000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote}) 03:58:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:58:42 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1850.117501] FAULT_INJECTION: forcing a failure. [ 1850.117501] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.120416] CPU: 0 PID: 22643 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1850.122191] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1850.124336] Call Trace: [ 1850.125018] dump_stack+0x107/0x167 [ 1850.125953] should_fail.cold+0x5/0xa [ 1850.126945] ? p9_client_create+0xaf/0x1230 [ 1850.128051] should_failslab+0x5/0x20 [ 1850.129026] kmem_cache_alloc_trace+0x55/0x320 [ 1850.130197] ? find_held_lock+0x2c/0x110 [ 1850.131255] p9_client_create+0xaf/0x1230 [ 1850.132315] ? lock_downgrade+0x6d0/0x6d0 [ 1850.133379] ? p9_client_flush+0x430/0x430 [ 1850.134471] ? trace_hardirqs_on+0x5b/0x180 [ 1850.135572] ? lockdep_init_map_type+0x2c7/0x780 [ 1850.136790] ? __raw_spin_lock_init+0x36/0x110 [ 1850.137965] v9fs_session_init+0x1dd/0x1680 [ 1850.139137] ? lock_release+0x680/0x680 [ 1850.140166] ? kmem_cache_alloc_trace+0x151/0x320 [ 1850.141394] ? v9fs_show_options+0x690/0x690 [ 1850.142543] ? trace_hardirqs_on+0x5b/0x180 [ 1850.143643] ? kasan_unpoison_shadow+0x33/0x50 [ 1850.144808] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1850.146114] v9fs_mount+0x79/0x8f0 [ 1850.147039] ? v9fs_write_inode+0x60/0x60 [ 1850.148092] legacy_get_tree+0x105/0x220 [ 1850.149126] vfs_get_tree+0x8e/0x300 [ 1850.150080] path_mount+0x14ab/0x2200 [ 1850.151069] ? strncpy_from_user+0x9e/0x470 [ 1850.152178] ? finish_automount+0xa90/0xa90 [ 1850.153276] ? getname_flags.part.0+0x1dd/0x4f0 [ 1850.154485] ? _copy_from_user+0xfb/0x1b0 [ 1850.155443] __x64_sys_mount+0x282/0x300 [ 1850.156366] ? copy_mnt_ns+0xa00/0xa00 [ 1850.157253] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1850.158449] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1850.159619] do_syscall_64+0x33/0x40 [ 1850.160463] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1850.161616] RIP: 0033:0x7f4689135b19 [ 1850.162467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1850.166608] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1850.168331] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1850.169940] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1850.171559] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1850.173173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1850.174798] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1850.213915] FAULT_INJECTION: forcing a failure. [ 1850.213915] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.215351] CPU: 1 PID: 22809 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1850.216133] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1850.217070] Call Trace: [ 1850.217374] dump_stack+0x107/0x167 [ 1850.217794] should_fail.cold+0x5/0xa [ 1850.218236] ? create_object.isra.0+0x3a/0xa30 [ 1850.218756] should_failslab+0x5/0x20 [ 1850.219192] kmem_cache_alloc+0x5b/0x310 [ 1850.219654] ? mark_held_locks+0x9e/0xe0 [ 1850.220116] create_object.isra.0+0x3a/0xa30 [ 1850.220611] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1850.221185] kmem_cache_alloc_bulk+0x168/0x320 [ 1850.221706] io_submit_sqes+0x6fe4/0x8610 [ 1850.222194] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1850.222766] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1850.223313] ? find_held_lock+0x2c/0x110 [ 1850.223775] ? io_submit_sqes+0x8610/0x8610 [ 1850.224268] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1850.224814] ? wait_for_completion_io+0x270/0x270 [ 1850.225363] ? rcu_read_lock_any_held+0x75/0xa0 [ 1850.225890] ? vfs_write+0x354/0xb10 [ 1850.226320] ? fput_many+0x2f/0x1a0 [ 1850.226728] ? ksys_write+0x1a9/0x260 [ 1850.227158] ? __ia32_sys_read+0xb0/0xb0 [ 1850.227621] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1850.228215] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1850.228808] do_syscall_64+0x33/0x40 [ 1850.229229] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1850.229809] RIP: 0033:0x7ff6f30cbb19 [ 