/0x11c0 [ 1472.595104] ? kfree+0xd7/0x340 [ 1472.595373] ? do_raw_spin_unlock+0x4f/0x220 [ 1472.595702] p9_client_create+0xa76/0x11c0 [ 1472.596052] ? p9_client_flush+0x430/0x430 [ 1472.596370] ? trace_hardirqs_on+0x5b/0x180 [ 1472.596727] ? lockdep_init_map_type+0x2c7/0x780 [ 1472.597082] ? __raw_spin_lock_init+0x36/0x110 [ 1472.597463] v9fs_session_init+0x1dd/0x1680 [ 1472.597784] ? lock_release+0x680/0x680 [ 1472.598115] ? kmem_cache_alloc_trace+0x151/0x320 [ 1472.598475] ? v9fs_show_options+0x690/0x690 [ 1472.598839] ? trace_hardirqs_on+0x5b/0x180 [ 1472.599163] ? kasan_unpoison_shadow+0x33/0x50 [ 1472.599541] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.599918] v9fs_mount+0x79/0x8f0 [ 1472.600211] ? v9fs_write_inode+0x60/0x60 [ 1472.600527] legacy_get_tree+0x105/0x220 [ 1472.600856] vfs_get_tree+0x8e/0x300 [ 1472.601135] path_mount+0x1429/0x2120 [ 1472.601451] ? strncpy_from_user+0x9e/0x470 [ 1472.601771] ? finish_automount+0xa90/0xa90 [ 1472.602125] ? getname_flags.part.0+0x1dd/0x4f0 [ 1472.602476] ? _copy_from_user+0xfb/0x1b0 [ 1472.602819] __x64_sys_mount+0x282/0x300 [ 1472.603122] ? copy_mnt_ns+0xa00/0xa00 [ 1472.603442] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.603830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1472.604252] do_syscall_64+0x33/0x40 [ 1472.604531] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1472.604946] RIP: 0033:0x7f0d74438b19 [ 1472.605246] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1472.605263] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1472.608562] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1472.608576] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1472.610143] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1472.610157] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1472.611731] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1472.614762] 9pnet: Insufficient options for proto=fd 04:57:11 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x440, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = perf_event_open(0x0, 0x0, 0xfeffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r2, 0x0) perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x1f, 0x6, 0x7, 0x9, 0x0, 0x7f, 0x681, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x5, 0x0, @perf_bp={&(0x7f0000000100), 0x8}, 0x20, 0x5, 0x7, 0x5, 0x2, 0x4, 0x0, 0x0, 0x5, 0x0, 0x4a6}, 0x0, 0xffffffffffffffff, r2, 0xa) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) sendfile(r1, r3, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1472.650142] 9pnet: Insufficient options for proto=fd 04:57:11 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}}) [ 1472.714963] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:11 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 39) [ 1472.789548] FAULT_INJECTION: forcing a failure. [ 1472.789548] name failslab, interval 1, probability 0, space 0, times 0 [ 1472.790589] CPU: 1 PID: 18636 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1472.791145] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1472.791749] Call Trace: [ 1472.791968] dump_stack+0x107/0x167 [ 1472.792261] should_fail.cold+0x5/0xa [ 1472.792577] ? p9_fcall_init+0x97/0x290 [ 1472.792885] should_failslab+0x5/0x20 [ 1472.793195] __kmalloc+0x72/0x390 [ 1472.793284] 9pnet: Insufficient options for proto=fd [ 1472.793476] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.793488] p9_fcall_init+0x97/0x290 [ 1472.793507] p9_client_prepare_req.part.0+0xf4/0xac0 [ 1472.795437] p9_client_rpc+0x220/0x1370 [ 1472.795764] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.796191] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1472.796625] ? pipe_poll+0x21b/0x7f0 [ 1472.796925] ? p9_fd_close+0x4a0/0x4a0 [ 1472.797244] ? anon_pipe_buf_release+0x280/0x280 [ 1472.797625] ? p9_fd_poll+0x1e0/0x2c0 [ 1472.797942] ? p9_fd_create+0x357/0x4a0 [ 1472.798267] ? p9_conn_create+0x510/0x510 [ 1472.798611] ? p9_client_create+0x798/0x11c0 [ 1472.798966] ? kfree+0xd7/0x340 [ 1472.799238] ? do_raw_spin_unlock+0x4f/0x220 [ 1472.799594] p9_client_create+0xa76/0x11c0 [ 1472.799943] ? p9_client_flush+0x430/0x430 [ 1472.800288] ? trace_hardirqs_on+0x5b/0x180 [ 1472.800634] ? lockdep_init_map_type+0x2c7/0x780 [ 1472.801023] ? __raw_spin_lock_init+0x36/0x110 [ 1472.801400] v9fs_session_init+0x1dd/0x1680 [ 1472.801752] ? lock_release+0x680/0x680 [ 1472.802074] ? kmem_cache_alloc_trace+0x151/0x320 [ 1472.802468] ? v9fs_show_options+0x690/0x690 [ 1472.802826] ? trace_hardirqs_on+0x5b/0x180 [ 1472.803177] ? kasan_unpoison_shadow+0x33/0x50 [ 1472.803545] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1472.803959] v9fs_mount+0x79/0x8f0 [ 1472.804248] ? v9fs_write_inode+0x60/0x60 [ 1472.804589] legacy_get_tree+0x105/0x220 [ 1472.804921] vfs_get_tree+0x8e/0x300 [ 1472.805225] path_mount+0x1429/0x2120 [ 1472.805534] ? strncpy_from_user+0x9e/0x470 [ 1472.805886] ? finish_automount+0xa90/0xa90 [ 1472.806233] ? getname_flags.part.0+0x1dd/0x4f0 [ 1472.806620] ? _copy_from_user+0xfb/0x1b0 [ 1472.806957] __x64_sys_mount+0x282/0x300 [ 1472.807290] ? copy_mnt_ns+0xa00/0xa00 [ 1472.807604] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1472.808038] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1472.808454] do_syscall_64+0x33/0x40 [ 1472.808755] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1472.809167] RIP: 0033:0x7f0d74438b19 [ 1472.809472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1472.810931] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1472.811542] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1472.812108] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1472.812671] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1472.813238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1472.813806] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:57:25 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 67) 04:57:25 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:25 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/meminfo\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0xffe3) ioctl$sock_inet_udp_SIOCINQ(r3, 0x541b, &(0x7f0000000240)) sendfile(r1, r2, 0x0, 0xffe3) r5 = syz_open_dev$sg(&(0x7f0000000100), 0x0, 0x60200) ioctl$SG_GET_KEEP_ORPHAN(r5, 0x2288, &(0x7f0000000180)) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) socket$inet(0x2, 0x80000, 0x2) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) [ 1486.292466] FAULT_INJECTION: forcing a failure. [ 1486.292466] name failslab, interval 1, probability 0, space 0, times 0 [ 1486.294190] CPU: 1 PID: 18646 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1486.295213] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1486.296412] Call Trace: [ 1486.296805] dump_stack+0x107/0x167 [ 1486.297350] should_fail.cold+0x5/0xa [ 1486.297913] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1486.298781] should_failslab+0x5/0x20 [ 1486.299345] kmem_cache_alloc+0x5b/0x310 04:57:25 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:57:25 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0}, 0x4008040) 04:57:25 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x22, {[{@version_u}]}}) 04:57:25 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 40) 04:57:25 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}}) [ 1486.299967] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1486.301015] idr_get_free+0x4b5/0x8f0 [ 1486.301586] idr_alloc_u32+0x170/0x2d0 [ 1486.302161] ? __fprop_inc_percpu_max+0x130/0x130 [ 1486.302881] ? lock_acquire+0x197/0x470 [ 1486.303462] ? __kernfs_new_node+0xff/0x860 [ 1486.304101] idr_alloc_cyclic+0x102/0x230 [ 1486.304706] ? idr_alloc+0x130/0x130 [ 1486.305021] 9pnet: Insufficient options for proto=fd [ 1486.305251] ? rwlock_bug.part.0+0x90/0x90 [ 1486.305286] __kernfs_new_node+0x117/0x860 [ 1486.306955] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1486.307667] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1486.308398] ? wait_for_completion_io+0x270/0x270 [ 1486.309130] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1486.309935] kernfs_new_node+0x18d/0x250 [ 1486.310565] __kernfs_create_file+0x51/0x350 [ 1486.311224] sysfs_add_file_mode_ns+0x221/0x560 [ 1486.311920] internal_create_group+0x324/0xb30 [ 1486.312605] ? sysfs_remove_group+0x170/0x170 [ 1486.313273] ? kernfs_name_hash+0xe7/0x110 [ 1486.313904] ? kernfs_find_ns+0x256/0x380 [ 1486.314530] sysfs_slab_add+0x188/0x200 [ 1486.315124] __kmem_cache_create+0x3db/0x520 [ 1486.315783] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1486.316526] p9_client_create+0xc2b/0x11c0 [ 1486.317159] ? p9_client_flush+0x430/0x430 [ 1486.317786] ? trace_hardirqs_on+0x5b/0x180 [ 1486.318425] ? lockdep_init_map_type+0x2c7/0x780 [ 1486.319137] ? __raw_spin_lock_init+0x36/0x110 [ 1486.319812] v9fs_session_init+0x1dd/0x1680 [ 1486.320445] ? lock_release+0x680/0x680 [ 1486.321042] ? kmem_cache_alloc_trace+0x151/0x320 [ 1486.321750] ? v9fs_show_options+0x690/0x690 [ 1486.322403] ? trace_hardirqs_on+0x5b/0x180 [ 1486.323053] ? kasan_unpoison_shadow+0x33/0x50 [ 1486.323725] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1486.324474] v9fs_mount+0x79/0x8f0 [ 1486.325004] ? v9fs_write_inode+0x60/0x60 [ 1486.325620] legacy_get_tree+0x105/0x220 [ 1486.326223] vfs_get_tree+0x8e/0x300 [ 1486.326785] path_mount+0x1429/0x2120 [ 1486.327355] ? strncpy_from_user+0x9e/0x470 [ 1486.327992] ? finish_automount+0xa90/0xa90 [ 1486.328622] ? getname_flags.part.0+0x1dd/0x4f0 [ 1486.329305] ? _copy_from_user+0xfb/0x1b0 [ 1486.329924] __x64_sys_mount+0x282/0x300 [ 1486.330528] ? copy_mnt_ns+0xa00/0xa00 [ 1486.331109] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1486.331870] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1486.332627] do_syscall_64+0x33/0x40 [ 1486.333174] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1486.333924] RIP: 0033:0x7f0b176ffb19 [ 1486.334475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1486.337133] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1486.338243] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1486.339289] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1486.340317] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1486.341354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1486.342382] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1486.399290] FAULT_INJECTION: forcing a failure. [ 1486.399290] name failslab, interval 1, probability 0, space 0, times 0 [ 1486.400911] CPU: 1 PID: 18762 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1486.401883] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1486.403070] Call Trace: [ 1486.403451] dump_stack+0x107/0x167 [ 1486.403974] should_fail.cold+0x5/0xa [ 1486.404527] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1486.405351] should_failslab+0x5/0x20 [ 1486.405894] kmem_cache_alloc+0x5b/0x310 [ 1486.406479] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1486.407281] idr_get_free+0x4b5/0x8f0 [ 1486.407847] idr_alloc_u32+0x170/0x2d0 [ 1486.408407] ? __fprop_inc_percpu_max+0x130/0x130 [ 1486.409124] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1486.409888] ? lock_release+0x680/0x680 [ 1486.410461] idr_alloc+0xc2/0x130 [ 1486.410982] ? idr_alloc_u32+0x2d0/0x2d0 [ 1486.411561] ? rwlock_bug.part.0+0x90/0x90 [ 1486.412176] p9_client_prepare_req.part.0+0x612/0xac0 [ 1486.412935] p9_client_rpc+0x220/0x1370 [ 1486.413508] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1486.414266] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1486.415032] ? pipe_poll+0x21b/0x7f0 [ 1486.415563] ? p9_fd_close+0x4a0/0x4a0 [ 1486.416115] ? anon_pipe_buf_release+0x280/0x280 [ 1486.416809] ? p9_fd_poll+0x1e0/0x2c0 [ 1486.417359] ? p9_fd_create+0x357/0x4a0 [ 1486.417926] ? p9_conn_create+0x510/0x510 [ 1486.418519] ? p9_client_create+0x798/0x11c0 [ 1486.419165] ? kfree+0xd7/0x340 [ 1486.419637] ? do_raw_spin_unlock+0x4f/0x220 [ 1486.420275] p9_client_create+0xa76/0x11c0 [ 1486.420893] ? p9_client_flush+0x430/0x430 [ 1486.421503] ? trace_hardirqs_on+0x5b/0x180 [ 1486.422126] ? lockdep_init_map_type+0x2c7/0x780 [ 1486.422814] ? __raw_spin_lock_init+0x36/0x110 [ 1486.423472] v9fs_session_init+0x1dd/0x1680 [ 1486.424091] ? lock_release+0x680/0x680 [ 1486.424663] ? kmem_cache_alloc_trace+0x151/0x320 [ 1486.425352] ? v9fs_show_options+0x690/0x690 [ 1486.425995] ? trace_hardirqs_on+0x5b/0x180 [ 1486.426622] ? kasan_unpoison_shadow+0x33/0x50 [ 1486.427278] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1486.428008] v9fs_mount+0x79/0x8f0 [ 1486.428520] ? v9fs_write_inode+0x60/0x60 [ 1486.429118] legacy_get_tree+0x105/0x220 [ 1486.429695] vfs_get_tree+0x8e/0x300 [ 1486.430238] path_mount+0x1429/0x2120 [ 1486.430811] ? strncpy_from_user+0x9e/0x470 [ 1486.431425] ? finish_automount+0xa90/0xa90 [ 1486.432062] ? getname_flags.part.0+0x1dd/0x4f0 [ 1486.432739] ? _copy_from_user+0xfb/0x1b0 [ 1486.433360] __x64_sys_mount+0x282/0x300 [ 1486.433959] ? copy_mnt_ns+0xa00/0xa00 [ 1486.434540] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1486.435307] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1486.436071] do_syscall_64+0x33/0x40 [ 1486.436618] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1486.437370] RIP: 0033:0x7f0d74438b19 [ 1486.437925] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1486.440599] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1486.441708] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1486.442757] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1486.443798] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1486.444843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1486.445888] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1486.462499] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:37 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 41) [ 1498.606967] FAULT_INJECTION: forcing a failure. [ 1498.606967] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.608783] CPU: 1 PID: 18782 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1498.610187] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1498.611497] Call Trace: [ 1498.611908] dump_stack+0x107/0x167 [ 1498.612458] should_fail.cold+0x5/0xa [ 1498.613059] ? create_object.isra.0+0x3a/0xa20 [ 1498.613740] should_failslab+0x5/0x20 [ 1498.614303] kmem_cache_alloc+0x5b/0x310 [ 1498.614951] create_object.isra.0+0x3a/0xa20 [ 1498.615597] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.616372] kmem_cache_alloc+0x159/0x310 [ 1498.617013] __kernfs_new_node+0xd4/0x860 [ 1498.617651] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1498.618378] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1498.619103] ? wait_for_completion_io+0x270/0x270 [ 1498.619822] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1498.620594] kernfs_new_node+0x18d/0x250 04:57:37 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}}) 04:57:37 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u, 0x22}]}}) 04:57:37 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0}, 0x4008040) 04:57:37 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 68) 04:57:37 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 04:57:37 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:37 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1498.621290] __kernfs_create_file+0x51/0x350 [ 1498.622075] sysfs_add_file_mode_ns+0x221/0x560 [ 1498.622775] internal_create_group+0x324/0xb30 [ 1498.623456] ? sysfs_remove_group+0x170/0x170 [ 1498.624133] ? kernfs_name_hash+0xe7/0x110 [ 1498.624777] ? kernfs_find_ns+0x256/0x380 [ 1498.625414] sysfs_slab_add+0x188/0x200 [ 1498.625443] __kmem_cache_create+0x3db/0x520 [ 1498.626700] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1498.627469] p9_client_create+0xc2b/0x11c0 [ 1498.628117] ? p9_client_flush+0x430/0x430 [ 1498.628647] FAULT_INJECTION: forcing a failure. [ 1498.628647] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.628754] ? trace_hardirqs_on+0x5b/0x180 [ 1498.630968] ? lockdep_init_map_type+0x2c7/0x780 [ 1498.631674] ? __raw_spin_lock_init+0x36/0x110 [ 1498.632358] v9fs_session_init+0x1dd/0x1680 [ 1498.633001] ? lock_release+0x680/0x680 [ 1498.633594] ? kmem_cache_alloc_trace+0x151/0x320 [ 1498.634304] ? v9fs_show_options+0x690/0x690 [ 1498.634967] ? trace_hardirqs_on+0x5b/0x180 [ 1498.635608] ? kasan_unpoison_shadow+0x33/0x50 [ 1498.636285] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.637035] v9fs_mount+0x79/0x8f0 [ 1498.637566] ? v9fs_write_inode+0x60/0x60 [ 1498.638179] legacy_get_tree+0x105/0x220 [ 1498.638794] vfs_get_tree+0x8e/0x300 [ 1498.639344] path_mount+0x1429/0x2120 [ 1498.639909] ? strncpy_from_user+0x9e/0x470 [ 1498.640543] ? finish_automount+0xa90/0xa90 [ 1498.641184] ? getname_flags.part.0+0x1dd/0x4f0 [ 1498.641870] ? _copy_from_user+0xfb/0x1b0 [ 1498.642490] __x64_sys_mount+0x282/0x300 [ 1498.643090] ? copy_mnt_ns+0xa00/0xa00 [ 1498.643668] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1498.644435] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1498.645196] do_syscall_64+0x33/0x40 [ 1498.645744] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1498.646491] RIP: 0033:0x7f0b176ffb19 [ 1498.647045] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1498.649701] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1498.650824] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1498.651858] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1498.652896] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1498.653932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1498.654978] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1498.656051] CPU: 0 PID: 18791 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1498.657092] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1498.658309] Call Trace: [ 1498.658732] dump_stack+0x107/0x167 [ 1498.659289] should_fail.cold+0x5/0xa [ 1498.659869] ? create_object.isra.0+0x3a/0xa20 [ 1498.660557] should_failslab+0x5/0x20 [ 1498.661138] kmem_cache_alloc+0x5b/0x310 [ 1498.661744] create_object.isra.0+0x3a/0xa20 [ 1498.662404] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.663157] kmem_cache_alloc+0x159/0x310 [ 1498.663796] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1498.664636] idr_get_free+0x4b5/0x8f0 [ 1498.665227] idr_alloc_u32+0x170/0x2d0 [ 1498.665822] ? __fprop_inc_percpu_max+0x130/0x130 [ 1498.666554] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1498.667379] ? lock_release+0x680/0x680 [ 1498.667980] idr_alloc+0xc2/0x130 [ 1498.668514] ? idr_alloc_u32+0x2d0/0x2d0 [ 1498.669132] ? rwlock_bug.part.0+0x90/0x90 [ 1498.669780] p9_client_prepare_req.part.0+0x612/0xac0 [ 1498.670549] p9_client_rpc+0x220/0x1370 [ 1498.671159] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1498.671937] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1498.672749] ? pipe_poll+0x21b/0x7f0 [ 1498.673309] ? p9_fd_close+0x4a0/0x4a0 [ 1498.673903] ? anon_pipe_buf_release+0x280/0x280 [ 1498.674624] ? p9_fd_poll+0x1e0/0x2c0 [ 1498.675204] ? p9_fd_create+0x357/0x4a0 [ 1498.675791] ? p9_conn_create+0x510/0x510 [ 1498.676401] ? p9_client_create+0x798/0x11c0 [ 1498.677050] ? kfree+0xd7/0x340 [ 1498.677536] ? do_raw_spin_unlock+0x4f/0x220 [ 1498.678204] p9_client_create+0xa76/0x11c0 [ 1498.678842] ? p9_client_flush+0x430/0x430 [ 1498.679465] ? trace_hardirqs_on+0x5b/0x180 [ 1498.680105] ? lockdep_init_map_type+0x2c7/0x780 [ 1498.680808] ? __raw_spin_lock_init+0x36/0x110 [ 1498.681489] v9fs_session_init+0x1dd/0x1680 [ 1498.682152] ? lock_release+0x680/0x680 [ 1498.682760] ? kmem_cache_alloc_trace+0x151/0x320 [ 1498.683466] ? v9fs_show_options+0x690/0x690 [ 1498.684120] ? trace_hardirqs_on+0x5b/0x180 [ 1498.684763] ? kasan_unpoison_shadow+0x33/0x50 [ 1498.685433] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.686188] v9fs_mount+0x79/0x8f0 [ 1498.686725] ? v9fs_write_inode+0x60/0x60 [ 1498.687341] legacy_get_tree+0x105/0x220 [ 1498.687941] vfs_get_tree+0x8e/0x300 [ 1498.688491] path_mount+0x1429/0x2120 [ 1498.689060] ? strncpy_from_user+0x9e/0x470 [ 1498.689691] ? finish_automount+0xa90/0xa90 [ 1498.690340] ? getname_flags.part.0+0x1dd/0x4f0 [ 1498.691047] ? _copy_from_user+0xfb/0x1b0 [ 1498.691667] __x64_sys_mount+0x282/0x300 [ 1498.692283] ? copy_mnt_ns+0xa00/0xa00 [ 1498.692879] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1498.693666] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1498.694452] do_syscall_64+0x33/0x40 [ 1498.695020] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1498.695785] RIP: 0033:0x7f0d74438b19 [ 1498.696355] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1498.699109] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1498.700253] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1498.701315] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1498.702361] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1498.703430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1498.704464] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1498.714449] 9pnet: Unknown protocol version 9p2000.u" [ 1498.715321] 9pnet: Insufficient options for proto=fd [ 1498.751113] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:37 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0, 0x1e8}}, 0x4008040) 04:57:37 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}]}}) 04:57:38 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 69) [ 1498.944636] FAULT_INJECTION: forcing a failure. [ 1498.944636] name failslab, interval 1, probability 0, space 0, times 0 [ 1498.946354] CPU: 1 PID: 18902 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1498.947372] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1498.948569] Call Trace: [ 1498.948962] dump_stack+0x107/0x167 [ 1498.949502] should_fail.cold+0x5/0xa [ 1498.950063] ? create_object.isra.0+0x3a/0xa20 [ 1498.950740] should_failslab+0x5/0x20 [ 1498.951299] kmem_cache_alloc+0x5b/0x310 [ 1498.951899] create_object.isra.0+0x3a/0xa20 [ 1498.952546] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.953290] kmem_cache_alloc+0x159/0x310 04:57:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1498.953908] __kernfs_new_node+0xd4/0x860 [ 1498.954713] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1498.955489] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1498.956193] ? wait_for_completion_io+0x270/0x270 [ 1498.956903] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1498.957674] kernfs_new_node+0x18d/0x250 [ 1498.958269] __kernfs_create_file+0x51/0x350 [ 1498.958926] sysfs_add_file_mode_ns+0x221/0x560 [ 1498.959612] internal_create_group+0x324/0xb30 [ 1498.960284] ? sysfs_remove_group+0x170/0x170 [ 1498.960942] ? kernfs_name_hash+0xe7/0x110 [ 1498.961581] sysfs_slab_add+0x188/0x200 [ 1498.962172] __kmem_cache_create+0x3db/0x520 [ 1498.962824] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1498.963562] p9_client_create+0xc2b/0x11c0 [ 1498.964191] ? p9_client_flush+0x430/0x430 [ 1498.964809] ? trace_hardirqs_on+0x5b/0x180 [ 1498.965443] ? lockdep_init_map_type+0x2c7/0x780 [ 1498.966139] ? __raw_spin_lock_init+0x36/0x110 [ 1498.966817] v9fs_session_init+0x1dd/0x1680 [ 1498.967467] ? lock_release+0x680/0x680 [ 1498.968082] ? kmem_cache_alloc_trace+0x151/0x320 [ 1498.968826] ? v9fs_show_options+0x690/0x690 [ 1498.969622] ? trace_hardirqs_on+0x5b/0x180 [ 1498.970295] ? kasan_unpoison_shadow+0x33/0x50 [ 1498.971004] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1498.971787] v9fs_mount+0x79/0x8f0 [ 1498.972339] ? v9fs_write_inode+0x60/0x60 [ 1498.972973] legacy_get_tree+0x105/0x220 [ 1498.973589] vfs_get_tree+0x8e/0x300 [ 1498.974160] path_mount+0x1429/0x2120 [ 1498.974755] ? strncpy_from_user+0x9e/0x470 [ 1498.975413] ? finish_automount+0xa90/0xa90 [ 1498.976075] ? getname_flags.part.0+0x1dd/0x4f0 [ 1498.976782] ? _copy_from_user+0xfb/0x1b0 [ 1498.977420] __x64_sys_mount+0x282/0x300 [ 1498.978034] ? copy_mnt_ns+0xa00/0xa00 [ 1498.978629] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1498.979425] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1498.980214] do_syscall_64+0x33/0x40 [ 1498.980777] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1498.981557] RIP: 0033:0x7f0b176ffb19 [ 1498.982124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 04:57:38 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) socket$inet6_udplite(0xa, 0x2, 0x88) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1498.984906] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1498.986200] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1498.987249] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1498.988287] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1498.989329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1498.990369] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:57:38 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1499.031397] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:38 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0, 0x1e8}}, 0x4008040) 04:57:38 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:57:38 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 42) [ 1499.200127] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:38 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 70) [ 1499.238802] FAULT_INJECTION: forcing a failure. [ 1499.238802] name failslab, interval 1, probability 0, space 0, times 0 [ 1499.240516] CPU: 0 PID: 18915 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1499.241553] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1499.242791] Call Trace: [ 1499.243198] dump_stack+0x107/0x167 [ 1499.243760] should_fail.cold+0x5/0xa [ 1499.244329] ? create_object.isra.0+0x3a/0xa20 [ 1499.245006] should_failslab+0x5/0x20 [ 1499.245569] kmem_cache_alloc+0x5b/0x310 [ 1499.246189] create_object.isra.0+0x3a/0xa20 [ 1499.246847] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1499.247607] kmem_cache_alloc+0x159/0x310 [ 1499.248245] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1499.249091] idr_get_free+0x4b5/0x8f0 [ 1499.249667] idr_alloc_u32+0x170/0x2d0 [ 1499.250248] ? __fprop_inc_percpu_max+0x130/0x130 [ 1499.250980] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1499.251778] ? lock_release+0x680/0x680 [ 1499.252367] idr_alloc+0xc2/0x130 [ 1499.252879] ? idr_alloc_u32+0x2d0/0x2d0 [ 1499.253474] ? rwlock_bug.part.0+0x90/0x90 [ 1499.254111] p9_client_prepare_req.part.0+0x612/0xac0 [ 1499.254884] p9_client_rpc+0x220/0x1370 [ 1499.255482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1499.256255] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1499.257046] ? pipe_poll+0x21b/0x7f0 [ 1499.257603] ? p9_fd_close+0x4a0/0x4a0 [ 1499.258177] ? anon_pipe_buf_release+0x280/0x280 [ 1499.258882] ? p9_fd_poll+0x1e0/0x2c0 [ 1499.259453] ? p9_fd_create+0x357/0x4a0 [ 1499.260044] ? p9_conn_create+0x510/0x510 [ 1499.260652] ? p9_client_create+0x798/0x11c0 [ 1499.261296] ? kfree+0xd7/0x340 [ 1499.261785] ? do_raw_spin_unlock+0x4f/0x220 [ 1499.262442] p9_client_create+0xa76/0x11c0 [ 1499.263088] ? p9_client_flush+0x430/0x430 [ 1499.263723] ? trace_hardirqs_on+0x5b/0x180 [ 1499.264370] ? lockdep_init_map_type+0x2c7/0x780 [ 1499.265069] ? __raw_spin_lock_init+0x36/0x110 [ 1499.265745] v9fs_session_init+0x1dd/0x1680 [ 1499.266376] ? lock_release+0x680/0x680 [ 1499.266987] ? kmem_cache_alloc_trace+0x151/0x320 [ 1499.267700] ? v9fs_show_options+0x690/0x690 [ 1499.268367] ? trace_hardirqs_on+0x5b/0x180 [ 1499.269004] ? kasan_unpoison_shadow+0x33/0x50 [ 1499.269676] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1499.270422] v9fs_mount+0x79/0x8f0 [ 1499.270957] ? v9fs_write_inode+0x60/0x60 [ 1499.271563] legacy_get_tree+0x105/0x220 [ 1499.272172] vfs_get_tree+0x8e/0x300 [ 1499.272720] path_mount+0x1429/0x2120 [ 1499.273290] ? strncpy_from_user+0x9e/0x470 [ 1499.273923] ? finish_automount+0xa90/0xa90 [ 1499.274560] ? getname_flags.part.0+0x1dd/0x4f0 [ 1499.275277] ? _copy_from_user+0xfb/0x1b0 [ 1499.275906] __x64_sys_mount+0x282/0x300 [ 1499.276498] ? copy_mnt_ns+0xa00/0xa00 [ 1499.277087] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1499.277858] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1499.278617] do_syscall_64+0x33/0x40 [ 1499.279184] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1499.279940] RIP: 0033:0x7f0d74438b19 [ 1499.280483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1499.283192] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1499.284309] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1499.285363] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1499.286411] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1499.287468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1499.288514] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:57:38 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={0x0, 0x1e8}}, 0x4008040) 04:57:38 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="0100000001000000180000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1499.379596] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:38 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;'], 0x1e8}}, 0x4008040) [ 1499.478834] FAULT_INJECTION: forcing a failure. [ 1499.478834] name failslab, interval 1, probability 0, space 0, times 0 [ 1499.480503] CPU: 1 PID: 18919 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1499.481513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1499.482714] Call Trace: [ 1499.483108] dump_stack+0x107/0x167 [ 1499.483638] should_fail.cold+0x5/0xa [ 1499.484201] ? __kernfs_new_node+0xd4/0x860 [ 1499.484835] should_failslab+0x5/0x20 [ 1499.485395] kmem_cache_alloc+0x5b/0x310 [ 1499.485995] __kernfs_new_node+0xd4/0x860 [ 1499.486607] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1499.487314] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1499.488009] ? wait_for_completion_io+0x270/0x270 [ 1499.488718] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1499.489492] kernfs_new_node+0x18d/0x250 [ 1499.490099] __kernfs_create_file+0x51/0x350 [ 1499.490750] sysfs_add_file_mode_ns+0x221/0x560 [ 1499.491439] internal_create_group+0x324/0xb30 [ 1499.492119] ? sysfs_remove_group+0x170/0x170 [ 1499.492776] ? kernfs_name_hash+0xe7/0x110 [ 1499.493399] ? kernfs_find_ns+0x256/0x380 [ 1499.494014] sysfs_slab_add+0x188/0x200 [ 1499.494593] __kmem_cache_create+0x3db/0x520 [ 1499.495253] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1499.495989] p9_client_create+0xc2b/0x11c0 [ 1499.496618] ? p9_client_flush+0x430/0x430 [ 1499.497243] ? trace_hardirqs_on+0x5b/0x180 [ 1499.497881] ? lockdep_init_map_type+0x2c7/0x780 [ 1499.498582] ? __raw_spin_lock_init+0x36/0x110 [ 1499.499270] v9fs_session_init+0x1dd/0x1680 [ 1499.499902] ? lock_release+0x680/0x680 [ 1499.500494] ? kmem_cache_alloc_trace+0x151/0x320 [ 1499.501200] ? v9fs_show_options+0x690/0x690 [ 1499.501841] ? trace_hardirqs_on+0x5b/0x180 [ 1499.502472] ? kasan_unpoison_shadow+0x33/0x50 [ 1499.503132] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1499.503879] v9fs_mount+0x79/0x8f0 [ 1499.504393] ? v9fs_write_inode+0x60/0x60 [ 1499.505000] legacy_get_tree+0x105/0x220 [ 1499.505581] vfs_get_tree+0x8e/0x300 [ 1499.506129] path_mount+0x1429/0x2120 [ 1499.506688] ? strncpy_from_user+0x9e/0x470 [ 1499.507321] ? finish_automount+0xa90/0xa90 [ 1499.507951] ? getname_flags.part.0+0x1dd/0x4f0 [ 1499.508627] ? _copy_from_user+0xfb/0x1b0 [ 1499.509243] __x64_sys_mount+0x282/0x300 [ 1499.509834] ? copy_mnt_ns+0xa00/0xa00 [ 1499.510407] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1499.511182] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1499.511938] do_syscall_64+0x33/0x40 [ 1499.512482] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1499.513226] RIP: 0033:0x7f0b176ffb19 [ 1499.513772] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1499.516430] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1499.517534] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1499.518566] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1499.519599] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1499.520630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1499.521659] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1499.543474] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1499.544521] CPU: 0 PID: 18919 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1499.545554] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1499.546794] Call Trace: [ 1499.547199] dump_stack+0x107/0x167 [ 1499.547748] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1499.548552] p9_client_create+0xc2b/0x11c0 [ 1499.549194] ? p9_client_flush+0x430/0x430 [ 1499.549821] ? trace_hardirqs_on+0x5b/0x180 [ 1499.550467] ? lockdep_init_map_type+0x2c7/0x780 [ 1499.551188] ? __raw_spin_lock_init+0x36/0x110 [ 1499.551867] v9fs_session_init+0x1dd/0x1680 [ 1499.552500] ? lock_release+0x680/0x680 [ 1499.553092] ? kmem_cache_alloc_trace+0x151/0x320 [ 1499.553784] ? v9fs_show_options+0x690/0x690 [ 1499.554439] ? trace_hardirqs_on+0x5b/0x180 [ 1499.555069] ? kasan_unpoison_shadow+0x33/0x50 [ 1499.555737] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1499.556495] v9fs_mount+0x79/0x8f0 [ 1499.557033] ? v9fs_write_inode+0x60/0x60 [ 1499.557642] legacy_get_tree+0x105/0x220 [ 1499.558243] vfs_get_tree+0x8e/0x300 [ 1499.558802] path_mount+0x1429/0x2120 [ 1499.559385] ? strncpy_from_user+0x9e/0x470 [ 1499.560039] ? finish_automount+0xa90/0xa90 [ 1499.560673] ? getname_flags.part.0+0x1dd/0x4f0 [ 1499.561380] ? _copy_from_user+0xfb/0x1b0 [ 1499.561992] __x64_sys_mount+0x282/0x300 [ 1499.562581] ? copy_mnt_ns+0xa00/0xa00 [ 1499.563163] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1499.563927] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1499.564674] do_syscall_64+0x33/0x40 [ 1499.565232] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1499.565990] RIP: 0033:0x7f0b176ffb19 [ 1499.566534] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1499.569179] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1499.570283] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1499.571321] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1499.572349] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1499.573376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1499.574406] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1499.622282] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:54 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0x2}}) 04:57:54 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:54 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 43) 04:57:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;'], 0x1e8}}, 0x4008040) 04:57:54 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:57:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:54 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:57:54 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 71) [ 1515.039328] FAULT_INJECTION: forcing a failure. [ 1515.039328] name failslab, interval 1, probability 0, space 0, times 0 [ 1515.041030] CPU: 0 PID: 19043 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1515.042045] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.043267] Call Trace: [ 1515.043666] dump_stack+0x107/0x167 [ 1515.044204] should_fail.cold+0x5/0xa [ 1515.044779] ? __kernfs_new_node+0xd4/0x860 [ 1515.045427] should_failslab+0x5/0x20 [ 1515.045994] kmem_cache_alloc+0x5b/0x310 [ 1515.046605] __kernfs_new_node+0xd4/0x860 [ 1515.047239] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1515.047951] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1515.048673] ? wait_for_completion_io+0x270/0x270 [ 1515.049390] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1515.050170] kernfs_new_node+0x18d/0x250 [ 1515.050777] __kernfs_create_file+0x51/0x350 [ 1515.051440] sysfs_add_file_mode_ns+0x221/0x560 [ 1515.052134] internal_create_group+0x324/0xb30 [ 1515.052813] ? sysfs_remove_group+0x170/0x170 [ 1515.053471] ? kernfs_name_hash+0xe7/0x110 [ 1515.054103] ? kernfs_find_ns+0x256/0x380 [ 1515.054358] FAULT_INJECTION: forcing a failure. [ 1515.054358] name failslab, interval 1, probability 0, space 0, times 0 [ 1515.054727] sysfs_slab_add+0x188/0x200 [ 1515.057261] __kmem_cache_create+0x3db/0x520 [ 1515.057921] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1515.058666] p9_client_create+0xc2b/0x11c0 [ 1515.059313] ? p9_client_flush+0x430/0x430 [ 1515.059940] ? trace_hardirqs_on+0x5b/0x180 [ 1515.060584] ? lockdep_init_map_type+0x2c7/0x780 [ 1515.061289] ? __raw_spin_lock_init+0x36/0x110 [ 1515.061973] v9fs_session_init+0x1dd/0x1680 [ 1515.062613] ? lock_release+0x680/0x680 [ 1515.063223] ? kmem_cache_alloc_trace+0x151/0x320 [ 1515.063935] ? v9fs_show_options+0x690/0x690 [ 1515.064589] ? trace_hardirqs_on+0x5b/0x180 [ 1515.065230] ? kasan_unpoison_shadow+0x33/0x50 [ 1515.065908] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.066667] v9fs_mount+0x79/0x8f0 [ 1515.067204] ? v9fs_write_inode+0x60/0x60 [ 1515.067821] legacy_get_tree+0x105/0x220 [ 1515.068423] vfs_get_tree+0x8e/0x300 [ 1515.068972] path_mount+0x1429/0x2120 [ 1515.069547] ? strncpy_from_user+0x9e/0x470 [ 1515.070184] ? finish_automount+0xa90/0xa90 [ 1515.070818] ? getname_flags.part.0+0x1dd/0x4f0 [ 1515.071511] ? _copy_from_user+0xfb/0x1b0 [ 1515.072132] __x64_sys_mount+0x282/0x300 [ 1515.072730] ? copy_mnt_ns+0xa00/0xa00 [ 1515.073308] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1515.074084] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1515.074855] do_syscall_64+0x33/0x40 [ 1515.075410] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.076166] RIP: 0033:0x7f0b176ffb19 [ 1515.076714] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.079399] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1515.080514] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1515.081558] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1515.082601] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1515.083662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1515.084703] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1515.085779] CPU: 1 PID: 19047 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1515.086817] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.088046] Call Trace: [ 1515.088459] dump_stack+0x107/0x167 [ 1515.088999] should_fail.cold+0x5/0xa [ 1515.089598] ? create_object.isra.0+0x3a/0xa20 [ 1515.090285] should_failslab+0x5/0x20 [ 1515.090866] kmem_cache_alloc+0x5b/0x310 [ 1515.091490] create_object.isra.0+0x3a/0xa20 [ 1515.092139] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.092902] kmem_cache_alloc+0x159/0x310 [ 1515.093553] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1515.094394] idr_get_free+0x4b5/0x8f0 [ 1515.094991] idr_alloc_u32+0x170/0x2d0 [ 1515.095586] ? __fprop_inc_percpu_max+0x130/0x130 [ 1515.096313] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1515.097096] ? lock_release+0x680/0x680 [ 1515.097712] idr_alloc+0xc2/0x130 [ 1515.098226] ? idr_alloc_u32+0x2d0/0x2d0 [ 1515.098855] ? rwlock_bug.part.0+0x90/0x90 [ 1515.099511] p9_client_prepare_req.part.0+0x612/0xac0 [ 1515.100288] p9_client_rpc+0x220/0x1370 [ 1515.100880] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1515.101696] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1515.101957] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1515.102493] ? pipe_poll+0x21b/0x7f0 [ 1515.102517] ? p9_fd_close+0x4a0/0x4a0 [ 1515.104892] ? anon_pipe_buf_release+0x280/0x280 [ 1515.105615] ? p9_fd_poll+0x1e0/0x2c0 [ 1515.106181] ? p9_fd_create+0x357/0x4a0 [ 1515.106775] ? p9_conn_create+0x510/0x510 [ 1515.107411] ? p9_client_create+0x798/0x11c0 [ 1515.108057] ? kfree+0xd7/0x340 [ 1515.108559] ? do_raw_spin_unlock+0x4f/0x220 [ 1515.109208] p9_client_create+0xa76/0x11c0 [ 1515.109866] ? p9_client_flush+0x430/0x430 [ 1515.110499] ? trace_hardirqs_on+0x5b/0x180 [ 1515.111146] ? lockdep_init_map_type+0x2c7/0x780 [ 1515.111862] ? __raw_spin_lock_init+0x36/0x110 [ 1515.112550] v9fs_session_init+0x1dd/0x1680 [ 1515.113181] ? lock_release+0x680/0x680 [ 1515.113801] ? kmem_cache_alloc_trace+0x151/0x320 [ 1515.114523] ? v9fs_show_options+0x690/0x690 [ 1515.115187] ? trace_hardirqs_on+0x5b/0x180 [ 1515.115839] ? kasan_unpoison_shadow+0x33/0x50 [ 1515.116523] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.117281] v9fs_mount+0x79/0x8f0 [ 1515.117814] ? v9fs_write_inode+0x60/0x60 [ 1515.118451] legacy_get_tree+0x105/0x220 [ 1515.119062] vfs_get_tree+0x8e/0x300 [ 1515.119626] path_mount+0x1429/0x2120 [ 1515.120189] ? strncpy_from_user+0x9e/0x470 [ 1515.120836] ? finish_automount+0xa90/0xa90 [ 1515.121480] ? getname_flags.part.0+0x1dd/0x4f0 04:57:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;'], 0x1e8}}, 0x4008040) [ 1515.122158] ? _copy_from_user+0xfb/0x1b0 [ 1515.123026] __x64_sys_mount+0x282/0x300 [ 1515.123505] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1515.123631] ? copy_mnt_ns+0xa00/0xa00 [ 1515.125113] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1515.125882] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1515.126657] do_syscall_64+0x33/0x40 [ 1515.127204] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.127965] RIP: 0033:0x7f0d74438b19 [ 1515.128530] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.131200] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1515.132351] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1515.133401] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1515.134449] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1515.135515] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1515.136561] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1515.137639] CPU: 0 PID: 19043 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1515.138652] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1515.139869] Call Trace: [ 1515.140270] dump_stack+0x107/0x167 [ 1515.140833] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1515.141617] p9_client_create+0xc2b/0x11c0 [ 1515.142251] ? p9_client_flush+0x430/0x430 [ 1515.142883] ? trace_hardirqs_on+0x5b/0x180 [ 1515.143524] ? lockdep_init_map_type+0x2c7/0x780 [ 1515.144220] ? __raw_spin_lock_init+0x36/0x110 [ 1515.144896] v9fs_session_init+0x1dd/0x1680 [ 1515.145538] ? lock_release+0x680/0x680 [ 1515.146131] ? kmem_cache_alloc_trace+0x151/0x320 [ 1515.146847] ? v9fs_show_options+0x690/0x690 [ 1515.147505] ? trace_hardirqs_on+0x5b/0x180 [ 1515.148140] ? kasan_unpoison_shadow+0x33/0x50 [ 1515.148816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1515.149566] v9fs_mount+0x79/0x8f0 [ 1515.150100] ? v9fs_write_inode+0x60/0x60 [ 1515.150711] legacy_get_tree+0x105/0x220 [ 1515.151321] vfs_get_tree+0x8e/0x300 [ 1515.151859] path_mount+0x1429/0x2120 [ 1515.152446] ? strncpy_from_user+0x9e/0x470 [ 1515.153078] ? finish_automount+0xa90/0xa90 [ 1515.153714] ? getname_flags.part.0+0x1dd/0x4f0 [ 1515.154393] ? _copy_from_user+0xfb/0x1b0 [ 1515.155018] __x64_sys_mount+0x282/0x300 [ 1515.155612] ? copy_mnt_ns+0xa00/0xa00 [ 1515.156175] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1515.156942] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1515.157699] do_syscall_64+0x33/0x40 [ 1515.158243] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1515.159003] RIP: 0033:0x7f0b176ffb19 [ 1515.159549] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1515.162124] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1515.163246] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1515.164277] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1515.165314] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1515.166348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1515.167392] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1515.263659] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:57:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYRES32], 0x1e8}}, 0x4008040) 