1850.230239] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1850.232327] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1850.233192] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1850.233996] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1850.234811] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1850.235614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1850.236418] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:58:42 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 20) 03:58:42 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4ab5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:42 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x74000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:42 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote}) 03:58:43 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 21) 03:58:43 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7a000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 1850.303060] FAULT_INJECTION: forcing a failure. [ 1850.303060] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.304399] CPU: 1 PID: 23152 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1850.305181] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1850.306113] Call Trace: [ 1850.306422] dump_stack+0x107/0x167 [ 1850.306833] should_fail.cold+0x5/0xa [ 1850.307265] ? create_object.isra.0+0x3a/0xa30 [ 1850.307779] should_failslab+0x5/0x20 [ 1850.308211] kmem_cache_alloc+0x5b/0x310 [ 1850.308669] ? kernel_text_address+0xf2/0x120 [ 1850.309174] create_object.isra.0+0x3a/0xa30 [ 1850.309674] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1850.310258] kmem_cache_alloc_trace+0x151/0x320 [ 1850.310786] ? find_held_lock+0x2c/0x110 [ 1850.311249] p9_client_create+0xaf/0x1230 [ 1850.311727] ? lock_downgrade+0x6d0/0x6d0 [ 1850.312199] ? p9_client_flush+0x430/0x430 [ 1850.312685] ? trace_hardirqs_on+0x5b/0x180 [ 1850.313181] ? lockdep_init_map_type+0x2c7/0x780 [ 1850.313719] ? __raw_spin_lock_init+0x36/0x110 [ 1850.314250] v9fs_session_init+0x1dd/0x1680 [ 1850.314737] ? lock_release+0x680/0x680 [ 1850.315188] ? kmem_cache_alloc_trace+0x151/0x320 [ 1850.315739] ? v9fs_show_options+0x690/0x690 [ 1850.316244] ? trace_hardirqs_on+0x5b/0x180 [ 1850.316734] ? kasan_unpoison_shadow+0x33/0x50 [ 1850.317247] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1850.317819] v9fs_mount+0x79/0x8f0 [ 1850.318227] ? v9fs_write_inode+0x60/0x60 [ 1850.318694] legacy_get_tree+0x105/0x220 [ 1850.319159] vfs_get_tree+0x8e/0x300 [ 1850.319582] path_mount+0x14ab/0x2200 [ 1850.320014] ? strncpy_from_user+0x9e/0x470 [ 1850.320500] ? finish_automount+0xa90/0xa90 [ 1850.320989] ? getname_flags.part.0+0x1dd/0x4f0 [ 1850.321517] ? _copy_from_user+0xfb/0x1b0 [ 1850.321990] __x64_sys_mount+0x282/0x300 [ 1850.322463] ? copy_mnt_ns+0xa00/0xa00 [ 1850.322907] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1850.323509] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1850.324100] do_syscall_64+0x33/0x40 [ 1850.324522] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1850.325108] RIP: 0033:0x7f4689135b19 [ 1850.325532] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1850.327617] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1850.328474] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1850.329281] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1850.330083] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1850.330894] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1850.331699] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 03:58:43 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:58:43 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4bb5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:43 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:56 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8cffffff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:56 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:58:56 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4c00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:56 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:56 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 22) 03:58:56 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x20000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 1864.260100] FAULT_INJECTION: forcing a failure. [ 1864.260100] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.261518] CPU: 1 PID: 23632 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1864.262295] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1864.263236] Call Trace: [ 1864.263537] dump_stack+0x107/0x167 [ 1864.263949] should_fail.cold+0x5/0xa [ 1864.264380] should_failslab+0x5/0x20 [ 1864.264806] __kmalloc_track_caller+0x79/0x370 [ 1864.265322] ? p9_client_create+0x41d/0x1230 [ 1864.265816] kstrdup+0x36/0x70 [ 1864.266177] p9_client_create+0x41d/0x1230 [ 1864.266663] ? lock_downgrade+0x6d0/0x6d0 [ 1864.267134] ? p9_client_flush+0x430/0x430 [ 1864.267613] ? trace_hardirqs_on+0x5b/0x180 [ 1864.268097] ? lockdep_init_map_type+0x2c7/0x780 [ 1864.268631] ? __raw_spin_lock_init+0x36/0x110 [ 1864.269147] v9fs_session_init+0x1dd/0x1680 03:58:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 13) [ 1864.269638] ? lock_release+0x680/0x680 [ 1864.270250] ? kmem_cache_alloc_trace+0x151/0x320 [ 1864.270859] ? v9fs_show_options+0x690/0x690 [ 1864.271358] ? trace_hardirqs_on+0x5b/0x180 [ 1864.271845] ? kasan_unpoison_shadow+0x33/0x50 [ 1864.272358] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.272929] v9fs_mount+0x79/0x8f0 [ 1864.273328] ? v9fs_write_inode+0x60/0x60 [ 1864.273793] legacy_get_tree+0x105/0x220 [ 1864.274252] vfs_get_tree+0x8e/0x300 [ 1864.274677] path_mount+0x14ab/0x2200 [ 1864.275109] ? strncpy_from_user+0x9e/0x470 [ 1864.275594] ? finish_automount+0xa90/0xa90 [ 1864.276080] ? getname_flags.part.0+0x1dd/0x4f0 [ 1864.276606] ? _copy_from_user+0xfb/0x1b0 [ 1864.277077] __x64_sys_mount+0x282/0x300 [ 1864.277532] ? copy_mnt_ns+0xa00/0xa00 [ 1864.277974] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.278572] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.279152] do_syscall_64+0x33/0x40 [ 1864.279574] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.280152] RIP: 0033:0x7f4689135b19 [ 1864.280570] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.282641] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 03:58:56 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r1 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0), 0x20000, 0x0) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r1) sendmsg$TIPC_CMD_GET_BEARER_NAMES(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r2, 0x400, 0x70bd2b, 0x25dfdbff, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040000}, 0x40830) sendmsg$TIPC_CMD_SET_LINK_PRI(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x30, r2, 0x800, 0x70bd27, 0x25dfdbff, {{}, {}, {0x14, 0x18, {0xc446, @bearer=@udp='udp:syz0\x00'}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x41}, 0x4010) [ 1864.283498] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1864.284438] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1864.285271] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1864.286072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.286890] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1864.308722] 9pnet: Insufficient options for proto=fd [ 1864.325211] FAULT_INJECTION: forcing a failure. [ 1864.325211] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.326688] CPU: 1 PID: 23667 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1864.327466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1864.328404] Call Trace: [ 1864.328710] dump_stack+0x107/0x167 [ 1864.329132] should_fail.cold+0x5/0xa [ 1864.329569] ? create_object.isra.0+0x3a/0xa30 [ 1864.330088] should_failslab+0x5/0x20 [ 1864.330525] kmem_cache_alloc+0x5b/0x310 [ 1864.330983] ? mark_held_locks+0x9e/0xe0 [ 1864.331443] create_object.isra.0+0x3a/0xa30 [ 1864.331940] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.332511] kmem_cache_alloc_bulk+0x168/0x320 [ 1864.333033] io_submit_sqes+0x6fe4/0x8610 [ 1864.333521] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1864.334086] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1864.334639] ? find_held_lock+0x2c/0x110 [ 1864.335107] ? io_submit_sqes+0x8610/0x8610 [ 1864.335591] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.336184] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1864.336792] ? trace_hardirqs_on+0x5b/0x180 [ 1864.337279] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 1864.337893] ? ksys_write+0x19b/0x260 [ 1864.338325] ? fput_many+0x2f/0x1a0 [ 1864.338741] ? ksys_write+0x1a9/0x260 [ 1864.339171] ? __ia32_sys_read+0xb0/0xb0 [ 