04:57:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:57:54 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) 04:57:54 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1515.447594] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1515.482542] 9pnet: Insufficient options for proto=fd 04:58:09 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 72) 04:58:09 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYRES32], 0x1e8}}, 0x4008040) 04:58:09 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0x7}}) 04:58:09 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:58:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) 04:58:09 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 44) 04:58:09 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:58:09 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbb"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1530.074023] FAULT_INJECTION: forcing a failure. [ 1530.074023] name failslab, interval 1, probability 0, space 0, times 0 [ 1530.075706] CPU: 1 PID: 19182 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1530.076744] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.078003] Call Trace: [ 1530.078413] dump_stack+0x107/0x167 [ 1530.078948] should_fail.cold+0x5/0xa [ 1530.079548] ? create_object.isra.0+0x3a/0xa20 [ 1530.080235] should_failslab+0x5/0x20 [ 1530.080835] kmem_cache_alloc+0x5b/0x310 [ 1530.081460] create_object.isra.0+0x3a/0xa20 [ 1530.082107] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1530.082888] kmem_cache_alloc+0x159/0x310 [ 1530.083546] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1530.083586] 9pnet: Insufficient options for proto=fd [ 1530.084387] idr_get_free+0x4b5/0x8f0 [ 1530.084421] idr_alloc_u32+0x170/0x2d0 [ 1530.084458] ? __fprop_inc_percpu_max+0x130/0x130 [ 1530.087109] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1530.087906] ? lock_release+0x680/0x680 [ 1530.088133] FAULT_INJECTION: forcing a failure. [ 1530.088133] name failslab, interval 1, probability 0, space 0, times 0 [ 1530.088509] idr_alloc+0xc2/0x130 [ 1530.090730] ? idr_alloc_u32+0x2d0/0x2d0 [ 1530.091354] ? rwlock_bug.part.0+0x90/0x90 [ 1530.091994] p9_client_prepare_req.part.0+0x612/0xac0 [ 1530.092771] p9_client_rpc+0x220/0x1370 [ 1530.093369] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1530.094140] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1530.094966] ? pipe_poll+0x21b/0x7f0 [ 1530.095547] ? p9_fd_close+0x4a0/0x4a0 [ 1530.096120] ? anon_pipe_buf_release+0x280/0x280 [ 1530.096833] ? p9_fd_poll+0x1e0/0x2c0 [ 1530.097571] ? p9_fd_create+0x357/0x4a0 [ 1530.098340] ? p9_conn_create+0x510/0x510 [ 1530.099123] ? p9_client_create+0x798/0x11c0 [ 1530.099942] ? kfree+0xd7/0x340 [ 1530.100565] ? do_raw_spin_unlock+0x4f/0x220 [ 1530.101407] p9_client_create+0xa76/0x11c0 [ 1530.102126] ? p9_client_flush+0x430/0x430 [ 1530.102769] ? trace_hardirqs_on+0x5b/0x180 [ 1530.103434] ? lockdep_init_map_type+0x2c7/0x780 [ 1530.104141] ? __raw_spin_lock_init+0x36/0x110 [ 1530.104840] v9fs_session_init+0x1dd/0x1680 [ 1530.105484] ? lock_release+0x680/0x680 [ 1530.106073] ? kmem_cache_alloc_trace+0x151/0x320 [ 1530.106790] ? v9fs_show_options+0x690/0x690 [ 1530.107468] ? trace_hardirqs_on+0x5b/0x180 [ 1530.108103] ? kasan_unpoison_shadow+0x33/0x50 [ 1530.108802] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1530.109565] v9fs_mount+0x79/0x8f0 [ 1530.110094] ? v9fs_write_inode+0x60/0x60 [ 1530.110719] legacy_get_tree+0x105/0x220 [ 1530.111347] vfs_get_tree+0x8e/0x300 [ 1530.111891] path_mount+0x1429/0x2120 [ 1530.112468] ? strncpy_from_user+0x9e/0x470 [ 1530.113100] ? finish_automount+0xa90/0xa90 [ 1530.113756] ? getname_flags.part.0+0x1dd/0x4f0 [ 1530.114450] ? _copy_from_user+0xfb/0x1b0 [ 1530.115077] __x64_sys_mount+0x282/0x300 [ 1530.115680] ? copy_mnt_ns+0xa00/0xa00 [ 1530.116264] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1530.117030] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1530.117800] do_syscall_64+0x33/0x40 [ 1530.118373] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.119128] RIP: 0033:0x7f0d74438b19 [ 1530.119701] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.122385] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1530.123516] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1530.124561] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1530.125601] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1530.126647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1530.127714] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1530.128791] CPU: 0 PID: 19186 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1530.129914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.131238] Call Trace: [ 1530.131668] dump_stack+0x107/0x167 [ 1530.132274] should_fail.cold+0x5/0xa [ 1530.132892] ? __kernfs_new_node+0xd4/0x860 [ 1530.133593] should_failslab+0x5/0x20 [ 1530.134225] kmem_cache_alloc+0x5b/0x310 [ 1530.134890] __kernfs_new_node+0xd4/0x860 [ 1530.135571] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1530.136347] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1530.137138] ? wait_for_completion_io+0x270/0x270 [ 1530.137918] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1530.138758] kernfs_new_node+0x18d/0x250 [ 1530.139438] __kernfs_create_file+0x51/0x350 [ 1530.140154] sysfs_add_file_mode_ns+0x221/0x560 [ 1530.140904] internal_create_group+0x324/0xb30 [ 1530.141647] ? sysfs_remove_group+0x170/0x170 [ 1530.142378] ? kernfs_name_hash+0xe7/0x110 [ 1530.143095] sysfs_slab_add+0x188/0x200 [ 1530.143756] __kmem_cache_create+0x3db/0x520 [ 1530.144466] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1530.145273] p9_client_create+0xc2b/0x11c0 [ 1530.145959] ? p9_client_flush+0x430/0x430 [ 1530.146639] ? trace_hardirqs_on+0x5b/0x180 [ 1530.147363] ? lockdep_init_map_type+0x2c7/0x780 [ 1530.148138] ? __raw_spin_lock_init+0x36/0x110 [ 1530.148888] v9fs_session_init+0x1dd/0x1680 [ 1530.149573] ? lock_release+0x680/0x680 [ 1530.150218] ? kmem_cache_alloc_trace+0x151/0x320 [ 1530.150992] ? v9fs_show_options+0x690/0x690 [ 1530.151702] ? trace_hardirqs_on+0x5b/0x180 [ 1530.152419] ? kasan_unpoison_shadow+0x33/0x50 [ 1530.153163] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1530.153983] v9fs_mount+0x79/0x8f0 [ 1530.154572] ? v9fs_write_inode+0x60/0x60 [ 1530.155266] legacy_get_tree+0x105/0x220 [ 1530.155914] vfs_get_tree+0x8e/0x300 [ 1530.156509] path_mount+0x1429/0x2120 [ 1530.157132] ? strncpy_from_user+0x9e/0x470 [ 1530.157396] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1530.157812] ? finish_automount+0xa90/0xa90 [ 1530.157836] ? getname_flags.part.0+0x1dd/0x4f0 [ 1530.157866] ? _copy_from_user+0xfb/0x1b0 [ 1530.161184] __x64_sys_mount+0x282/0x300 [ 1530.161835] ? copy_mnt_ns+0xa00/0xa00 [ 1530.162462] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1530.163316] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1530.164148] do_syscall_64+0x33/0x40 [ 1530.164744] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.165556] RIP: 0033:0x7f0b176ffb19 [ 1530.166150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.169039] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1530.170243] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1530.171373] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1530.172500] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1530.173628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1530.174753] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1530.197277] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1530.198279] CPU: 1 PID: 19186 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1530.199352] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1530.200920] Call Trace: [ 1530.201420] dump_stack+0x107/0x167 [ 1530.202114] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1530.203114] p9_client_create+0xc2b/0x11c0 [ 1530.203908] ? p9_client_flush+0x430/0x430 [ 1530.204639] ? trace_hardirqs_on+0x5b/0x180 [ 1530.205302] ? lockdep_init_map_type+0x2c7/0x780 [ 1530.206000] ? __raw_spin_lock_init+0x36/0x110 [ 1530.206696] v9fs_session_init+0x1dd/0x1680 [ 1530.207365] ? lock_release+0x680/0x680 [ 1530.207957] ? kmem_cache_alloc_trace+0x151/0x320 [ 1530.208689] ? v9fs_show_options+0x690/0x690 [ 1530.209365] ? trace_hardirqs_on+0x5b/0x180 [ 1530.210001] ? kasan_unpoison_shadow+0x33/0x50 [ 1530.210685] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1530.211465] v9fs_mount+0x79/0x8f0 [ 1530.212015] ? v9fs_write_inode+0x60/0x60 [ 1530.212640] legacy_get_tree+0x105/0x220 [ 1530.213248] vfs_get_tree+0x8e/0x300 [ 1530.213816] path_mount+0x1429/0x2120 [ 1530.214398] ? strncpy_from_user+0x9e/0x470 [ 1530.215042] ? finish_automount+0xa90/0xa90 [ 1530.215688] ? getname_flags.part.0+0x1dd/0x4f0 [ 1530.216398] ? _copy_from_user+0xfb/0x1b0 [ 1530.217021] __x64_sys_mount+0x282/0x300 [ 1530.217643] ? copy_mnt_ns+0xa00/0xa00 [ 1530.218238] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1530.219024] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1530.219796] do_syscall_64+0x33/0x40 04:58:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) [ 1530.220355] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1530.221324] RIP: 0033:0x7f0b176ffb19 [ 1530.221874] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1530.224600] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1530.225741] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1530.226809] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1530.227877] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1530.228922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1530.229966] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:58:09 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYRES32], 0x1e8}}, 0x4008040) [ 1530.293993] 9pnet: Insufficient options for proto=fd 04:58:09 executing program 2: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)) 04:58:09 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_config_ext, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) syz_open_dev$sg(&(0x7f0000000400), 0x0, 0x2001) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000000)={0x2, 0x1, @remote}, 0x10) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'sit0\x00'}) sendfile(r1, r2, 0x0, 0xffe3) setsockopt$inet_tcp_TCP_REPAIR(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000080), 0x4) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB="5ad071dca4aac1846fd9008c67b106429b1c96a0ed00000000000000000019df3ca91ffa60a4c6cf12f25f341d119db3ae3fd5f4f3b4fcdac5f6e44b082f9507125aabf0caac53821b35353277092feda0348d626d"]) [ 1530.356604] 9pnet: Insufficient options for proto=fd 04:58:09 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1530.439170] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:58:23 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0x8}}) 04:58:23 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 1) 04:58:23 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:58:23 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1544.265267] FAULT_INJECTION: forcing a failure. [ 1544.265267] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.266195] CPU: 0 PID: 19309 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1544.266751] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.267415] Call Trace: [ 1544.267638] dump_stack+0x107/0x167 [ 1544.267932] should_fail.cold+0x5/0xa [ 1544.268240] ? create_object.isra.0+0x3a/0xa20 [ 1544.268618] should_failslab+0x5/0x20 [ 1544.268921] kmem_cache_alloc+0x5b/0x310 [ 1544.269255] create_object.isra.0+0x3a/0xa20 [ 1544.269613] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.270022] kmem_cache_alloc+0x159/0x310 [ 1544.270367] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 1544.270828] idr_get_free+0x4b5/0x8f0 [ 1544.271144] idr_alloc_u32+0x170/0x2d0 [ 1544.271475] ? __fprop_inc_percpu_max+0x130/0x130 [ 1544.271879] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 1544.272306] ? lock_release+0x680/0x680 [ 1544.272649] idr_alloc+0xc2/0x130 [ 1544.272943] ? idr_alloc_u32+0x2d0/0x2d0 [ 1544.273276] ? rwlock_bug.part.0+0x90/0x90 [ 1544.273633] p9_client_prepare_req.part.0+0x612/0xac0 [ 1544.274070] p9_client_rpc+0x220/0x1370 [ 1544.274392] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.274814] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1544.275260] ? pipe_poll+0x21b/0x7f0 [ 1544.275560] ? p9_fd_close+0x4a0/0x4a0 [ 1544.275871] ? anon_pipe_buf_release+0x280/0x280 [ 1544.276256] ? p9_fd_poll+0x1e0/0x2c0 [ 1544.276571] ? p9_fd_create+0x357/0x4a0 [ 1544.276897] ? p9_conn_create+0x510/0x510 [ 1544.277227] ? p9_client_create+0x798/0x11c0 [ 1544.277585] ? kfree+0xd7/0x340 [ 1544.277850] ? do_raw_spin_unlock+0x4f/0x220 [ 1544.278210] p9_client_create+0xa76/0x11c0 [ 1544.278556] ? p9_client_flush+0x430/0x430 [ 1544.278905] ? trace_hardirqs_on+0x5b/0x180 [ 1544.279259] ? lockdep_init_map_type+0x2c7/0x780 [ 1544.279644] ? __raw_spin_lock_init+0x36/0x110 [ 1544.280021] v9fs_session_init+0x1dd/0x1680 [ 1544.280368] ? lock_release+0x680/0x680 [ 1544.280693] ? kmem_cache_alloc_trace+0x151/0x320 [ 1544.281080] ? v9fs_show_options+0x690/0x690 [ 1544.281436] ? trace_hardirqs_on+0x5b/0x180 [ 1544.281793] ? kasan_unpoison_shadow+0x33/0x50 [ 1544.282164] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.282578] v9fs_mount+0x79/0x8f0 [ 1544.282870] ? v9fs_write_inode+0x60/0x60 [ 1544.283219] legacy_get_tree+0x105/0x220 [ 1544.283545] vfs_get_tree+0x8e/0x300 [ 1544.283844] path_mount+0x1429/0x2120 [ 1544.284154] ? strncpy_from_user+0x9e/0x470 [ 1544.284499] ? finish_automount+0xa90/0xa90 [ 1544.284854] ? getname_flags.part.0+0x1dd/0x4f0 [ 1544.285226] ? _copy_from_user+0xfb/0x1b0 [ 1544.285564] __x64_sys_mount+0x282/0x300 [ 1544.285902] ? copy_mnt_ns+0xa00/0xa00 [ 1544.286213] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.286641] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.287071] do_syscall_64+0x33/0x40 [ 1544.287395] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.287821] RIP: 0033:0x7f0d74438b19 [ 1544.288129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.289592] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.290208] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1544.290782] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.291366] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.291940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1544.292515] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1544.302193] FAULT_INJECTION: forcing a failure. [ 1544.302193] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.303125] CPU: 0 PID: 19317 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1544.303685] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.304365] Call Trace: [ 1544.304593] dump_stack+0x107/0x167 [ 1544.304906] should_fail.cold+0x5/0xa [ 1544.305218] should_failslab+0x5/0x20 [ 1544.305524] __kmalloc_track_caller+0x79/0x370 [ 1544.305909] ? strndup_user+0x74/0xe0 [ 1544.306240] memdup_user+0x22/0xd0 [ 1544.306539] strndup_user+0x74/0xe0 [ 1544.306843] __x64_sys_mount+0x133/0x300 [ 1544.307195] ? copy_mnt_ns+0xa00/0xa00 [ 1544.307534] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.307982] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.308410] do_syscall_64+0x33/0x40 [ 1544.308718] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.309149] RIP: 0033:0x7ff607b46b19 [ 1544.309459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.310921] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.311563] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1544.312158] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1544.312738] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1544.313327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.313555] FAULT_INJECTION: forcing a failure. [ 1544.313555] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.313904] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 04:58:23 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 73) 04:58:23 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 45) 04:58:23 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 1) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:58:23 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB, @ANYRES32], 0x1e8}}, 0x4008040) [ 1544.317114] CPU: 1 PID: 19316 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1544.318445] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.319813] Call Trace: [ 1544.320252] dump_stack+0x107/0x167 [ 1544.320849] should_fail.cold+0x5/0xa [ 1544.320880] ? __kernfs_new_node+0xd4/0x860 [ 1544.321891] should_failslab+0x5/0x20 [ 1544.322529] kmem_cache_alloc+0x5b/0x310 [ 1544.323216] __kernfs_new_node+0xd4/0x860 [ 1544.323917] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1544.324700] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1544.325225] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1544.325491] ? wait_for_completion_io+0x270/0x270 [ 1544.326956] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1544.327817] kernfs_new_node+0x18d/0x250 [ 1544.327844] __kernfs_create_file+0x51/0x350 [ 1544.328867] sysfs_add_file_mode_ns+0x221/0x560 [ 1544.329611] internal_create_group+0x324/0xb30 [ 1544.330365] ? sysfs_remove_group+0x170/0x170 [ 1544.331072] ? kernfs_name_hash+0xe7/0x110 [ 1544.331774] ? kernfs_find_ns+0x256/0x380 [ 1544.332435] sysfs_slab_add+0x188/0x200 [ 1544.333085] __kmem_cache_create+0x3db/0x520 [ 1544.333783] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1544.334600] p9_client_create+0xc2b/0x11c0 [ 1544.335287] ? p9_client_flush+0x430/0x430 [ 1544.335984] ? trace_hardirqs_on+0x5b/0x180 [ 1544.336693] ? lockdep_init_map_type+0x2c7/0x780 [ 1544.337474] ? __raw_spin_lock_init+0x36/0x110 [ 1544.338233] v9fs_session_init+0x1dd/0x1680 [ 1544.338940] ? lock_release+0x680/0x680 [ 1544.339614] ? kmem_cache_alloc_trace+0x151/0x320 [ 1544.340404] ? v9fs_show_options+0x690/0x690 [ 1544.341133] ? trace_hardirqs_on+0x5b/0x180 [ 1544.341848] ? kasan_unpoison_shadow+0x33/0x50 [ 1544.342602] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.343448] v9fs_mount+0x79/0x8f0 [ 1544.344045] ? v9fs_write_inode+0x60/0x60 [ 1544.344727] legacy_get_tree+0x105/0x220 [ 1544.345395] vfs_get_tree+0x8e/0x300 [ 1544.346006] path_mount+0x1429/0x2120 [ 1544.346619] ? strncpy_from_user+0x9e/0x470 [ 1544.347315] ? finish_automount+0xa90/0xa90 [ 1544.347996] ? getname_flags.part.0+0x1dd/0x4f0 [ 1544.348725] ? _copy_from_user+0xfb/0x1b0 [ 1544.349384] __x64_sys_mount+0x282/0x300 [ 1544.350021] ? copy_mnt_ns+0xa00/0xa00 [ 1544.350645] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.351475] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.352289] do_syscall_64+0x33/0x40 [ 1544.352876] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.353678] RIP: 0033:0x7f0b176ffb19 [ 1544.354262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.357108] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.358275] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1544.359400] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.360512] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.361629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1544.362742] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:58:23 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 2) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1544.377443] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1544.393515] FAULT_INJECTION: forcing a failure. [ 1544.393515] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.395598] CPU: 1 PID: 19315 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1544.396684] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.397977] Call Trace: [ 1544.398403] dump_stack+0x107/0x167 [ 1544.398979] should_fail.cold+0x5/0xa 04:58:23 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB, @ANYRES32], 0x1e8}}, 0x4008040) [ 1544.399597] should_failslab+0x5/0x20 [ 1544.400276] __kmalloc_track_caller+0x79/0x370 [ 1544.400998] ? strndup_user+0x74/0xe0 [ 1544.401604] memdup_user+0x22/0xd0 [ 1544.402174] strndup_user+0x74/0xe0 [ 1544.402747] __x64_sys_mount+0x133/0x300 [ 1544.403399] ? copy_mnt_ns+0xa00/0xa00 [ 1544.404010] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.404835] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.405642] do_syscall_64+0x33/0x40 [ 1544.406226] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.407021] RIP: 0033:0x7fc3ad0beb19 [ 1544.407615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.410465] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.411670] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1544.412785] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.413895] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.414999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.416118] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:58:23 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1544.438342] FAULT_INJECTION: forcing a failure. [ 1544.438342] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.439344] CPU: 0 PID: 19323 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1544.439892] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.440541] Call Trace: [ 1544.440761] dump_stack+0x107/0x167 [ 1544.441061] should_fail.cold+0x5/0xa [ 1544.441367] ? create_object.isra.0+0x3a/0xa20 [ 1544.441734] should_failslab+0x5/0x20 [ 1544.442038] kmem_cache_alloc+0x5b/0x310 [ 1544.442378] create_object.isra.0+0x3a/0xa20 [ 1544.442741] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.443157] __kmalloc_track_caller+0x177/0x370 [ 1544.443537] ? strndup_user+0x74/0xe0 [ 1544.443583] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1544.443853] memdup_user+0x22/0xd0 [ 1544.443866] strndup_user+0x74/0xe0 [ 1544.443884] __x64_sys_mount+0x133/0x300 [ 1544.445782] ? copy_mnt_ns+0xa00/0xa00 [ 