1864.339634] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.340223] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.340807] do_syscall_64+0x33/0x40 [ 1864.341224] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.341797] RIP: 0033:0x7ff6f30cbb19 [ 1864.342215] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.344283] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1864.345146] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1864.345948] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1864.346765] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1864.347564] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.348370] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:58:57 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xc0ed0000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:57 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_open_dev$vcsu(&(0x7f0000000000), 0x800, 0x40000) openat(r0, &(0x7f0000000100)='./file1\x00', 0x80a40, 0x1a) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:57 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 23) [ 1864.500844] FAULT_INJECTION: forcing a failure. [ 1864.500844] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.502219] CPU: 1 PID: 24226 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1864.503006] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1864.503938] Call Trace: [ 1864.504242] dump_stack+0x107/0x167 [ 1864.504652] should_fail.cold+0x5/0xa [ 1864.505086] ? create_object.isra.0+0x3a/0xa30 [ 1864.505603] should_failslab+0x5/0x20 [ 1864.506033] kmem_cache_alloc+0x5b/0x310 [ 1864.506499] ? lock_downgrade+0x6d0/0x6d0 [ 1864.506966] create_object.isra.0+0x3a/0xa30 [ 1864.507458] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.508035] __kmalloc_track_caller+0x177/0x370 [ 1864.508560] ? p9_client_create+0x41d/0x1230 [ 1864.509059] kstrdup+0x36/0x70 [ 1864.509428] p9_client_create+0x41d/0x1230 [ 1864.509907] ? lock_downgrade+0x6d0/0x6d0 [ 1864.510389] ? p9_client_flush+0x430/0x430 [ 1864.510870] ? trace_hardirqs_on+0x5b/0x180 [ 1864.511360] ? lockdep_init_map_type+0x2c7/0x780 [ 1864.511900] ? __raw_spin_lock_init+0x36/0x110 [ 1864.512421] v9fs_session_init+0x1dd/0x1680 [ 1864.512911] ? lock_release+0x680/0x680 [ 1864.513369] ? kmem_cache_alloc_trace+0x151/0x320 [ 1864.513919] ? v9fs_show_options+0x690/0x690 [ 1864.514431] ? trace_hardirqs_on+0x5b/0x180 [ 1864.514915] ? kasan_unpoison_shadow+0x33/0x50 [ 1864.515430] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.516011] v9fs_mount+0x79/0x8f0 [ 1864.516412] ? v9fs_write_inode+0x60/0x60 [ 1864.516883] legacy_get_tree+0x105/0x220 [ 1864.517344] vfs_get_tree+0x8e/0x300 [ 1864.517770] path_mount+0x14ab/0x2200 [ 1864.518200] ? strncpy_from_user+0x9e/0x470 [ 1864.518694] ? finish_automount+0xa90/0xa90 [ 1864.519188] ? getname_flags.part.0+0x1dd/0x4f0 [ 1864.519718] ? _copy_from_user+0xfb/0x1b0 [ 1864.520186] __x64_sys_mount+0x282/0x300 [ 1864.520646] ? copy_mnt_ns+0xa00/0xa00 [ 1864.521088] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.521679] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.522261] do_syscall_64+0x33/0x40 [ 1864.522689] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.523261] RIP: 0033:0x7f4689135b19 [ 1864.523690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.525752] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1864.526629] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1864.527431] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1864.528228] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1864.529025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.529823] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 03:58:57 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4cb5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:58:57 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2f2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:58:57 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) creat(&(0x7f0000000000)='./file1\x00', 0x80) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x1002, &(0x7f0000000040)=ANY=[]) 03:58:57 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf6ffffff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffff0000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:58:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 14) 03:58:57 