1544.446098] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.446518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.446929] do_syscall_64+0x33/0x40 [ 1544.447232] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.447640] RIP: 0033:0x7ff607b46b19 [ 1544.447939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.449384] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.449994] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1544.450559] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1544.451123] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1544.451692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.452253] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1544.452849] CPU: 1 PID: 19316 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1544.453956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.455266] Call Trace: [ 1544.455689] dump_stack+0x107/0x167 [ 1544.456270] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1544.457102] p9_client_create+0xc2b/0x11c0 [ 1544.457794] ? p9_client_flush+0x430/0x430 [ 1544.458466] ? trace_hardirqs_on+0x5b/0x180 [ 1544.459146] ? lockdep_init_map_type+0x2c7/0x780 [ 1544.459925] ? __raw_spin_lock_init+0x36/0x110 [ 1544.460634] v9fs_session_init+0x1dd/0x1680 [ 1544.461336] ? lock_release+0x680/0x680 [ 1544.461960] ? kmem_cache_alloc_trace+0x151/0x320 [ 1544.462716] ? v9fs_show_options+0x690/0x690 [ 1544.463424] ? trace_hardirqs_on+0x5b/0x180 [ 1544.464109] ? kasan_unpoison_shadow+0x33/0x50 [ 1544.464820] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.465623] v9fs_mount+0x79/0x8f0 [ 1544.466187] ? v9fs_write_inode+0x60/0x60 [ 1544.466846] legacy_get_tree+0x105/0x220 [ 1544.467488] vfs_get_tree+0x8e/0x300 [ 1544.468073] path_mount+0x1429/0x2120 [ 1544.468677] ? strncpy_from_user+0x9e/0x470 [ 1544.469353] ? finish_automount+0xa90/0xa90 [ 1544.470034] ? getname_flags.part.0+0x1dd/0x4f0 [ 1544.470749] ? _copy_from_user+0xfb/0x1b0 [ 1544.471415] __x64_sys_mount+0x282/0x300 [ 1544.472060] ? copy_mnt_ns+0xa00/0xa00 [ 1544.472677] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.473499] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.474302] do_syscall_64+0x33/0x40 [ 1544.474885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.475691] RIP: 0033:0x7f0b176ffb19 [ 1544.476267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.479142] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.480336] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1544.481449] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.482570] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.483729] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1544.484841] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:58:23 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:58:23 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 2) [ 1544.531616] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1544.566318] FAULT_INJECTION: forcing a failure. [ 1544.566318] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.567580] CPU: 0 PID: 19333 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1544.568133] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.568783] Call Trace: [ 1544.568999] dump_stack+0x107/0x167 [ 1544.569289] should_fail.cold+0x5/0xa [ 1544.569596] ? create_object.isra.0+0x3a/0xa20 [ 1544.569963] should_failslab+0x5/0x20 [ 1544.570266] kmem_cache_alloc+0x5b/0x310 [ 1544.570600] create_object.isra.0+0x3a/0xa20 [ 1544.570953] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.571366] __kmalloc_track_caller+0x177/0x370 [ 1544.571740] ? strndup_user+0x74/0xe0 [ 1544.572048] memdup_user+0x22/0xd0 [ 1544.572335] strndup_user+0x74/0xe0 [ 1544.572627] __x64_sys_mount+0x133/0x300 [ 1544.572952] ? copy_mnt_ns+0xa00/0xa00 [ 1544.573272] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.573689] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.574099] do_syscall_64+0x33/0x40 [ 1544.574402] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.574813] RIP: 0033:0x7fc3ad0beb19 [ 1544.575112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.576568] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.577180] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1544.577746] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.578317] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.578884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.579458] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:58:23 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB, @ANYRES32], 0x1e8}}, 0x4008040) 04:58:23 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 3) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:58:23 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 46) [ 1544.626020] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1544.643203] FAULT_INJECTION: forcing a failure. [ 1544.643203] name failslab, interval 1, probability 0, space 0, times 0 [ 1544.644190] CPU: 0 PID: 19338 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1544.644739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.645406] Call Trace: [ 1544.645620] dump_stack+0x107/0x167 [ 1544.645914] should_fail.cold+0x5/0xa [ 1544.646234] ? p9pdu_readf+0xadb/0x1d40 [ 1544.646558] should_failslab+0x5/0x20 [ 1544.646862] __kmalloc+0x72/0x390 [ 1544.647144] p9pdu_readf+0xadb/0x1d40 [ 1544.647459] ? pipe_poll+0x21b/0x7f0 [ 1544.647755] ? p9pdu_writef+0x100/0x100 [ 1544.648075] ? p9_fd_poll+0x1e0/0x2c0 [ 1544.648383] ? p9_fd_create+0x357/0x4a0 [ 1544.648704] ? p9_conn_create+0x510/0x510 [ 1544.649036] ? p9_client_create+0x798/0x11c0 [ 1544.649389] ? kfree+0xd7/0x340 [ 1544.649657] ? do_raw_spin_unlock+0x4f/0x220 [ 1544.650052] p9_client_create+0xaee/0x11c0 [ 1544.650393] ? p9_client_flush+0x430/0x430 [ 1544.650735] ? trace_hardirqs_on+0x5b/0x180 [ 1544.651080] ? lockdep_init_map_type+0x2c7/0x780 [ 1544.651468] ? __raw_spin_lock_init+0x36/0x110 [ 1544.651840] v9fs_session_init+0x1dd/0x1680 [ 1544.652187] ? lock_release+0x680/0x680 [ 1544.652509] ? kmem_cache_alloc_trace+0x151/0x320 [ 1544.652894] ? v9fs_show_options+0x690/0x690 [ 1544.653256] ? trace_hardirqs_on+0x5b/0x180 [ 1544.653606] ? kasan_unpoison_shadow+0x33/0x50 [ 1544.653975] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1544.654389] v9fs_mount+0x79/0x8f0 [ 1544.654676] ? v9fs_write_inode+0x60/0x60 [ 1544.655015] legacy_get_tree+0x105/0x220 [ 1544.655350] vfs_get_tree+0x8e/0x300 [ 1544.655644] path_mount+0x1429/0x2120 [ 1544.655952] ? strncpy_from_user+0x9e/0x470 [ 1544.656297] ? finish_automount+0xa90/0xa90 [ 1544.656645] ? getname_flags.part.0+0x1dd/0x4f0 [ 1544.657018] ? _copy_from_user+0xfb/0x1b0 [ 1544.657352] __x64_sys_mount+0x282/0x300 [ 1544.657679] ? copy_mnt_ns+0xa00/0xa00 [ 1544.657998] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.658422] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.658838] do_syscall_64+0x33/0x40 [ 1544.659136] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.659550] RIP: 0033:0x7f0d74438b19 [ 1544.659855] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.661321] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.661926] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1544.662489] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1544.663053] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1544.663623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1544.664188] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1544.676335] FAULT_INJECTION: forcing a failure. [ 1544.676335] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1544.677319] CPU: 0 PID: 19339 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1544.677867] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1544.678541] Call Trace: [ 1544.678773] dump_stack+0x107/0x167 [ 1544.679090] should_fail.cold+0x5/0xa [ 1544.679427] _copy_from_user+0x2e/0x1b0 [ 1544.679776] memdup_user+0x65/0xd0 [ 1544.680071] strndup_user+0x74/0xe0 [ 1544.680365] __x64_sys_mount+0x133/0x300 [ 1544.680688] ? copy_mnt_ns+0xa00/0xa00 [ 1544.681018] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1544.681441] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1544.681864] do_syscall_64+0x33/0x40 [ 1544.682171] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1544.682592] RIP: 0033:0x7ff607b46b19 [ 1544.682895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1544.684379] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1544.684990] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1544.685558] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1544.686132] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1544.686716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1544.687304] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1544.735152] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:58:38 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0x9}}) 04:58:38 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32], 0x1e8}}, 0x4008040) 04:58:38 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 4) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:58:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:58:38 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 74) 04:58:38 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 47) 04:58:38 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) 04:58:38 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 3) [ 1558.954194] FAULT_INJECTION: forcing a failure. [ 1558.954194] name failslab, interval 1, probability 0, space 0, times 0 [ 1558.955461] CPU: 0 PID: 19461 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1558.956174] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1558.956981] Call Trace: [ 1558.957257] dump_stack+0x107/0x167 [ 1558.957632] should_fail.cold+0x5/0xa [ 1558.958025] ? create_object.isra.0+0x3a/0xa20 [ 1558.958495] should_failslab+0x5/0x20 [ 1558.958888] kmem_cache_alloc+0x5b/0x310 [ 1558.959307] create_object.isra.0+0x3a/0xa20 [ 1558.959774] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1558.960315] kmem_cache_alloc+0x159/0x310 [ 1558.960758] __kernfs_new_node+0xd4/0x860 [ 1558.961199] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1558.961703] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1558.962217] ? wait_for_completion_io+0x270/0x270 [ 1558.962723] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1558.963288] kernfs_new_node+0x18d/0x250 [ 1558.963493] FAULT_INJECTION: forcing a failure. [ 1558.963493] name failslab, interval 1, probability 0, space 0, times 0 [ 1558.963718] __kernfs_create_file+0x51/0x350 [ 1558.963734] sysfs_add_file_mode_ns+0x221/0x560 [ 1558.963755] internal_create_group+0x324/0xb30 [ 1558.963773] ? sysfs_remove_group+0x170/0x170 [ 1558.963786] ? kernfs_name_hash+0xe7/0x110 [ 1558.963802] ? kernfs_find_ns+0x256/0x380 [ 1558.963822] sysfs_slab_add+0x188/0x200 [ 1558.963838] __kmem_cache_create+0x3db/0x520 [ 1558.963855] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1558.963874] p9_client_create+0xc2b/0x11c0 [ 1558.963905] ? p9_client_flush+0x430/0x430 [ 1558.970516] ? trace_hardirqs_on+0x5b/0x180 [ 1558.970978] ? lockdep_init_map_type+0x2c7/0x780 [ 1558.971474] ? __raw_spin_lock_init+0x36/0x110 [ 1558.971954] v9fs_session_init+0x1dd/0x1680 [ 1558.972400] ? lock_release+0x680/0x680 [ 1558.972818] ? kmem_cache_alloc_trace+0x151/0x320 [ 1558.973316] ? v9fs_show_options+0x690/0x690 [ 1558.973761] ? trace_hardirqs_on+0x5b/0x180 [ 1558.974233] ? kasan_unpoison_shadow+0x33/0x50 [ 1558.974702] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1558.975244] v9fs_mount+0x79/0x8f0 [ 1558.975621] ? v9fs_write_inode+0x60/0x60 [ 1558.976063] legacy_get_tree+0x105/0x220 [ 1558.976480] vfs_get_tree+0x8e/0x300 [ 1558.976869] path_mount+0x1429/0x2120 [ 1558.977272] ? strncpy_from_user+0x9e/0x470 [ 1558.977713] ? finish_automount+0xa90/0xa90 [ 1558.978167] ? getname_flags.part.0+0x1dd/0x4f0 [ 1558.978645] ? _copy_from_user+0xfb/0x1b0 [ 1558.979087] __x64_sys_mount+0x282/0x300 [ 1558.979513] ? copy_mnt_ns+0xa00/0xa00 [ 1558.979918] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1558.980464] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1558.981006] do_syscall_64+0x33/0x40 [ 1558.981387] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1558.981917] RIP: 0033:0x7f0b176ffb19 [ 1558.982304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1558.984202] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1558.985005] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1558.985699] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1558.986447] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1558.987153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1558.987907] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1558.988639] CPU: 1 PID: 19456 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1558.989779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1558.991136] Call Trace: [ 1558.991586] dump_stack+0x107/0x167 [ 1558.992187] should_fail.cold+0x5/0xa [ 1558.992824] ? copy_mount_options+0x55/0x180 [ 1558.993554] should_failslab+0x5/0x20 [ 1558.994198] kmem_cache_alloc_trace+0x55/0x320 [ 1558.994957] ? _copy_from_user+0xfb/0x1b0 [ 1558.995655] copy_mount_options+0x55/0x180 [ 1558.996341] __x64_sys_mount+0x1a8/0x300 [ 1558.997015] ? copy_mnt_ns+0xa00/0xa00 [ 1558.997255] FAULT_INJECTION: forcing a failure. [ 1558.997255] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1558.997647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1558.997673] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.000472] do_syscall_64+0x33/0x40 [ 1559.001082] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.001911] RIP: 0033:0x7ff607b46b19 [ 1559.002510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.005475] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.006684] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1559.007805] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1559.008911] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1559.010011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1559.011113] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1559.012257] CPU: 0 PID: 19460 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1559.012803] FAULT_INJECTION: forcing a failure. [ 1559.012803] name failslab, interval 1, probability 0, space 0, times 0 [ 1559.012968] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.012981] Call Trace: [ 1559.015753] dump_stack+0x107/0x167 [ 1559.016118] should_fail.cold+0x5/0xa [ 1559.016503] _copy_from_user+0x2e/0x1b0 [ 1559.016910] memdup_user+0x65/0xd0 [ 1559.017267] strndup_user+0x74/0xe0 [ 1559.017634] __x64_sys_mount+0x133/0x300 [ 1559.018037] ? copy_mnt_ns+0xa00/0xa00 [ 1559.018431] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.018959] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.019478] do_syscall_64+0x33/0x40 [ 1559.019853] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.020360] RIP: 0033:0x7fc3ad0beb19 [ 1559.020731] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.022534] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.023286] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1559.023990] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.024697] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.025398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1559.026100] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 [ 1559.026826] CPU: 1 PID: 19463 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1559.027956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.029244] Call Trace: [ 1559.029659] dump_stack+0x107/0x167 [ 1559.030228] should_fail.cold+0x5/0xa [ 1559.030824] ? create_object.isra.0+0x3a/0xa20 [ 1559.031543] should_failslab+0x5/0x20 [ 1559.032138] kmem_cache_alloc+0x5b/0x310 [ 1559.032778] create_object.isra.0+0x3a/0xa20 [ 1559.033463] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.034253] __kmalloc+0x16e/0x390 [ 1559.034828] p9pdu_readf+0xadb/0x1d40 [ 1559.035433] ? pipe_poll+0x21b/0x7f0 [ 1559.036018] ? p9pdu_writef+0x100/0x100 [ 1559.036637] ? p9_fd_poll+0x1e0/0x2c0 [ 1559.037244] ? p9_fd_create+0x357/0x4a0 [ 1559.037865] ? p9_conn_create+0x510/0x510 [ 1559.038502] ? p9_client_create+0x798/0x11c0 [ 1559.039188] ? kfree+0xd7/0x340 [ 1559.039709] ? do_raw_spin_unlock+0x4f/0x220 [ 1559.040400] p9_client_create+0xaee/0x11c0 [ 1559.041066] ? p9_client_flush+0x430/0x430 [ 1559.041723] ? trace_hardirqs_on+0x5b/0x180 04:58:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1559.042392] ? lockdep_init_map_type+0x2c7/0x780 [ 1559.043375] ? __raw_spin_lock_init+0x36/0x110 [ 1559.044101] v9fs_session_init+0x1dd/0x1680 [ 1559.044780] ? lock_release+0x680/0x680 [ 1559.045414] ? kmem_cache_alloc_trace+0x151/0x320 [ 1559.046181] ? v9fs_show_options+0x690/0x690 [ 1559.046879] ? trace_hardirqs_on+0x5b/0x180 [ 1559.047570] ? kasan_unpoison_shadow+0x33/0x50 [ 1559.048289] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.049093] v9fs_mount+0x79/0x8f0 [ 1559.049659] ? v9fs_write_inode+0x60/0x60 [ 1559.050316] legacy_get_tree+0x105/0x220 [ 1559.050955] vfs_get_tree+0x8e/0x300 [ 1559.051544] path_mount+0x1429/0x2120 [ 1559.052151] ? strncpy_from_user+0x9e/0x470 [ 1559.052824] ? finish_automount+0xa90/0xa90 [ 1559.053500] ? getname_flags.part.0+0x1dd/0x4f0 [ 1559.054231] ? _copy_from_user+0xfb/0x1b0 [ 1559.054889] __x64_sys_mount+0x282/0x300 [ 1559.055529] ? copy_mnt_ns+0xa00/0xa00 [ 1559.056139] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.056967] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.057784] do_syscall_64+0x33/0x40 [ 1559.058368] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.059166] RIP: 0033:0x7f0d74438b19 [ 1559.059757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.062609] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.063804] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1559.064908] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.066022] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.067128] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1559.068257] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:58:38 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 4) [ 1559.092406] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1559.107198] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:58:38 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, 0x0, &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:58:38 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32], 0x1e8}}, 0x4008040) [ 1559.188134] FAULT_INJECTION: forcing a failure. [ 1559.188134] name failslab, interval 1, probability 0, space 0, times 0 [ 1559.190191] CPU: 1 PID: 19470 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1559.191275] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.192581] Call Trace: [ 1559.193006] dump_stack+0x107/0x167 [ 1559.193587] should_fail.cold+0x5/0xa 04:58:38 executing program 6: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}}) [ 1559.194202] ? copy_mount_options+0x55/0x180 [ 1559.195041] should_failslab+0x5/0x20 [ 1559.195656] kmem_cache_alloc_trace+0x55/0x320 [ 1559.196380] ? _copy_from_user+0xfb/0x1b0 [ 1559.197051] copy_mount_options+0x55/0x180 [ 1559.197721] __x64_sys_mount+0x1a8/0x300 [ 1559.198360] ? copy_mnt_ns+0xa00/0xa00 [ 1559.198983] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.199824] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.200632] do_syscall_64+0x33/0x40 [ 1559.201218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.202028] RIP: 0033:0x7fc3ad0beb19 [ 1559.202618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.205490] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.206689] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 04:58:38 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 75) [ 1559.207816] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.209055] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.210175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1559.211272] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:58:38 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 5) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1559.252218] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1559.256906] FAULT_INJECTION: forcing a failure. [ 1559.256906] name failslab, interval 1, probability 0, space 0, times 0 [ 1559.257884] CPU: 0 PID: 19478 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1559.258439] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.259112] Call Trace: [ 1559.259339] dump_stack+0x107/0x167 [ 1559.259638] should_fail.cold+0x5/0xa [ 1559.259954] ? __kernfs_new_node+0xd4/0x860 [ 1559.260322] should_failslab+0x5/0x20 [ 1559.260636] kmem_cache_alloc+0x5b/0x310 [ 1559.260983] __kernfs_new_node+0xd4/0x860 [ 1559.261321] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1559.261714] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1559.262104] ? wait_for_completion_io+0x270/0x270 [ 1559.262497] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1559.262923] kernfs_new_node+0x18d/0x250 [ 1559.263255] __kernfs_create_file+0x51/0x350 [ 1559.263639] sysfs_add_file_mode_ns+0x221/0x560 [ 1559.264023] internal_create_group+0x324/0xb30 [ 1559.264395] ? sysfs_remove_group+0x170/0x170 [ 1559.264774] ? kernfs_name_hash+0xe7/0x110 [ 1559.265136] sysfs_slab_add+0x188/0x200 [ 1559.265459] __kmem_cache_create+0x3db/0x520 [ 1559.265818] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1559.266224] p9_client_create+0xc2b/0x11c0 [ 1559.266569] ? p9_client_flush+0x430/0x430 [ 1559.266915] ? trace_hardirqs_on+0x5b/0x180 [ 1559.267266] ? lockdep_init_map_type+0x2c7/0x780 [ 1559.267659] ? __raw_spin_lock_init+0x36/0x110 [ 1559.268038] v9fs_session_init+0x1dd/0x1680 [ 1559.268389] ? lock_release+0x680/0x680 [ 1559.268720] ? kmem_cache_alloc_trace+0x151/0x320 [ 1559.269112] ? v9fs_show_options+0x690/0x690 [ 1559.269474] ? trace_hardirqs_on+0x5b/0x180 [ 1559.269828] ? kasan_unpoison_shadow+0x33/0x50 [ 1559.270197] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.270607] v9fs_mount+0x79/0x8f0 [ 1559.270901] ? v9fs_write_inode+0x60/0x60 [ 1559.271236] legacy_get_tree+0x105/0x220 [ 1559.271572] vfs_get_tree+0x8e/0x300 [ 1559.271875] path_mount+0x1429/0x2120 [ 1559.272187] ? strncpy_from_user+0x9e/0x470 [ 1559.272538] ? finish_automount+0xa90/0xa90 [ 1559.272891] ? getname_flags.part.0+0x1dd/0x4f0 [ 1559.273268] ? _copy_from_user+0xfb/0x1b0 [ 1559.273609] __x64_sys_mount+0x282/0x300 [ 1559.273940] ? copy_mnt_ns+0xa00/0xa00 [ 1559.274259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.274678] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.275095] do_syscall_64+0x33/0x40 [ 1559.275406] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.275821] RIP: 0033:0x7f0b176ffb19 [ 1559.276127] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.277593] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.278205] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1559.278775] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.279352] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.279920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1559.280483] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1559.294658] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1559.295307] CPU: 0 PID: 19478 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1559.295871] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.296526] Call Trace: [ 1559.296744] dump_stack+0x107/0x167 [ 1559.297045] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1559.297469] p9_client_create+0xc2b/0x11c0 [ 1559.297815] ? p9_client_flush+0x430/0x430 [ 1559.298153] ? trace_hardirqs_on+0x5b/0x180 [ 1559.298503] ? lockdep_init_map_type+0x2c7/0x780 [ 1559.298893] ? __raw_spin_lock_init+0x36/0x110 [ 1559.299264] v9fs_session_init+0x1dd/0x1680 [ 1559.299620] ? lock_release+0x680/0x680 [ 1559.299953] ? kmem_cache_alloc_trace+0x151/0x320 [ 1559.300340] ? v9fs_show_options+0x690/0x690 [ 1559.300700] ? trace_hardirqs_on+0x5b/0x180 [ 1559.301047] ? kasan_unpoison_shadow+0x33/0x50 [ 1559.301415] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.301830] v9fs_mount+0x79/0x8f0 [ 1559.302119] ? v9fs_write_inode+0x60/0x60 [ 1559.302455] legacy_get_tree+0x105/0x220 [ 1559.302784] vfs_get_tree+0x8e/0x300 [ 1559.303087] path_mount+0x1429/0x2120 [ 1559.303403] ? strncpy_from_user+0x9e/0x470 [ 1559.303750] ? finish_automount+0xa90/0xa90 [ 1559.304098] ? getname_flags.part.0+0x1dd/0x4f0 [ 1559.304473] ? _copy_from_user+0xfb/0x1b0 [ 1559.304814] __x64_sys_mount+0x282/0x300 [ 1559.305142] ? copy_mnt_ns+0xa00/0xa00 [ 1559.305458] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.305881] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.306297] do_syscall_64+0x33/0x40 [ 1559.306597] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.307010] RIP: 0033:0x7f0b176ffb19 [ 1559.307311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.308773] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.309379] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1559.309946] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.310512] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.311078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1559.311653] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1559.331487] FAULT_INJECTION: forcing a failure. [ 1559.331487] name failslab, interval 1, probability 0, space 0, times 0 [ 1559.332505] CPU: 0 PID: 19481 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1559.333060] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.333741] Call Trace: [ 1559.333979] dump_stack+0x107/0x167 [ 1559.334299] should_fail.cold+0x5/0xa [ 1559.334630] ? create_object.isra.0+0x3a/0xa20 [ 1559.335022] should_failslab+0x5/0x20 [ 1559.335343] kmem_cache_alloc+0x5b/0x310 [ 1559.335677] create_object.isra.0+0x3a/0xa20 [ 1559.336030] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.336442] kmem_cache_alloc_trace+0x151/0x320 [ 1559.336823] copy_mount_options+0x55/0x180 [ 1559.337167] __x64_sys_mount+0x1a8/0x300 [ 1559.337496] ? copy_mnt_ns+0xa00/0xa00 [ 1559.337818] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.338241] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.338656] do_syscall_64+0x33/0x40 [ 1559.338956] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.339375] RIP: 0033:0x7ff607b46b19 [ 1559.339677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.341150] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.341769] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1559.342340] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1559.342906] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1559.343485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1559.344055] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 04:58:38 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 48) [ 1559.383802] FAULT_INJECTION: forcing a failure. [ 1559.383802] name failslab, interval 1, probability 0, space 0, times 0 [ 1559.384893] CPU: 0 PID: 19483 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1559.385452] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1559.386139] Call Trace: [ 1559.386363] dump_stack+0x107/0x167 [ 1559.386660] should_fail.cold+0x5/0xa [ 1559.386972] ? create_object.isra.0+0x3a/0xa20 [ 1559.387353] should_failslab+0x5/0x20 [ 1559.387669] kmem_cache_alloc+0x5b/0x310 [ 1559.388006] ? lock_release+0x680/0x680 [ 1559.388335] create_object.isra.0+0x3a/0xa20 [ 1559.388699] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.389125] kmem_cache_alloc+0x159/0x310 [ 1559.389468] kmem_cache_create_usercopy+0x190/0x2f0 [ 1559.389882] p9_client_create+0xc2b/0x11c0 [ 1559.390232] ? p9_client_flush+0x430/0x430 [ 1559.390590] ? trace_hardirqs_on+0x5b/0x180 [ 1559.390943] ? lockdep_init_map_type+0x2c7/0x780 [ 1559.391338] ? __raw_spin_lock_init+0x36/0x110 [ 1559.391729] v9fs_session_init+0x1dd/0x1680 [ 1559.392086] ? lock_release+0x680/0x680 [ 1559.392425] ? kmem_cache_alloc_trace+0x151/0x320 [ 1559.392820] ? v9fs_show_options+0x690/0x690 [ 1559.393193] ? trace_hardirqs_on+0x5b/0x180 [ 1559.393548] ? kasan_unpoison_shadow+0x33/0x50 [ 1559.393921] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1559.394343] v9fs_mount+0x79/0x8f0 [ 1559.394635] ? v9fs_write_inode+0x60/0x60 [ 1559.394985] legacy_get_tree+0x105/0x220 [ 1559.395314] vfs_get_tree+0x8e/0x300 [ 1559.395628] path_mount+0x1429/0x2120 [ 1559.395944] ? strncpy_from_user+0x9e/0x470 [ 1559.396309] ? finish_automount+0xa90/0xa90 [ 1559.396663] ? getname_flags.part.0+0x1dd/0x4f0 [ 1559.397052] ? _copy_from_user+0xfb/0x1b0 [ 1559.397394] __x64_sys_mount+0x282/0x300 [ 1559.397735] ? copy_mnt_ns+0xa00/0xa00 [ 1559.398061] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1559.398493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1559.398910] do_syscall_64+0x33/0x40 [ 1559.399218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1559.399638] RIP: 0033:0x7f0d74438b19 [ 1559.399952] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1559.401420] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1559.402046] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1559.402622] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1559.403196] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1559.403774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1559.404345] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1559.419658] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:58:54 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) 04:58:54 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 76) 04:58:54 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 6) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:58:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYRES32, @ANYBLOB='\b\x00', @ANYRES32], 0x1e8}}, 0x4008040) 04:58:54 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 5) 04:58:54 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0xa}}) 04:58:54 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 49) [ 1575.200548] FAULT_INJECTION: forcing a failure. [ 1575.200548] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.201634] CPU: 1 PID: 19602 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1575.202261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.202997] Call Trace: [ 1575.203246] dump_stack+0x107/0x167 [ 1575.203589] should_fail.cold+0x5/0xa [ 1575.203948] ? p9pdu_readf+0xadb/0x1d40 [ 1575.204331] should_failslab+0x5/0x20 [ 1575.204679] __kmalloc+0x72/0x390 [ 1575.205016] p9pdu_readf+0xadb/0x1d40 [ 1575.205387] ? pipe_poll+0x21b/0x7f0 [ 1575.205727] ? p9pdu_writef+0x100/0x100 [ 1575.206108] ? p9_fd_poll+0x1e0/0x2c0 [ 1575.206169] FAULT_INJECTION: forcing a failure. [ 1575.206169] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1575.206469] ? p9_fd_create+0x357/0x4a0 [ 1575.208454] ? p9_conn_create+0x510/0x510 [ 1575.208844] ? p9_client_create+0x798/0x11c0 [ 1575.209248] ? kfree+0xd7/0x340 [ 1575.209552] ? do_raw_spin_unlock+0x4f/0x220 [ 1575.209968] p9_client_create+0xaee/0x11c0 [ 1575.210358] ? p9_client_flush+0x430/0x430 [ 1575.210748] ? trace_hardirqs_on+0x5b/0x180 [ 1575.211155] ? lockdep_init_map_type+0x2c7/0x780 [ 1575.211600] ? __raw_spin_lock_init+0x36/0x110 [ 1575.212037] v9fs_session_init+0x1dd/0x1680 [ 1575.212431] ? lock_release+0x680/0x680 [ 1575.212803] ? kmem_cache_alloc_trace+0x151/0x320 [ 1575.213251] ? v9fs_show_options+0x690/0x690 [ 1575.213652] ? trace_hardirqs_on+0x5b/0x180 [ 1575.214064] ? kasan_unpoison_shadow+0x33/0x50 [ 1575.214483] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.214962] v9fs_mount+0x79/0x8f0 [ 1575.215292] ? v9fs_write_inode+0x60/0x60 [ 1575.215682] legacy_get_tree+0x105/0x220 [ 1575.216071] vfs_get_tree+0x8e/0x300 [ 1575.216407] path_mount+0x1429/0x2120 [ 1575.216762] ? strncpy_from_user+0x9e/0x470 [ 1575.217165] ? finish_automount+0xa90/0xa90 [ 1575.217559] ? getname_flags.part.0+0x1dd/0x4f0 [ 1575.217992] ? _copy_from_user+0xfb/0x1b0 [ 1575.218372] __x64_sys_mount+0x282/0x300 [ 1575.218748] ? copy_mnt_ns+0xa00/0xa00 [ 1575.219111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.219589] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.220073] do_syscall_64+0x33/0x40 [ 1575.220412] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.220883] RIP: 0033:0x7f0d74438b19 [ 1575.221225] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.222888] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.223586] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1575.224239] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1575.224882] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1575.225523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1575.226169] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1575.226937] CPU: 0 PID: 19594 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1575.227977] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.229173] Call Trace: [ 1575.229569] dump_stack+0x107/0x167 [ 1575.230111] should_fail.cold+0x5/0xa [ 1575.230679] _copy_from_user+0x2e/0x1b0 [ 1575.231271] copy_mount_options+0x76/0x180 [ 1575.231904] __x64_sys_mount+0x1a8/0x300 [ 1575.232498] ? copy_mnt_ns+0xa00/0xa00 [ 1575.233079] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.233850] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.234606] do_syscall_64+0x33/0x40 [ 1575.235157] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.235924] RIP: 0033:0x7ff607b46b19 [ 1575.236466] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.239126] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.240240] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1575.241274] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1575.242318] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1575.243350] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.244393] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1575.249847] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1575.286223] FAULT_INJECTION: forcing a failure. [ 1575.286223] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.288252] CPU: 0 PID: 19603 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1575.289261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.290506] Call Trace: [ 1575.290912] dump_stack+0x107/0x167 [ 1575.291446] should_fail.cold+0x5/0xa [ 1575.292020] ? create_object.isra.0+0x3a/0xa20 [ 1575.292692] should_failslab+0x5/0x20 [ 1575.293250] kmem_cache_alloc+0x5b/0x310 [ 1575.293855] create_object.isra.0+0x3a/0xa20 [ 1575.294521] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.295275] kmem_cache_alloc_trace+0x151/0x320 [ 1575.295986] ? _copy_from_user+0xfb/0x1b0 [ 1575.296606] copy_mount_options+0x55/0x180 [ 1575.297225] __x64_sys_mount+0x1a8/0x300 [ 1575.297818] ? copy_mnt_ns+0xa00/0xa00 [ 1575.298399] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.299169] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.299935] do_syscall_64+0x33/0x40 [ 1575.300479] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.301222] RIP: 0033:0x7fc3ad0beb19 [ 1575.301769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.304439] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.305557] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1575.306598] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1575.307641] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1575.308682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.309720] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:58:54 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 50) 04:58:54 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 7) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1575.331653] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1575.332882] FAULT_INJECTION: forcing a failure. [ 1575.332882] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.334717] CPU: 0 PID: 19597 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1575.335743] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.336944] Call Trace: [ 1575.337336] dump_stack+0x107/0x167 [ 1575.337875] should_fail.cold+0x5/0xa [ 1575.338435] ? create_object.isra.0+0x3a/0xa20 [ 1575.339108] should_failslab+0x5/0x20 [ 1575.339670] kmem_cache_alloc+0x5b/0x310 [ 1575.340267] create_object.isra.0+0x3a/0xa20 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', 0x0, 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}, 0x2c, {'wfdno', 0x3d, r4}}) [ 1575.340912] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.341753] kmem_cache_alloc+0x159/0x310 [ 1575.342372] __kernfs_new_node+0xd4/0x860 [ 1575.342984] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1575.343687] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1575.344413] ? wait_for_completion_io+0x270/0x270 [ 1575.345121] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1575.345893] kernfs_new_node+0x18d/0x250 [ 1575.346490] __kernfs_create_file+0x51/0x350 [ 1575.347137] sysfs_add_file_mode_ns+0x221/0x560 [ 1575.347834] internal_create_group+0x324/0xb30 [ 1575.348512] ? sysfs_remove_group+0x170/0x170 [ 1575.349177] ? kernfs_name_hash+0xe7/0x110 [ 1575.349800] ? kernfs_find_ns+0x256/0x380 [ 1575.350417] sysfs_slab_add+0x188/0x200 [ 1575.351006] __kmem_cache_create+0x3db/0x520 [ 1575.351662] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1575.352412] p9_client_create+0xc2b/0x11c0 [ 1575.353048] ? p9_client_flush+0x430/0x430 [ 1575.353664] ? trace_hardirqs_on+0x5b/0x180 [ 1575.354299] ? lockdep_init_map_type+0x2c7/0x780 [ 1575.355001] ? __raw_spin_lock_init+0x36/0x110 [ 1575.355692] v9fs_session_init+0x1dd/0x1680 [ 1575.356326] ? lock_release+0x680/0x680 [ 1575.356917] ? kmem_cache_alloc_trace+0x151/0x320 [ 1575.357623] ? v9fs_show_options+0x690/0x690 [ 1575.358275] ? trace_hardirqs_on+0x5b/0x180 [ 1575.358907] ? kasan_unpoison_shadow+0x33/0x50 [ 1575.359586] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.360330] v9fs_mount+0x79/0x8f0 [ 1575.360858] ? v9fs_write_inode+0x60/0x60 [ 1575.361474] legacy_get_tree+0x105/0x220 [ 1575.362089] vfs_get_tree+0x8e/0x300 [ 1575.362638] path_mount+0x1429/0x2120 [ 1575.363197] ? strncpy_from_user+0x9e/0x470 [ 1575.363835] ? finish_automount+0xa90/0xa90 [ 1575.364469] ? getname_flags.part.0+0x1dd/0x4f0 [ 1575.365162] ? _copy_from_user+0xfb/0x1b0 [ 1575.365796] __x64_sys_mount+0x282/0x300 [ 1575.366408] ? copy_mnt_ns+0xa00/0xa00 [ 1575.367000] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.367772] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.368534] do_syscall_64+0x33/0x40 [ 1575.369096] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.369867] RIP: 0033:0x7f0b176ffb19 [ 1575.370422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.373093] FAULT_INJECTION: forcing a failure. [ 1575.373093] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.373148] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.375401] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1575.376447] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1575.377493] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1575.378532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1575.379577] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1575.380645] CPU: 1 PID: 19613 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1575.381435] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.382268] Call Trace: [ 1575.382547] dump_stack+0x107/0x167 [ 1575.382924] should_fail.cold+0x5/0xa [ 1575.383317] ? getname_flags.part.0+0x50/0x4f0 [ 1575.383798] should_failslab+0x5/0x20 [ 1575.384192] kmem_cache_alloc+0x5b/0x310 [ 1575.384606] getname_flags.part.0+0x50/0x4f0 [ 1575.385055] ? _copy_from_user+0xfb/0x1b0 [ 1575.385477] user_path_at_empty+0xa1/0x100 [ 1575.385918] __x64_sys_mount+0x1e9/0x300 [ 1575.386331] ? copy_mnt_ns+0xa00/0xa00 [ 1575.386733] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.387262] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.387802] do_syscall_64+0x33/0x40 [ 1575.388185] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.388700] RIP: 0033:0x7ff607b46b19 [ 1575.389085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.390922] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.391723] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1575.392454] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1575.393172] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1575.393908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.394628] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 04:58:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:58:54 executing program 6: socket$inet6_udplite(0xa, 0x2, 0x88) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 1575.443662] FAULT_INJECTION: forcing a failure. [ 1575.443662] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.445484] CPU: 0 PID: 19616 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1575.446497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.447718] Call Trace: [ 1575.448112] dump_stack+0x107/0x167 [ 1575.448658] should_fail.cold+0x5/0xa [ 1575.449221] ? create_object.isra.0+0x3a/0xa20 [ 1575.449893] should_failslab+0x5/0x20 [ 1575.450453] kmem_cache_alloc+0x5b/0x310 [ 1575.451053] create_object.isra.0+0x3a/0xa20 [ 1575.451717] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.452475] kmem_cache_alloc_node+0x169/0x330 [ 1575.453155] __kmem_cache_create+0x10e/0x520 [ 1575.453807] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1575.454545] p9_client_create+0xc2b/0x11c0 [ 1575.455176] ? p9_client_flush+0x430/0x430 [ 1575.455808] ? trace_hardirqs_on+0x5b/0x180 [ 1575.456455] ? lockdep_init_map_type+0x2c7/0x780 [ 1575.457159] ? __raw_spin_lock_init+0x36/0x110 [ 1575.457843] v9fs_session_init+0x1dd/0x1680 [ 1575.458478] ? lock_release+0x680/0x680 [ 1575.459078] ? kmem_cache_alloc_trace+0x151/0x320 [ 1575.459799] ? v9fs_show_options+0x690/0x690 [ 1575.460459] ? trace_hardirqs_on+0x5b/0x180 [ 1575.461100] ? kasan_unpoison_shadow+0x33/0x50 [ 1575.461776] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.462543] v9fs_mount+0x79/0x8f0 [ 1575.463071] ? v9fs_write_inode+0x60/0x60 [ 1575.463692] legacy_get_tree+0x105/0x220 [ 1575.464298] vfs_get_tree+0x8e/0x300 [ 1575.464845] path_mount+0x1429/0x2120 [ 1575.465415] ? strncpy_from_user+0x9e/0x470 [ 1575.466055] ? finish_automount+0xa90/0xa90 [ 1575.466695] ? getname_flags.part.0+0x1dd/0x4f0 [ 1575.466721] ? _copy_from_user+0xfb/0x1b0 [ 1575.467825] __x64_sys_mount+0x282/0x300 [ 1575.467844] ? copy_mnt_ns+0xa00/0xa00 [ 1575.467869] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.468817] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.468839] do_syscall_64+0x33/0x40 [ 1575.470641] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.471386] RIP: 0033:0x7f0d74438b19 [ 1575.471943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.474598] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.475713] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1575.476747] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1575.477784] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1575.478275] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1575.478815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1575.478828] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:58:54 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 8) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 1575.544445] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1575.554091] FAULT_INJECTION: forcing a failure. [ 1575.554091] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.555194] CPU: 1 PID: 19625 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1575.555762] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.556419] Call Trace: [ 1575.556642] dump_stack+0x107/0x167 [ 1575.556935] should_fail.cold+0x5/0xa [ 1575.557243] ? create_object.isra.0+0x3a/0xa20 [ 1575.557616] should_failslab+0x5/0x20 [ 1575.557924] kmem_cache_alloc+0x5b/0x310 [ 1575.558252] create_object.isra.0+0x3a/0xa20 [ 1575.558609] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.559015] kmem_cache_alloc+0x159/0x310 [ 1575.559353] getname_flags.part.0+0x50/0x4f0 [ 1575.559720] ? _copy_from_user+0xfb/0x1b0 [ 1575.560058] user_path_at_empty+0xa1/0x100 [ 1575.560398] __x64_sys_mount+0x1e9/0x300 [ 1575.560725] ? copy_mnt_ns+0xa00/0xa00 [ 1575.561044] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.561474] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.561902] do_syscall_64+0x33/0x40 [ 1575.562215] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.562627] RIP: 0033:0x7ff607b46b19 [ 1575.562932] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.564403] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.565014] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1575.565580] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1575.566148] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1575.566716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.567284] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 04:58:54 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 77) 04:58:54 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:58:54 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) [ 1575.658288] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1575.715124] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1575.739931] FAULT_INJECTION: forcing a failure. [ 1575.739931] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.740892] CPU: 1 PID: 19633 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1575.741443] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1575.742115] Call Trace: [ 1575.742336] dump_stack+0x107/0x167 [ 1575.742630] should_fail.cold+0x5/0xa [ 1575.742940] ? create_object.isra.0+0x3a/0xa20 [ 1575.743313] should_failslab+0x5/0x20 [ 1575.743626] kmem_cache_alloc+0x5b/0x310 [ 1575.743956] create_object.isra.0+0x3a/0xa20 [ 1575.744312] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.744720] kmem_cache_alloc+0x159/0x310 [ 1575.745061] __kernfs_new_node+0xd4/0x860 [ 1575.745400] ? asm_sysvec_call_function_single+0x12/0x20 [ 1575.745841] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1575.746230] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1575.746619] ? wait_for_completion_io+0x270/0x270 [ 1575.747012] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1575.747436] kernfs_new_node+0x18d/0x250 [ 1575.747778] __kernfs_create_file+0x51/0x350 [ 1575.748130] sysfs_add_file_mode_ns+0x221/0x560 [ 1575.748502] internal_create_group+0x324/0xb30 [ 1575.748877] ? sysfs_remove_group+0x170/0x170 [ 1575.749235] ? kernfs_name_hash+0xe7/0x110 [ 1575.749578] ? kernfs_find_ns+0x256/0x380 [ 1575.749917] sysfs_slab_add+0x188/0x200 [ 1575.750240] __kmem_cache_create+0x3db/0x520 [ 1575.750596] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1575.751002] p9_client_create+0xc2b/0x11c0 [ 1575.751347] ? p9_client_flush+0x430/0x430 [ 1575.751696] ? trace_hardirqs_on+0x5b/0x180 [ 1575.752046] ? lockdep_init_map_type+0x2c7/0x780 [ 1575.752430] ? __raw_spin_lock_init+0x36/0x110 [ 1575.752799] v9fs_session_init+0x1dd/0x1680 [ 1575.753145] ? lock_release+0x680/0x680 [ 1575.753471] ? kmem_cache_alloc_trace+0x151/0x320 [ 1575.753856] ? v9fs_show_options+0x690/0x690 [ 1575.754217] ? trace_hardirqs_on+0x5b/0x180 [ 1575.754564] ? kasan_unpoison_shadow+0x33/0x50 [ 1575.754933] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1575.755344] v9fs_mount+0x79/0x8f0 [ 1575.755641] ? v9fs_write_inode+0x60/0x60 [ 1575.755977] legacy_get_tree+0x105/0x220 [ 1575.756307] vfs_get_tree+0x8e/0x300 [ 1575.756612] path_mount+0x1429/0x2120 [ 1575.756928] ? strncpy_from_user+0x9e/0x470 [ 1575.757287] ? finish_automount+0xa90/0xa90 [ 1575.757653] ? getname_flags.part.0+0x1dd/0x4f0 [ 1575.758029] ? _copy_from_user+0xfb/0x1b0 [ 1575.758382] __x64_sys_mount+0x282/0x300 [ 1575.758705] ? copy_mnt_ns+0xa00/0xa00 [ 1575.759033] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1575.759452] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1575.759886] do_syscall_64+0x33/0x40 [ 1575.760186] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1575.760617] RIP: 0033:0x7f0b176ffb19 [ 1575.760926] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1575.762446] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1575.763073] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1575.763673] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1575.764269] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1575.764860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1575.765450] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 04:59:07 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0xb}}) 04:59:07 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:07 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 78) 04:59:07 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}}) 04:59:07 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb2c78d027c7abe363f6b20896ac922119c0d93ea57800b7c0394537858f25efd0b0b0f7c3c306bb398d59426086a34f708faf08000900594fb7962b0a4c06ea3bd17974861b8ebbbdc4e4a312ca9ff9e23b7b990c09c71616b95a4b169749d3cf2429047a675491a78797c9d0cdf239308d6fcca07803c8160e9db5e3947f06a50237236bf96d31bf46084ad8231fd2be85f3061330e75749dfb456424d7a72f72ff0fb1d8fc058d46bdabb8f4226933eb783c95443188702240cf9268bd4856fbef9eb88f69919d86ffb5bbe65de305593", @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:59:07 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 9) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:59:07 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 6) 04:59:07 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 51) [ 1588.804566] FAULT_INJECTION: forcing a failure. [ 1588.804566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1588.807005] CPU: 1 PID: 19751 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1588.808021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.809228] Call Trace: [ 1588.809630] dump_stack+0x107/0x167 [ 1588.810172] should_fail.cold+0x5/0xa [ 1588.810734] strncpy_from_user+0x34/0x470 [ 1588.811353] getname_flags.part.0+0x95/0x4f0 [ 1588.812027] ? _copy_from_user+0xfb/0x1b0 [ 1588.812560] FAULT_INJECTION: forcing a failure. [ 1588.812560] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.812658] user_path_at_empty+0xa1/0x100 [ 1588.814891] __x64_sys_mount+0x1e9/0x300 [ 1588.815484] ? copy_mnt_ns+0xa00/0xa00 [ 1588.816072] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.816848] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.817592] do_syscall_64+0x33/0x40 [ 1588.818138] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.818875] RIP: 0033:0x7ff607b46b19 [ 1588.819415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.822056] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.823151] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1588.824185] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1588.825210] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1588.826228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1588.827253] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1588.828319] CPU: 0 PID: 19754 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1588.829344] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.830524] Call Trace: [ 1588.830910] dump_stack+0x107/0x167 [ 1588.831430] should_fail.cold+0x5/0xa [ 1588.832008] ? create_object.isra.0+0x3a/0xa20 [ 1588.832659] should_failslab+0x5/0x20 [ 1588.833201] kmem_cache_alloc+0x5b/0x310 [ 1588.833786] create_object.isra.0+0x3a/0xa20 [ 1588.834425] kmemleak_alloc_percpu+0xa0/0x100 [ 1588.835068] pcpu_alloc+0x4e2/0x1240 [ 1588.835632] __kmem_cache_create+0x35a/0x520 [ 1588.836277] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1588.836988] p9_client_create+0xc2b/0x11c0 [ 1588.837591] ? p9_client_flush+0x430/0x430 [ 1588.838188] ? trace_hardirqs_on+0x5b/0x180 [ 1588.838816] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.839516] ? __raw_spin_lock_init+0x36/0x110 [ 1588.840193] v9fs_session_init+0x1dd/0x1680 [ 1588.840820] ? lock_release+0x680/0x680 [ 1588.841390] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.842067] ? v9fs_show_options+0x690/0x690 [ 1588.842696] ? trace_hardirqs_on+0x5b/0x180 [ 1588.843319] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.843980] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.844710] v9fs_mount+0x79/0x8f0 [ 1588.845237] ? v9fs_write_inode+0x60/0x60 [ 1588.845847] legacy_get_tree+0x105/0x220 [ 1588.846448] vfs_get_tree+0x8e/0x300 [ 1588.846989] path_mount+0x1429/0x2120 [ 1588.847550] ? strncpy_from_user+0x9e/0x470 [ 1588.848190] ? finish_automount+0xa90/0xa90 [ 1588.848802] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.849472] ? _copy_from_user+0xfb/0x1b0 [ 1588.850072] __x64_sys_mount+0x282/0x300 [ 1588.850676] ? copy_mnt_ns+0xa00/0xa00 [ 1588.851243] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.852011] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.852750] do_syscall_64+0x33/0x40 [ 1588.853310] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.854057] RIP: 0033:0x7f0d74438b19 [ 1588.854606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.857176] 9pnet: Insufficient options for proto=fd [ 1588.857241] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.859072] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1588.860098] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.861107] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.862112] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.863130] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1588.863274] FAULT_INJECTION: forcing a failure. [ 1588.863274] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1588.866185] CPU: 1 PID: 19757 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1588.867212] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.868412] Call Trace: [ 1588.868800] dump_stack+0x107/0x167 [ 1588.868830] should_fail.cold+0x5/0xa [ 1588.869897] _copy_from_user+0x2e/0x1b0 [ 1588.869922] copy_mount_options+0x76/0x180 [ 1588.869952] __x64_sys_mount+0x1a8/0x300 [ 1588.871094] ? copy_mnt_ns+0xa00/0xa00 [ 1588.871118] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.871142] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.873766] do_syscall_64+0x33/0x40 [ 1588.874330] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.875076] RIP: 0033:0x7fc3ad0beb19 [ 1588.875645] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.878326] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.879452] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1588.879607] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1588.880488] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.880499] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.880510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1588.880521] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:59:08 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:59:08 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}}) [ 1588.925910] FAULT_INJECTION: forcing a failure. [ 1588.925910] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.927817] CPU: 1 PID: 19748 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1588.928830] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1588.930027] Call Trace: [ 1588.930427] dump_stack+0x107/0x167 [ 1588.930969] should_fail.cold+0x5/0xa [ 1588.931538] ? create_object.isra.0+0x3a/0xa20 [ 1588.932223] should_failslab+0x5/0x20 [ 1588.932790] kmem_cache_alloc+0x5b/0x310 [ 1588.933404] create_object.isra.0+0x3a/0xa20 [ 1588.934060] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.934810] kmem_cache_alloc+0x159/0x310 [ 1588.935566] __kernfs_new_node+0xd4/0x860 [ 1588.936211] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1588.936916] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1588.937631] ? wait_for_completion_io+0x270/0x270 [ 1588.938344] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1588.939328] kernfs_new_node+0x18d/0x250 [ 1588.940004] __kernfs_create_file+0x51/0x350 [ 1588.940833] sysfs_add_file_mode_ns+0x221/0x560 [ 1588.941548] internal_create_group+0x324/0xb30 [ 1588.942414] ? sysfs_remove_group+0x170/0x170 [ 1588.943158] ? kernfs_name_hash+0xe7/0x110 [ 1588.943989] sysfs_slab_add+0x188/0x200 [ 1588.944653] __kmem_cache_create+0x3db/0x520 [ 1588.945489] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1588.946331] p9_client_create+0xc2b/0x11c0 [ 1588.947150] ? p9_client_flush+0x430/0x430 [ 1588.947794] ? trace_hardirqs_on+0x5b/0x180 [ 1588.948603] ? lockdep_init_map_type+0x2c7/0x780 [ 1588.949389] ? __raw_spin_lock_init+0x36/0x110 [ 1588.949415] v9fs_session_init+0x1dd/0x1680 [ 1588.949441] ? lock_release+0x680/0x680 [ 1588.950758] ? kmem_cache_alloc_trace+0x151/0x320 [ 1588.950782] ? v9fs_show_options+0x690/0x690 [ 1588.952080] ? trace_hardirqs_on+0x5b/0x180 [ 1588.952103] ? kasan_unpoison_shadow+0x33/0x50 [ 1588.952123] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1588.952148] v9fs_mount+0x79/0x8f0 [ 1588.955767] ? v9fs_write_inode+0x60/0x60 [ 1588.956553] legacy_get_tree+0x105/0x220 [ 1588.957236] vfs_get_tree+0x8e/0x300 [ 1588.957938] path_mount+0x1429/0x2120 [ 1588.958523] ? strncpy_from_user+0x9e/0x470 [ 1588.959225] ? finish_automount+0xa90/0xa90 [ 1588.959887] ? getname_flags.part.0+0x1dd/0x4f0 [ 1588.960584] ? _copy_from_user+0xfb/0x1b0 [ 1588.961228] __x64_sys_mount+0x282/0x300 [ 1588.961845] ? copy_mnt_ns+0xa00/0xa00 [ 1588.962439] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1588.963225] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1588.963243] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1588.965307] do_syscall_64+0x33/0x40 [ 1588.966007] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1588.966752] RIP: 0033:0x7f0b176ffb19 [ 1588.967310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1588.967333] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1588.971133] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1588.972169] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1588.973212] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1588.974252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1588.975294] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1589.016189] 9pnet: Insufficient options for proto=fd 04:59:08 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1589.029172] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1589.112371] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1603.745536] FAULT_INJECTION: forcing a failure. [ 1603.745536] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.747296] CPU: 1 PID: 19777 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1603.748301] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.749492] Call Trace: [ 1603.749883] dump_stack+0x107/0x167 [ 1603.750418] should_fail.cold+0x5/0xa [ 1603.750987] ? __kernfs_new_node+0xd4/0x860 [ 1603.751622] should_failslab+0x5/0x20 [ 1603.752187] kmem_cache_alloc+0x5b/0x310 [ 1603.752790] __kernfs_new_node+0xd4/0x860 [ 1603.753403] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1603.754127] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1603.754843] ? wait_for_completion_io+0x270/0x270 [ 1603.755560] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1603.756346] kernfs_new_node+0x18d/0x250 [ 1603.756953] __kernfs_create_file+0x51/0x350 [ 1603.757601] sysfs_add_file_mode_ns+0x221/0x560 [ 1603.758294] internal_create_group+0x324/0xb30 [ 1603.758975] ? sysfs_remove_group+0x170/0x170 [ 1603.759636] ? kernfs_name_hash+0xe7/0x110 [ 1603.760267] ? kernfs_find_ns+0x256/0x380 [ 1603.760888] sysfs_slab_add+0x188/0x200 [ 1603.761474] __kmem_cache_create+0x3db/0x520 [ 1603.762131] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1603.762897] p9_client_create+0xc2b/0x11c0 [ 1603.763532] ? p9_client_flush+0x430/0x430 [ 1603.764163] ? trace_hardirqs_on+0x5b/0x180 [ 1603.764808] ? lockdep_init_map_type+0x2c7/0x780 [ 1603.765505] ? __raw_spin_lock_init+0x36/0x110 [ 1603.766406] v9fs_session_init+0x1dd/0x1680 04:59:22 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r3}}) 04:59:22 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 10) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:59:22 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@version_u}], [], 0x10}}) 04:59:22 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 7) 04:59:22 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 52) 04:59:22 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 79) 04:59:22 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:59:22 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1603.767196] ? lock_release+0x680/0x680 [ 1603.767954] ? kmem_cache_alloc_trace+0x151/0x320 [ 1603.768665] ? v9fs_show_options+0x690/0x690 [ 1603.769326] ? trace_hardirqs_on+0x5b/0x180 [ 1603.769980] ? kasan_unpoison_shadow+0x33/0x50 [ 1603.770644] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1603.771390] v9fs_mount+0x79/0x8f0 [ 1603.771925] ? v9fs_write_inode+0x60/0x60 [ 1603.772530] legacy_get_tree+0x105/0x220 [ 1603.773126] vfs_get_tree+0x8e/0x300 [ 1603.773666] path_mount+0x1429/0x2120 [ 1603.774234] ? strncpy_from_user+0x9e/0x470 [ 1603.774882] ? finish_automount+0xa90/0xa90 [ 1603.775513] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.776205] ? _copy_from_user+0xfb/0x1b0 [ 1603.776828] __x64_sys_mount+0x282/0x300 [ 1603.777432] ? copy_mnt_ns+0xa00/0xa00 [ 1603.778023] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.778799] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.779553] do_syscall_64+0x33/0x40 [ 1603.780105] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.780863] RIP: 0033:0x7f0b176ffb19 [ 1603.781404] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.784088] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.785200] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1603.786254] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1603.787126] 9pnet: Insufficient options for proto=fd [ 1603.787304] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1603.787315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1603.787336] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1603.792408] FAULT_INJECTION: forcing a failure. [ 1603.792408] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.794350] CPU: 0 PID: 19785 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1603.795369] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.796591] Call Trace: [ 1603.796990] dump_stack+0x107/0x167 [ 1603.797529] should_fail.cold+0x5/0xa [ 1603.798103] ? alloc_fs_context+0x57/0x840 [ 1603.798728] should_failslab+0x5/0x20 [ 1603.799298] kmem_cache_alloc_trace+0x55/0x320 [ 1603.799989] alloc_fs_context+0x57/0x840 [ 1603.800600] path_mount+0xaa3/0x2120 [ 1603.801158] ? strncpy_from_user+0x9e/0x470 [ 1603.801804] ? finish_automount+0xa90/0xa90 [ 1603.802444] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.803132] ? _copy_from_user+0xfb/0x1b0 [ 1603.803756] __x64_sys_mount+0x282/0x300 [ 1603.804343] ? copy_mnt_ns+0xa00/0xa00 [ 1603.804933] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.805716] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.806472] do_syscall_64+0x33/0x40 [ 1603.807026] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.807783] RIP: 0033:0x7ff607b46b19 [ 1603.808357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.811050] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.812137] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1603.813191] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1603.814245] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1603.815300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1603.816362] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1603.834433] FAULT_INJECTION: forcing a failure. [ 1603.834433] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.836473] CPU: 1 PID: 19778 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1603.837509] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.838728] Call Trace: [ 1603.839127] dump_stack+0x107/0x167 [ 1603.839688] should_fail.cold+0x5/0xa [ 1603.840279] ? getname_flags.part.0+0x50/0x4f0 [ 1603.840975] should_failslab+0x5/0x20 [ 1603.841535] kmem_cache_alloc+0x5b/0x310 [ 1603.842131] getname_flags.part.0+0x50/0x4f0 [ 1603.842783] ? _copy_from_user+0xfb/0x1b0 [ 1603.843392] user_path_at_empty+0xa1/0x100 [ 1603.844021] __x64_sys_mount+0x1e9/0x300 [ 1603.844616] ? copy_mnt_ns+0xa00/0xa00 [ 1603.845204] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.845981] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.846739] do_syscall_64+0x33/0x40 [ 1603.847280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.848038] RIP: 0033:0x7fc3ad0beb19 [ 1603.848599] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.849420] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1603.851258] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.851278] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1603.851290] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1603.851301] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1603.851312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1603.851323] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:59:23 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}}) [ 1603.873072] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1603.874199] CPU: 1 PID: 19777 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1603.875202] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.876313] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1603.876413] Call Trace: [ 1603.876437] dump_stack+0x107/0x167 [ 1603.878536] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1603.879312] p9_client_create+0xc2b/0x11c0 [ 1603.879943] ? p9_client_flush+0x430/0x430 [ 1603.880569] ? trace_hardirqs_on+0x5b/0x180 [ 1603.881213] ? lockdep_init_map_type+0x2c7/0x780 [ 1603.881912] ? __raw_spin_lock_init+0x36/0x110 [ 1603.882593] v9fs_session_init+0x1dd/0x1680 [ 1603.883251] ? lock_release+0x680/0x680 [ 1603.883860] ? kmem_cache_alloc_trace+0x151/0x320 [ 1603.884570] ? v9fs_show_options+0x690/0x690 [ 1603.885227] ? trace_hardirqs_on+0x5b/0x180 [ 1603.885870] ? kasan_unpoison_shadow+0x33/0x50 [ 1603.886537] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1603.887284] v9fs_mount+0x79/0x8f0 [ 1603.887808] ? v9fs_write_inode+0x60/0x60 [ 1603.888426] legacy_get_tree+0x105/0x220 [ 1603.889021] vfs_get_tree+0x8e/0x300 [ 1603.889565] path_mount+0x1429/0x2120 [ 1603.890125] ? strncpy_from_user+0x9e/0x470 [ 1603.890753] ? finish_automount+0xa90/0xa90 [ 1603.891376] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.892071] ? _copy_from_user+0xfb/0x1b0 [ 1603.892678] __x64_sys_mount+0x282/0x300 [ 1603.893273] ? copy_mnt_ns+0xa00/0xa00 [ 1603.893844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.894612] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.895356] do_syscall_64+0x33/0x40 [ 1603.895917] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.896659] RIP: 0033:0x7f0b176ffb19 [ 1603.897206] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.899854] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.900960] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1603.901994] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1603.903026] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1603.904070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 04:59:23 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1603.905104] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1603.906497] FAULT_INJECTION: forcing a failure. [ 1603.906497] name failslab, interval 1, probability 0, space 0, times 0 [ 1603.908136] CPU: 1 PID: 19789 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1603.909137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1603.910324] Call Trace: [ 1603.910711] dump_stack+0x107/0x167 [ 1603.911250] should_fail.cold+0x5/0xa [ 1603.911811] ? create_object.isra.0+0x3a/0xa20 [ 1603.912483] should_failslab+0x5/0x20 04:59:23 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 11) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1603.913039] kmem_cache_alloc+0x5b/0x310 [ 1603.913765] create_object.isra.0+0x3a/0xa20 [ 1603.914447] kmemleak_alloc_percpu+0xa0/0x100 [ 1603.915107] pcpu_alloc+0x4e2/0x1240 [ 1603.915669] __kmem_cache_create+0x35a/0x520 [ 1603.916318] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1603.917055] p9_client_create+0xc2b/0x11c0 [ 1603.917681] ? p9_client_flush+0x430/0x430 [ 1603.918303] ? trace_hardirqs_on+0x5b/0x180 [ 1603.918942] ? lockdep_init_map_type+0x2c7/0x780 [ 1603.919643] ? __raw_spin_lock_init+0x36/0x110 [ 1603.920326] v9fs_session_init+0x1dd/0x1680 [ 1603.920948] ? lock_release+0x680/0x680 [ 1603.921537] ? kmem_cache_alloc_trace+0x151/0x320 [ 1603.922237] ? v9fs_show_options+0x690/0x690 [ 1603.922887] ? trace_hardirqs_on+0x5b/0x180 [ 1603.923522] ? kasan_unpoison_shadow+0x33/0x50 [ 1603.924199] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1603.924941] v9fs_mount+0x79/0x8f0 [ 1603.925463] ? v9fs_write_inode+0x60/0x60 [ 1603.926079] legacy_get_tree+0x105/0x220 [ 1603.926667] vfs_get_tree+0x8e/0x300 [ 1603.927214] path_mount+0x1429/0x2120 [ 1603.927772] ? strncpy_from_user+0x9e/0x470 [ 1603.928413] ? finish_automount+0xa90/0xa90 [ 1603.929039] ? getname_flags.part.0+0x1dd/0x4f0 [ 1603.929719] ? _copy_from_user+0xfb/0x1b0 [ 1603.930328] __x64_sys_mount+0x282/0x300 [ 1603.930921] ? copy_mnt_ns+0xa00/0xa00 [ 1603.931495] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1603.932269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1603.933019] do_syscall_64+0x33/0x40 [ 1603.933566] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1603.934308] RIP: 0033:0x7f0d74438b19 [ 1603.934856] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1603.937497] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1603.938606] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1603.939635] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1603.940668] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1603.941688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1603.942714] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1603.972510] 9pnet: Insufficient options for proto=fd 04:59:23 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 8) 04:59:23 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}}) [ 1604.037259] FAULT_INJECTION: forcing a failure. [ 1604.037259] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.039240] CPU: 1 PID: 19797 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1604.040305] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1604.041582] Call Trace: [ 1604.041998] dump_stack+0x107/0x167 [ 1604.042568] should_fail.cold+0x5/0xa [ 1604.043166] ? create_object.isra.0+0x3a/0xa20 [ 1604.043887] should_failslab+0x5/0x20 [ 1604.044471] kmem_cache_alloc+0x5b/0x310 [ 1604.045107] create_object.isra.0+0x3a/0xa20 [ 1604.045787] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.046574] kmem_cache_alloc_trace+0x151/0x320 [ 1604.047300] alloc_fs_context+0x57/0x840 [ 1604.047941] path_mount+0xaa3/0x2120 [ 1604.048522] ? strncpy_from_user+0x9e/0x470 [ 1604.049186] ? finish_automount+0xa90/0xa90 [ 1604.049855] ? getname_flags.part.0+0x1dd/0x4f0 [ 1604.050570] ? _copy_from_user+0xfb/0x1b0 [ 1604.051217] __x64_sys_mount+0x282/0x300 [ 1604.051850] ? copy_mnt_ns+0xa00/0xa00 [ 1604.052459] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1604.053270] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1604.054061] do_syscall_64+0x33/0x40 [ 1604.054636] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1604.055420] RIP: 0033:0x7ff607b46b19 [ 1604.055996] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1604.058821] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1604.059999] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1604.061089] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1604.062183] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1604.063295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1604.064390] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1604.077778] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1604.090462] FAULT_INJECTION: forcing a failure. [ 1604.090462] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.092579] CPU: 0 PID: 19800 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1604.093664] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1604.094946] Call Trace: [ 1604.095367] dump_stack+0x107/0x167 [ 1604.095960] should_fail.cold+0x5/0xa [ 1604.096561] ? create_object.isra.0+0x3a/0xa20 [ 1604.097274] should_failslab+0x5/0x20 [ 1604.097867] kmem_cache_alloc+0x5b/0x310 [ 1604.098515] create_object.isra.0+0x3a/0xa20 [ 1604.099201] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.100015] kmem_cache_alloc+0x159/0x310 [ 1604.100670] getname_flags.part.0+0x50/0x4f0 [ 1604.101347] ? _copy_from_user+0xfb/0x1b0 [ 1604.101990] user_path_at_empty+0xa1/0x100 [ 1604.102660] __x64_sys_mount+0x1e9/0x300 [ 1604.103301] ? copy_mnt_ns+0xa00/0xa00 [ 1604.103934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1604.104019] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1604.104740] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1604.104761] do_syscall_64+0x33/0x40 [ 1604.104787] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1604.107122] 9pnet: Insufficient options for proto=fd [ 1604.107443] RIP: 0033:0x7fc3ad0beb19 [ 1604.107464] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1604.107482] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1604.113522] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1604.114622] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1604.115728] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1604.116829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1604.117924] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 04:59:23 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 80) 04:59:23 executing program 0: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) r1 = dup2(r0, r0) ioctl$HIDIOCINITREPORT(r1, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, r1, 0x0) r2 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r2, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r5 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r5, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) fcntl$F_SET_RW_HINT(0xffffffffffffffff, 0x40c, &(0x7f0000000140)=0x7c0283a40842d60c) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r3}}) 04:59:23 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:23 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 53) 04:59:23 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) [ 1604.238312] FAULT_INJECTION: forcing a failure. [ 1604.238312] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.240197] CPU: 0 PID: 19804 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1604.241242] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1604.242471] Call Trace: [ 1604.242867] dump_stack+0x107/0x167 [ 1604.243405] should_fail.cold+0x5/0xa [ 1604.243986] ? create_object.isra.0+0x3a/0xa20 [ 1604.244519] 9pnet: Insufficient options for proto=fd [ 1604.244683] should_failslab+0x5/0x20 [ 1604.244703] kmem_cache_alloc+0x5b/0x310 [ 1604.244727] create_object.isra.0+0x3a/0xa20 [ 1604.244746] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.244769] kmem_cache_alloc+0x159/0x310 [ 1604.244797] __kernfs_new_node+0xd4/0x860 [ 1604.249247] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1604.249983] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1604.250718] ? wait_for_completion_io+0x270/0x270 [ 1604.251437] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1604.252252] kernfs_new_node+0x18d/0x250 [ 1604.252859] __kernfs_create_file+0x51/0x350 [ 1604.253515] sysfs_add_file_mode_ns+0x221/0x560 [ 1604.254217] internal_create_group+0x324/0xb30 [ 1604.254921] ? sysfs_remove_group+0x170/0x170 [ 1604.255585] ? kernfs_name_hash+0xe7/0x110 [ 1604.256251] sysfs_slab_add+0x188/0x200 [ 1604.256860] __kmem_cache_create+0x3db/0x520 [ 1604.257524] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1604.258284] p9_client_create+0xc2b/0x11c0 [ 1604.258923] ? p9_client_flush+0x430/0x430 [ 1604.259561] ? trace_hardirqs_on+0x5b/0x180 [ 1604.260224] ? lockdep_init_map_type+0x2c7/0x780 [ 1604.260929] ? __raw_spin_lock_init+0x36/0x110 [ 1604.261612] v9fs_session_init+0x1dd/0x1680 [ 1604.262261] ? lock_release+0x680/0x680 [ 1604.262860] ? kmem_cache_alloc_trace+0x151/0x320 [ 1604.262878] ? v9fs_show_options+0x690/0x690 [ 1604.262909] ? trace_hardirqs_on+0x5b/0x180 [ 1604.264225] ? kasan_unpoison_shadow+0x33/0x50 [ 1604.265456] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.266214] v9fs_mount+0x79/0x8f0 [ 1604.266742] ? v9fs_write_inode+0x60/0x60 [ 1604.267374] legacy_get_tree+0x105/0x220 [ 1604.267996] vfs_get_tree+0x8e/0x300 [ 1604.268549] path_mount+0x1429/0x2120 [ 1604.269119] ? strncpy_from_user+0x9e/0x470 [ 1604.269751] ? finish_automount+0xa90/0xa90 [ 1604.270395] ? getname_flags.part.0+0x1dd/0x4f0 [ 1604.271091] ? _copy_from_user+0xfb/0x1b0 [ 1604.271729] __x64_sys_mount+0x282/0x300 [ 1604.272342] ? copy_mnt_ns+0xa00/0xa00 [ 1604.272934] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1604.273735] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1604.274501] do_syscall_64+0x33/0x40 [ 1604.275070] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1604.275826] RIP: 0033:0x7f0b176ffb19 [ 1604.276398] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1604.279117] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1604.280257] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1604.281320] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1604.282368] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1604.283428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1604.284496] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1604.293575] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1604.368152] FAULT_INJECTION: forcing a failure. [ 1604.368152] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.369647] CPU: 1 PID: 19812 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1604.370540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1604.371596] Call Trace: [ 1604.371957] dump_stack+0x107/0x167 [ 1604.372425] should_fail.cold+0x5/0xa [ 1604.372924] ? __kernfs_new_node+0xd4/0x860 [ 1604.373480] should_failslab+0x5/0x20 [ 1604.373985] kmem_cache_alloc+0x5b/0x310 [ 1604.374511] __kernfs_new_node+0xd4/0x860 [ 1604.375051] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1604.375662] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1604.376370] kernfs_new_node+0x18d/0x250 [ 1604.376920] kernfs_create_dir_ns+0x49/0x160 [ 1604.377490] sysfs_create_dir_ns+0x127/0x290 [ 1604.378061] ? sysfs_create_mount_point+0xb0/0xb0 [ 1604.378686] ? rwlock_bug.part.0+0x90/0x90 [ 1604.379243] ? do_raw_spin_unlock+0x4f/0x220 [ 1604.379819] kobject_add_internal+0x25e/0xa30 [ 1604.380412] kobject_init_and_add+0x101/0x160 [ 1604.380992] ? kobject_create_and_add+0xb0/0xb0 [ 1604.381578] ? wait_for_completion_io+0x270/0x270 [ 1604.382181] ? kernfs_name_hash+0xe7/0x110 [ 1604.382729] sysfs_slab_add+0x172/0x200 [ 1604.383246] __kmem_cache_create+0x3db/0x520 [ 1604.383800] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1604.384451] p9_client_create+0xc2b/0x11c0 [ 1604.384992] ? p9_client_flush+0x430/0x430 [ 1604.385524] ? trace_hardirqs_on+0x5b/0x180 [ 1604.386071] ? lockdep_init_map_type+0x2c7/0x780 [ 1604.386675] ? __raw_spin_lock_init+0x36/0x110 [ 1604.387265] v9fs_session_init+0x1dd/0x1680 [ 1604.387805] ? lock_release+0x680/0x680 [ 1604.388321] ? kmem_cache_alloc_trace+0x151/0x320 [ 1604.388927] ? v9fs_show_options+0x690/0x690 [ 1604.389498] ? trace_hardirqs_on+0x5b/0x180 [ 1604.390055] ? kasan_unpoison_shadow+0x33/0x50 [ 1604.390625] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.391275] v9fs_mount+0x79/0x8f0 [ 1604.391735] ? v9fs_write_inode+0x60/0x60 [ 1604.392271] legacy_get_tree+0x105/0x220 [ 1604.392787] vfs_get_tree+0x8e/0x300 [ 1604.393264] path_mount+0x1429/0x2120 [ 1604.393761] ? strncpy_from_user+0x9e/0x470 [ 1604.394314] ? finish_automount+0xa90/0xa90 [ 1604.394859] ? getname_flags.part.0+0x1dd/0x4f0 [ 1604.395445] ? _copy_from_user+0xfb/0x1b0 [ 1604.395974] __x64_sys_mount+0x282/0x300 [ 1604.396490] ? copy_mnt_ns+0xa00/0xa00 [ 1604.396988] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1604.397640] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1604.398304] do_syscall_64+0x33/0x40 [ 1604.398772] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1604.399421] RIP: 0033:0x7f0d74438b19 [ 1604.399899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1604.402191] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1604.403128] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1604.404022] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1604.404903] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1604.405786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1604.406664] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 [ 1604.408324] kobject_add_internal failed for 9p-fcall-cache (error: -12 parent: slab) [ 1604.409439] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1604.410268] CPU: 1 PID: 19812 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1604.411129] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1604.412167] Call Trace: [ 1604.412509] dump_stack+0x107/0x167 [ 1604.412968] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1604.413619] p9_client_create+0xc2b/0x11c0 [ 1604.414158] ? p9_client_flush+0x430/0x430 [ 1604.414685] ? trace_hardirqs_on+0x5b/0x180 [ 1604.415220] ? lockdep_init_map_type+0x2c7/0x780 [ 1604.415812] ? __raw_spin_lock_init+0x36/0x110 [ 1604.416391] v9fs_session_init+0x1dd/0x1680 [ 1604.416941] ? lock_release+0x680/0x680 [ 1604.417443] ? kmem_cache_alloc_trace+0x151/0x320 [ 1604.418058] ? v9fs_show_options+0x690/0x690 [ 1604.418611] ? trace_hardirqs_on+0x5b/0x180 [ 1604.419164] ? kasan_unpoison_shadow+0x33/0x50 [ 1604.419733] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1604.420366] v9fs_mount+0x79/0x8f0 [ 1604.420807] ? v9fs_write_inode+0x60/0x60 [ 1604.421330] legacy_get_tree+0x105/0x220 [ 1604.421831] vfs_get_tree+0x8e/0x300 [ 1604.422294] path_mount+0x1429/0x2120 [ 1604.422768] ? strncpy_from_user+0x9e/0x470 [ 1604.423301] ? finish_automount+0xa90/0xa90 [ 1604.423850] ? getname_flags.part.0+0x1dd/0x4f0 [ 1604.424419] ? _copy_from_user+0xfb/0x1b0 [ 1604.424937] __x64_sys_mount+0x282/0x300 [ 1604.425435] ? copy_mnt_ns+0xa00/0xa00 [ 1604.425926] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1604.426561] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1604.427207] do_syscall_64+0x33/0x40 [ 1604.427666] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1604.428291] RIP: 0033:0x7f0d74438b19 [ 1604.428757] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1604.431006] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1604.431956] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1604.432829] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1604.433703] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1604.434574] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1604.435443] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:59:36 executing program 5: syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cgroups\x00', 0x0, 0x0) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_u}]}}) ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000000)={0x20, 0x9, 0x2}) 04:59:36 executing program 1: ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 54) 04:59:36 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 12) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:59:36 executing program 6: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:36 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:59:36 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 9) 04:59:36 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 81) [ 1616.901039] FAULT_INJECTION: forcing a failure. [ 1616.901039] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.902069] CPU: 0 PID: 19932 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1616.902660] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1616.903371] Call Trace: [ 1616.903599] dump_stack+0x107/0x167 [ 1616.903897] should_fail.cold+0x5/0xa [ 1616.904216] ? __kernfs_new_node+0xd4/0x860 [ 1616.904613] should_failslab+0x5/0x20 [ 1616.904939] kmem_cache_alloc+0x5b/0x310 [ 1616.905266] __kernfs_new_node+0xd4/0x860 [ 1616.905631] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1616.906020] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1616.906446] ? wait_for_completion_io+0x270/0x270 [ 1616.906841] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1616.907303] kernfs_new_node+0x18d/0x250 [ 1616.907643] __kernfs_create_file+0x51/0x350 [ 1616.908057] sysfs_add_file_mode_ns+0x221/0x560 [ 1616.908469] internal_create_group+0x324/0xb30 [ 1616.908847] ? sysfs_remove_group+0x170/0x170 [ 1616.909237] ? kernfs_name_hash+0xe7/0x110 [ 1616.909601] ? kernfs_find_ns+0x256/0x380 [ 1616.909937] sysfs_slab_add+0x188/0x200 [ 1616.910285] __kmem_cache_create+0x3db/0x520 [ 1616.910641] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1616.910957] FAULT_INJECTION: forcing a failure. [ 1616.910957] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.911104] p9_client_create+0xc2b/0x11c0 [ 1616.913114] ? p9_client_flush+0x430/0x430 [ 1616.913480] ? trace_hardirqs_on+0x5b/0x180 [ 1616.913862] ? lockdep_init_map_type+0x2c7/0x780 [ 1616.914279] ? __raw_spin_lock_init+0x36/0x110 [ 1616.914680] v9fs_session_init+0x1dd/0x1680 [ 1616.915055] ? lock_release+0x680/0x680 [ 1616.915387] ? kmem_cache_alloc_trace+0x151/0x320 [ 1616.915810] ? v9fs_show_options+0x690/0x690 [ 1616.916181] ? trace_hardirqs_on+0x5b/0x180 [ 1616.916561] ? kasan_unpoison_shadow+0x33/0x50 [ 1616.916966] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1616.917407] v9fs_mount+0x79/0x8f0 [ 1616.917719] ? v9fs_write_inode+0x60/0x60 [ 1616.918067] legacy_get_tree+0x105/0x220 [ 1616.918419] vfs_get_tree+0x8e/0x300 [ 1616.918722] path_mount+0x1429/0x2120 [ 1616.919062] ? strncpy_from_user+0x9e/0x470 [ 1616.919411] ? finish_automount+0xa90/0xa90 [ 1616.919789] ? getname_flags.part.0+0x1dd/0x4f0 [ 1616.920174] ? _copy_from_user+0xfb/0x1b0 [ 1616.920539] __x64_sys_mount+0x282/0x300 [ 1616.920902] ? copy_mnt_ns+0xa00/0xa00 [ 1616.921236] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1616.921651] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1616.922112] do_syscall_64+0x33/0x40 [ 1616.922407] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1616.922859] RIP: 0033:0x7f0b176ffb19 [ 1616.923157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1616.924756] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1616.925365] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1616.925995] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1616.926609] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1616.927232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1616.927849] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1616.928495] CPU: 1 PID: 19924 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1616.929525] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1616.930733] Call Trace: [ 1616.931137] dump_stack+0x107/0x167 [ 1616.931679] should_fail.cold+0x5/0xa [ 1616.932258] ? cgroup_init_fs_context+0x47/0x3e0 [ 1616.932969] should_failslab+0x5/0x20 [ 1616.933521] kmem_cache_alloc_trace+0x55/0x320 [ 1616.934207] cgroup_init_fs_context+0x47/0x3e0 [ 1616.934889] ? css_killed_work_fn+0x610/0x610 [ 1616.934937] FAULT_INJECTION: forcing a failure. [ 1616.934937] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1616.935553] alloc_fs_context+0x4fd/0x840 [ 1616.935578] path_mount+0xaa3/0x2120 [ 1616.937590] ? strncpy_from_user+0x9e/0x470 [ 1616.938220] ? finish_automount+0xa90/0xa90 [ 1616.938842] ? getname_flags.part.0+0x1dd/0x4f0 [ 1616.939510] ? _copy_from_user+0xfb/0x1b0 [ 1616.940131] __x64_sys_mount+0x282/0x300 [ 1616.940708] ? copy_mnt_ns+0xa00/0xa00 [ 1616.941285] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1616.942046] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1616.942788] do_syscall_64+0x33/0x40 [ 1616.943327] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1616.944073] RIP: 0033:0x7ff607b46b19 [ 1616.944608] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1616.947233] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1616.948333] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1616.949357] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1616.950374] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1616.951389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1616.952407] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1616.953449] CPU: 0 PID: 19928 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1616.954003] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1616.954638] Call Trace: [ 1616.954844] dump_stack+0x107/0x167 [ 1616.955128] should_fail.cold+0x5/0xa [ 1616.955438] strncpy_from_user+0x34/0x470 [ 1616.955767] getname_flags.part.0+0x95/0x4f0 [ 1616.956119] ? _copy_from_user+0xfb/0x1b0 [ 1616.956450] user_path_at_empty+0xa1/0x100 [ 1616.956786] __x64_sys_mount+0x1e9/0x300 [ 1616.957102] ? copy_mnt_ns+0xa00/0xa00 [ 1616.957405] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1616.957830] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1616.958225] do_syscall_64+0x33/0x40 [ 1616.958515] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1616.958907] RIP: 0033:0x7fc3ad0beb19 [ 1616.959199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1616.960585] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1616.961365] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1616.961983] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1616.962596] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1616.963189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1616.963788] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 [ 1616.981033] kmem_cache_create(9p-fcall-cache) failed with error -12 [ 1616.981213] FAULT_INJECTION: forcing a failure. [ 1616.981213] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.981610] CPU: 0 PID: 19932 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1616.981625] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1616.984482] Call Trace: [ 1616.984708] dump_stack+0x107/0x167 [ 1616.984999] kmem_cache_create_usercopy.cold+0x17/0x65 [ 1616.985441] p9_client_create+0xc2b/0x11c0 [ 1616.985777] ? p9_client_flush+0x430/0x430 [ 1616.986134] ? trace_hardirqs_on+0x5b/0x180 [ 1616.986471] ? lockdep_init_map_type+0x2c7/0x780 [ 1616.986876] ? __raw_spin_lock_init+0x36/0x110 [ 1616.987262] v9fs_session_init+0x1dd/0x1680 [ 1616.987623] ? lock_release+0x680/0x680 [ 1616.987959] ? kmem_cache_alloc_trace+0x151/0x320 [ 1616.988372] ? v9fs_show_options+0x690/0x690 [ 1616.988716] ? trace_hardirqs_on+0x5b/0x180 [ 1616.989075] ? kasan_unpoison_shadow+0x33/0x50 [ 1616.989465] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1616.989857] v9fs_mount+0x79/0x8f0 [ 1616.990157] ? v9fs_write_inode+0x60/0x60 [ 1616.990480] legacy_get_tree+0x105/0x220 [ 1616.990796] vfs_get_tree+0x8e/0x300 [ 1616.991105] path_mount+0x1429/0x2120 [ 1616.991430] ? strncpy_from_user+0x9e/0x470 [ 1616.991765] ? finish_automount+0xa90/0xa90 [ 1616.992130] ? getname_flags.part.0+0x1dd/0x4f0 [ 1616.992521] ? _copy_from_user+0xfb/0x1b0 [ 1616.992883] __x64_sys_mount+0x282/0x300 [ 1616.993226] ? copy_mnt_ns+0xa00/0xa00 [ 1616.993554] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1616.993997] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1616.994426] do_syscall_64+0x33/0x40 [ 1616.994745] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1616.995164] RIP: 0033:0x7f0b176ffb19 [ 1616.995472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1616.996867] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1616.997498] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1616.998088] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1616.998672] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1616.999257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1616.999847] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1617.000461] CPU: 1 PID: 19931 Comm: syz-executor.1 Not tainted 5.10.222 #1 [ 1617.001480] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.002680] Call Trace: [ 1617.003080] dump_stack+0x107/0x167 [ 1617.003615] should_fail.cold+0x5/0xa [ 1617.004188] ? create_object.isra.0+0x3a/0xa20 [ 1617.004861] should_failslab+0x5/0x20 [ 1617.005419] kmem_cache_alloc+0x5b/0x310 [ 1617.006019] create_object.isra.0+0x3a/0xa20 [ 1617.006663] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1617.007403] kmem_cache_alloc+0x159/0x310 [ 1617.008029] __kernfs_new_node+0xd4/0x860 [ 1617.008640] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1617.009351] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1617.010119] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 1617.010892] ? entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.011670] kernfs_new_node+0x18d/0x250 [ 1617.012289] kernfs_create_dir_ns+0x49/0x160 [ 1617.012922] sysfs_create_dir_ns+0x127/0x290 [ 1617.013570] ? sysfs_create_mount_point+0xb0/0xb0 [ 1617.014265] ? rwlock_bug.part.0+0x90/0x90 [ 1617.014890] ? do_raw_spin_unlock+0x4f/0x220 [ 1617.015532] kobject_add_internal+0x25e/0xa30 [ 1617.016208] kobject_init_and_add+0x101/0x160 [ 1617.016863] ? kobject_create_and_add+0xb0/0xb0 [ 1617.017551] ? wait_for_completion_io+0x270/0x270 [ 1617.018243] ? kernfs_name_hash+0xe7/0x110 [ 1617.018871] ? kernfs_find_ns+0x256/0x380 [ 1617.019479] sysfs_slab_add+0x172/0x200 [ 1617.020078] __kmem_cache_create+0x3db/0x520 [ 1617.020724] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1617.021462] p9_client_create+0xc2b/0x11c0 [ 1617.022084] ? p9_client_flush+0x430/0x430 [ 1617.022704] ? trace_hardirqs_on+0x5b/0x180 [ 1617.023334] ? lockdep_init_map_type+0x2c7/0x780 [ 1617.024041] ? __raw_spin_lock_init+0x36/0x110 [ 1617.024711] v9fs_session_init+0x1dd/0x1680 [ 1617.025348] ? lock_release+0x680/0x680 [ 1617.025933] ? kmem_cache_alloc_trace+0x151/0x320 [ 1617.026639] ? v9fs_show_options+0x690/0x690 [ 1617.027288] ? trace_hardirqs_on+0x5b/0x180 [ 1617.027929] ? kasan_unpoison_shadow+0x33/0x50 [ 1617.028608] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1617.029360] v9fs_mount+0x79/0x8f0 [ 1617.029901] ? v9fs_write_inode+0x60/0x60 [ 1617.030528] legacy_get_tree+0x105/0x220 [ 1617.031133] vfs_get_tree+0x8e/0x300 [ 1617.031690] path_mount+0x1429/0x2120 [ 1617.032262] ? strncpy_from_user+0x9e/0x470 [ 1617.032549] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1617.032901] ? finish_automount+0xa90/0xa90 [ 1617.032921] ? getname_flags.part.0+0x1dd/0x4f0 [ 1617.032943] ? _copy_from_user+0xfb/0x1b0 [ 1617.035459] __x64_sys_mount+0x282/0x300 [ 1617.036067] ? copy_mnt_ns+0xa00/0xa00 [ 1617.036644] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.037402] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.038152] do_syscall_64+0x33/0x40 [ 1617.038693] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.039432] RIP: 0033:0x7f0d74438b19 [ 1617.039972] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.042646] RSP: 002b:00007f0d719ae188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1617.043746] RAX: ffffffffffffffda RBX: 00007f0d7454bf60 RCX: 00007f0d74438b19 [ 1617.044794] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1617.045828] RBP: 00007f0d719ae1d0 R08: 0000000020000280 R09: 0000000000000000 [ 1617.046862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.047901] R13: 00007ffdbf0f3ddf R14: 00007f0d719ae300 R15: 0000000000022000 04:59:36 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 13) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) 04:59:36 executing program 6: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) [ 1617.073346] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:59:36 executing program 7: r0 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r0, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r3, 0xc018937b, &(0x7f00000003c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYRES32, @ANYRES32=0xee01, @ANYBLOB="2e2f66696c65300030ccab33c49e3f8b282cac8e765e965c0b5166cc2607a986f04c33bb05a1fb5ee7143b3a747ec28a052c1322bd88568ce23f7dd2b73461f4667b12f1a433a86fe44c53a5f8d0d7a40016db7d9a512b5f95081f86cfcad51ad4f283c223ca107e9a8ace2b1661016b0c051e0f80f009960489ffd633cea85a135ef32ed3a690fea7db4fa1471dd86f84a5a4a27b05d9b7ec01ff184b8962120fec234eeb5c1af02e1d25c1161843a412c4979a3faf673d30d59dfeda43340ffa0d63267c01dedd23a45eed76d55da9fa4dc2ead272afe1f6273eef91c151c972bce501ac7b3df3546fbbad"]) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x550c, 0x20000000) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) (fail_nth: 10) [ 1617.104982] FAULT_INJECTION: forcing a failure. [ 1617.104982] name failslab, interval 1, probability 0, space 0, times 0 [ 1617.105945] CPU: 0 PID: 20011 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1617.106498] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.107176] Call Trace: [ 1617.107399] dump_stack+0x107/0x167 [ 1617.107700] should_fail.cold+0x5/0xa [ 1617.108024] ? create_object.isra.0+0x3a/0xa20 [ 1617.108404] should_failslab+0x5/0x20 [ 1617.108718] kmem_cache_alloc+0x5b/0x310 [ 1617.109034] create_object.isra.0+0x3a/0xa20 [ 1617.109396] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1617.109879] kmem_cache_alloc_trace+0x151/0x320 [ 1617.110267] cgroup_init_fs_context+0x47/0x3e0 [ 1617.110604] ? css_killed_work_fn+0x610/0x610 [ 1617.110977] alloc_fs_context+0x4fd/0x840 [ 1617.111288] path_mount+0xaa3/0x2120 [ 1617.111607] ? strncpy_from_user+0x9e/0x470 [ 1617.111943] ? finish_automount+0xa90/0xa90 [ 1617.112316] ? getname_flags.part.0+0x1dd/0x4f0 [ 1617.112666] ? _copy_from_user+0xfb/0x1b0 [ 1617.113009] __x64_sys_mount+0x282/0x300 04:59:36 executing program 3: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) (fail_nth: 82) [ 1617.113311] ? copy_mnt_ns+0xa00/0xa00 [ 1617.113689] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.114080] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.114461] do_syscall_64+0x33/0x40 [ 1617.114741] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.115116] RIP: 0033:0x7ff607b46b19 [ 1617.115399] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.116900] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1617.117467] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1617.118042] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1617.118569] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1617.119091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.119672] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1617.123669] FAULT_INJECTION: forcing a failure. [ 1617.123669] name failslab, interval 1, probability 0, space 0, times 0 [ 1617.125481] CPU: 1 PID: 19985 Comm: syz-executor.7 Not tainted 5.10.222 #1 [ 1617.126489] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.127688] Call Trace: [ 1617.128091] dump_stack+0x107/0x167 [ 1617.128630] should_fail.cold+0x5/0xa [ 1617.129202] ? alloc_fs_context+0x57/0x840 [ 1617.129831] should_failslab+0x5/0x20 [ 1617.130389] kmem_cache_alloc_trace+0x55/0x320 [ 1617.131063] alloc_fs_context+0x57/0x840 [ 1617.131659] path_mount+0xaa3/0x2120 [ 1617.132217] ? strncpy_from_user+0x9e/0x470 [ 1617.132865] ? finish_automount+0xa90/0xa90 [ 1617.133493] ? getname_flags.part.0+0x1dd/0x4f0 [ 1617.134177] ? _copy_from_user+0xfb/0x1b0 [ 1617.134781] __x64_sys_mount+0x282/0x300 [ 1617.135374] ? copy_mnt_ns+0xa00/0xa00 [ 1617.135959] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.136748] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.137494] do_syscall_64+0x33/0x40 [ 1617.138053] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.138070] RIP: 0033:0x7fc3ad0beb19 [ 1617.138990] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.139001] RSP: 002b:00007fc3aa634188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1617.139031] RAX: ffffffffffffffda RBX: 00007fc3ad1d1f60 RCX: 00007fc3ad0beb19 [ 1617.142456] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1617.143496] RBP: 00007fc3aa6341d0 R08: 0000000020000280 R09: 0000000000000000 [ 1617.144547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.145580] R13: 00007ffec6a55e5f R14: 00007fc3aa634300 R15: 0000000000022000 [ 1617.147551] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 04:59:36 executing program 6: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:36 executing program 4: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) ioctl$SNAPSHOT_PREF_IMAGE_SIZE(r2, 0x3312, 0x8) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000540)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="e80100003b00100025bd7000ffdbdf251b00000021017f80dccd32ac50b3ef0decd101596c2b7affe5d8b4aab9550bebd8b69c7e9591ff5680b9ff4b04cfc7dae09b636713dafa2fc3a046f1489eaedb193b407393ebd7fe125b8c7ce2bd2276ee1ed0c4f6dd5dde8dff444b93e955acc94fc33109abecdc8895a5a6ce143ffb3ab5ad464de67c10a9d0c27682839e7871bd33b3301406721c65c0b4b5acab9950b6cc7f36376d34c88618d776ebead551d72639eaed0791a11015093c509ccf18acbaf11eb9a8165571352991b828cfdb", @ANYRES32, @ANYBLOB='\b\x00;', @ANYRES32], 0x1e8}}, 0x4008040) 04:59:36 executing program 6: syz_mount_image$ext4(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000380)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) 04:59:36 executing program 2: ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000340)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_mount_image$ext4(0x0, &(0x7f0000000480)='./file0\x00', 0xffffffffffffffff, 0x9, 0x0, 0x80080, 0x0) readlinkat(r1, &(0x7f0000000180)='./file0\x00', &(0x7f0000000380)=""/137, 0x89) openat(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x40c000, 0x8) mount$cgroup(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={[{@subsystem='freezer'}]}) (fail_nth: 14) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000140), 0x40001, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffe3) fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x8, 0x7) openat(0xffffffffffffffff, &(0x7f0000000200)='./file0\x00', 0x18000, 0x88) ioctl$AUTOFS_IOC_ASKUMOUNT(0xffffffffffffffff, 0x80049370, &(0x7f0000000300)) r2 = fsmount(0xffffffffffffffff, 0x1, 0x71) mq_open(&(0x7f0000005c00)='-@\x00', 0x0, 0x0, 0x0) ioctl$SNAPSHOT_GET_IMAGE_SIZE(r2, 0x8008330e, &(0x7f0000000000)) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_RELOAD_REGDB(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x14, r4, 0x1}, 0x14}}, 0x0) sendfile(r3, r0, &(0x7f0000000440)=0x7, 0x6ee7) [ 1617.213942] FAULT_INJECTION: forcing a failure. [ 1617.213942] name failslab, interval 1, probability 0, space 0, times 0 [ 1617.214889] CPU: 0 PID: 20053 Comm: syz-executor.2 Not tainted 5.10.222 #1 [ 1617.215394] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.216067] Call Trace: [ 1617.216351] dump_stack+0x107/0x167 [ 1617.216680] should_fail.cold+0x5/0xa [ 1617.216982] ? kernfs_get_tree+0x76/0x8d0 [ 1617.217302] should_failslab+0x5/0x20 [ 1617.217619] kmem_cache_alloc_trace+0x55/0x320 [ 1617.218007] kernfs_get_tree+0x76/0x8d0 [ 1617.218303] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 1617.218325] ? wait_for_completion_io+0x270/0x270 [ 1617.218346] cgroup_do_get_tree+0x10b/0x760 [ 1617.220295] cgroup1_get_tree+0x4db/0xe50 [ 1617.220639] vfs_get_tree+0x8e/0x300 [ 1617.220927] path_mount+0x1429/0x2120 [ 1617.221228] ? strncpy_from_user+0x9e/0x470 [ 1617.221586] ? finish_automount+0xa90/0xa90 [ 1617.221954] ? getname_flags.part.0+0x1dd/0x4f0 [ 1617.222307] ? _copy_from_user+0xfb/0x1b0 [ 1617.222619] __x64_sys_mount+0x282/0x300 [ 1617.222925] ? copy_mnt_ns+0xa00/0xa00 [ 1617.223252] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.223656] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.224084] do_syscall_64+0x33/0x40 [ 1617.224366] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.224373] RIP: 0033:0x7ff607b46b19 [ 1617.224385] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.224402] RSP: 002b:00007ff6050bc188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1617.227363] RAX: ffffffffffffffda RBX: 00007ff607c59f60 RCX: 00007ff607b46b19 [ 1617.227892] RDX: 0000000020000040 RSI: 0000000020000080 RDI: 0000000000000000 [ 1617.228419] RBP: 00007ff6050bc1d0 R08: 00000000200001c0 R09: 0000000000000000 [ 1617.228947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.229467] R13: 00007fff6f220ecf R14: 00007ff6050bc300 R15: 0000000000022000 [ 1617.249370] FAULT_INJECTION: forcing a failure. [ 1617.249370] name failslab, interval 1, probability 0, space 0, times 0 [ 1617.250236] CPU: 0 PID: 20046 Comm: syz-executor.3 Not tainted 5.10.222 #1 [ 1617.250753] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1617.251360] Call Trace: [ 1617.251559] dump_stack+0x107/0x167 [ 1617.251834] should_fail.cold+0x5/0xa [ 1617.252138] ? create_object.isra.0+0x3a/0xa20 [ 1617.252481] should_failslab+0x5/0x20 [ 1617.252767] kmem_cache_alloc+0x5b/0x310 [ 1617.253076] create_object.isra.0+0x3a/0xa20 [ 1617.253405] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1617.253781] kmem_cache_alloc+0x159/0x310 [ 1617.254098] __kernfs_new_node+0xd4/0x860 [ 1617.254412] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 1617.254768] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1617.255130] ? wait_for_completion_io+0x270/0x270 [ 1617.255490] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 1617.255886] kernfs_new_node+0x18d/0x250 [ 1617.256201] __kernfs_create_file+0x51/0x350 [ 1617.256533] sysfs_add_file_mode_ns+0x221/0x560 [ 1617.256884] internal_create_group+0x324/0xb30 [ 1617.257226] ? sysfs_remove_group+0x170/0x170 [ 1617.257559] ? kernfs_name_hash+0xe7/0x110 [ 1617.257882] sysfs_slab_add+0x188/0x200 [ 1617.258182] __kmem_cache_create+0x3db/0x520 [ 1617.258513] kmem_cache_create_usercopy+0x1db/0x2f0 [ 1617.258891] p9_client_create+0xc2b/0x11c0 [ 1617.259353] ? p9_client_flush+0x430/0x430 [ 1617.259669] ? trace_hardirqs_on+0x5b/0x180 [ 1617.260002] ? lockdep_init_map_type+0x2c7/0x780 [ 1617.260360] ? __raw_spin_lock_init+0x36/0x110 [ 1617.260707] v9fs_session_init+0x1dd/0x1680 [ 1617.261028] ? lock_release+0x680/0x680 [ 1617.261332] ? kmem_cache_alloc_trace+0x151/0x320 [ 1617.261689] ? v9fs_show_options+0x690/0x690 [ 1617.262040] ? trace_hardirqs_on+0x5b/0x180 [ 1617.262368] ? kasan_unpoison_shadow+0x33/0x50 [ 1617.262712] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1617.263089] v9fs_mount+0x79/0x8f0 [ 1617.263355] ? v9fs_write_inode+0x60/0x60 [ 1617.263701] legacy_get_tree+0x105/0x220 [ 1617.264014] vfs_get_tree+0x8e/0x300 [ 1617.264300] path_mount+0x1429/0x2120 [ 1617.264615] ? strncpy_from_user+0x9e/0x470 [ 1617.264940] ? finish_automount+0xa90/0xa90 [ 1617.265284] ? getname_flags.part.0+0x1dd/0x4f0 [ 1617.265636] ? _copy_from_user+0xfb/0x1b0 [ 1617.265978] __x64_sys_mount+0x282/0x300 [ 1617.266283] ? copy_mnt_ns+0xa00/0xa00 [ 1617.266601] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1617.266991] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1617.267408] do_syscall_64+0x33/0x40 [ 1617.267689] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1617.268173] RIP: 0033:0x7f0b176ffb19 [ 1617.268471] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1617.269936] RSP: 002b:00007f0b14c75188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1617.270549] RAX: ffffffffffffffda RBX: 00007f0b17812f60 RCX: 00007f0b176ffb19 [ 1617.271121] RDX: 00000000200000c0 RSI: 0000000020000380 RDI: 0000000000000000 [ 1617.271684] RBP: 00007f0b14c751d0 R08: 0000000020000280 R09: 0000000000000000 [ 1617.272262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1617.272824] R13: 00007ffe3fd5ef2f R14: 00007f0b14c75300 R15: 0000000000022000 [ 1617.310338] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 VM DIAGNOSIS: 05:04:36 Registers: info registers vcpu 0 RAX=ffffffff83e74f90 RBX=0000000000000000 RCX=ffffffff83e5cd8c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e75598 RBP=fffffbfff09c6450 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff85675788 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e74f9e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=000055a10644f678 CR3=000000001b108000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=007a02fe016c6c6f502e726567616e61 XMM02=000000000000000040f8290000000000 XMM03=0000060101cb91eecdfc0101039aff0f XMM04=636578650a006574616469646e616320 XMM05=746f7420636578650a006873616d7320 XMM06=0065676169727420636578650b006c61 XMM07=0a00657a696d696e696d20636578650d XMM08=007a7a7566206365786509006e656720 XMM09=006574616469646e616320636578650e XMM10=6578650a006873616d7320636578650a XMM11=727420636578650b006c61746f742063 XMM12=6d696e696d20636578650d0065676169 XMM13=0073746e696820636578650a00657a69 XMM14=6578651100736465657320636578650a XMM15=0000737472617473657220726f747563 info registers vcpu 1 RAX=ffffffff83e74f90 RBX=0000000000000001 RCX=ffffffff83e5cd8c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83e75598 RBP=ffffed1001130000 RSP=ffff88800898fe70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff85675788 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e74f9e RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f4e2515c010 CR3=000000001b108000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041552d4600000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000