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x300, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 1864.770181] FAULT_INJECTION: forcing a failure. [ 1864.770181] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.771614] CPU: 1 PID: 24723 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1864.772407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1864.773348] Call Trace: [ 1864.773657] dump_stack+0x107/0x167 [ 1864.774073] should_fail.cold+0x5/0xa [ 1864.774528] ? create_object.isra.0+0x3a/0xa30 [ 1864.775052] should_failslab+0x5/0x20 [ 1864.775485] kmem_cache_alloc+0x5b/0x310 [ 1864.775954] ? mark_held_locks+0x9e/0xe0 [ 1864.776434] create_object.isra.0+0x3a/0xa30 [ 1864.776932] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.777507] kmem_cache_alloc_bulk+0x168/0x320 [ 1864.778026] io_submit_sqes+0x6fe4/0x8610 [ 1864.778535] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1864.779104] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1864.779657] ? find_held_lock+0x2c/0x110 [ 1864.780127] ? io_submit_sqes+0x8610/0x8610 [ 1864.780618] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1864.781175] ? wait_for_completion_io+0x270/0x270 [ 1864.781731] ? rcu_read_lock_any_held+0x75/0xa0 [ 1864.782270] ? vfs_write+0x354/0xb10 [ 1864.782697] ? fput_many+0x2f/0x1a0 [ 1864.783123] ? ksys_write+0x1a9/0x260 [ 1864.783551] ? __ia32_sys_read+0xb0/0xb0 [ 1864.784018] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.784607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.785209] do_syscall_64+0x33/0x40 [ 1864.785629] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.786221] RIP: 0033:0x7ff6f30cbb19 03:58:57 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1864.786654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.788946] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1864.789825] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1864.790648] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1864.791460] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1864.792278] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.793088] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:58:57 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) ioctl$HIDIOCGUCODE(r0, 0xc018480d, &(0x7f0000000000)={0x1, 0x1, 0x21, 0x6, 0x5}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mNap,cache=fscache,dTbug=0x000000000000,nodevmap,verL,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',ner>\x00'/17, @ANYRESDEC=0x0, @ANYBLOB=',\x00']) [ 1864.839398] 9pnet: Insufficient options for proto=fd 03:58:57 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 24) [ 1864.883003] FAULT_INJECTION: forcing a failure. [ 1864.883003] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.884455] CPU: 1 PID: 25044 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1864.885268] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1864.886210] Call Trace: [ 1864.886530] dump_stack+0x107/0x167 [ 1864.886953] should_fail.cold+0x5/0xa [ 1864.887392] should_failslab+0x5/0x20 [ 1864.887831] __kmalloc_track_caller+0x79/0x370 [ 1864.888360] ? p9_client_create+0x51e/0x1230 [ 1864.888865] kmemdup_nul+0x2d/0xa0 [ 1864.889276] p9_client_create+0x51e/0x1230 [ 1864.889760] ? p9_client_flush+0x430/0x430 [ 1864.890250] ? trace_hardirqs_on+0x5b/0x180 [ 1864.890767] ? lockdep_init_map_type+0x2c7/0x780 [ 1864.891313] ? __raw_spin_lock_init+0x36/0x110 [ 1864.891839] v9fs_session_init+0x1dd/0x1680 [ 1864.892340] ? lock_release+0x680/0x680 [ 1864.892807] ? kmem_cache_alloc_trace+0x151/0x320 [ 1864.893360] ? v9fs_show_options+0x690/0x690 [ 1864.893869] ? trace_hardirqs_on+0x5b/0x180 [ 1864.894363] ? kasan_unpoison_shadow+0x33/0x50 [ 1864.894902] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1864.895483] v9fs_mount+0x79/0x8f0 [ 1864.895895] ? v9fs_write_inode+0x60/0x60 [ 1864.896374] legacy_get_tree+0x105/0x220 [ 1864.896841] vfs_get_tree+0x8e/0x300 [ 1864.897273] path_mount+0x14ab/0x2200 [ 1864.897711] ? strncpy_from_user+0x9e/0x470 [ 1864.898211] ? finish_automount+0xa90/0xa90 [ 1864.898716] ? getname_flags.part.0+0x1dd/0x4f0 [ 1864.899251] ? _copy_from_user+0xfb/0x1b0 [ 1864.899727] __x64_sys_mount+0x282/0x300 [ 1864.900198] ? copy_mnt_ns+0xa00/0xa00 [ 1864.900647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1864.901254] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1864.901846] do_syscall_64+0x33/0x40 [ 1864.902274] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1864.902865] RIP: 0033:0x7f4689135b19 [ 1864.903296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1864.905406] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1864.906278] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1864.907101] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1864.907919] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1864.908740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.909561] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 03:59:11 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 15) 03:59:11 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4db5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:11 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:11 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 25) 03:59:11 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffffff7f, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:11 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x3b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:11 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2d9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:11 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(r0, &(0x7f0000000000)='./file1\x00', 0x280c0, 0x104) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1878.625467] 9pnet: Insufficient options for proto=fd [ 1878.654702] FAULT_INJECTION: forcing a failure. [ 1878.654702] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.657994] CPU: 0 PID: 25188 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1878.659930] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1878.662031] Call Trace: [ 1878.662706] dump_stack+0x107/0x167 [ 1878.663622] should_fail.cold+0x5/0xa [ 1878.664568] ? create_object.isra.0+0x3a/0xa30 [ 1878.665690] should_failslab+0x5/0x20 [ 1878.666638] kmem_cache_alloc+0x5b/0x310 [ 1878.667663] create_object.isra.0+0x3a/0xa30 [ 1878.668759] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1878.670032] __kmalloc_track_caller+0x177/0x370 [ 1878.671212] ? p9_client_create+0x51e/0x1230 [ 1878.672328] kmemdup_nul+0x2d/0xa0 [ 1878.673218] p9_client_create+0x51e/0x1230 [ 1878.674284] ? p9_client_flush+0x430/0x430 [ 1878.675348] ? trace_hardirqs_on+0x5b/0x180 [ 1878.676415] ? lockdep_init_map_type+0x2c7/0x780 [ 1878.677595] ? __raw_spin_lock_init+0x36/0x110 [ 1878.678767] v9fs_session_init+0x1dd/0x1680 [ 1878.679831] ? lock_release+0x680/0x680 [ 1878.680826] ? kmem_cache_alloc_trace+0x151/0x320 [ 1878.682019] ? v9fs_show_options+0x690/0x690 [ 1878.683114] ? trace_hardirqs_on+0x5b/0x180 [ 1878.684164] ? kasan_unpoison_shadow+0x33/0x50 [ 1878.685274] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1878.686531] v9fs_mount+0x79/0x8f0 [ 1878.687417] ? v9fs_write_inode+0x60/0x60 [ 1878.688425] legacy_get_tree+0x105/0x220 [ 1878.689437] vfs_get_tree+0x8e/0x300 [ 1878.690356] path_mount+0x14ab/0x2200 [ 1878.691290] ? strncpy_from_user+0x9e/0x470 [ 1878.692339] ? finish_automount+0xa90/0xa90 [ 1878.693393] ? getname_flags.part.0+0x1dd/0x4f0 [ 1878.694529] ? _copy_from_user+0xfb/0x1b0 [ 1878.695553] __x64_sys_mount+0x282/0x300 [ 1878.696527] ? copy_mnt_ns+0xa00/0xa00 [ 1878.697467] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 03:59:11 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 1878.698742] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1878.700148] do_syscall_64+0x33/0x40 [ 1878.701040] entry_SYSCALL_64_after_hwframe+0x67/0xd1 03:59:11 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28101, 0x40) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000040), 0x525581) fcntl$F_GET_RW_HINT(r0, 0x40b, &(0x7f00000002c0)) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6d6d61702c6361635f653d667363616368652c64656275673d3078303030303030303030303030303932342c6e6f6465766d61702c3970323030750345ec736d61636b66737472616e736d7574653d6e6f6465766d61702c666f776e65723eec1728d804634f497d6ab2c1c9eb39d3ff8ec595cf106f1eb6ad5c22bd01e5c227c559b26960d8882457fbaa6d2a00e3e612ccbbbcf2c9", @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) [ 1878.702266] RIP: 0033:0x7f4689135b19 [ 1878.703195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.707616] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1878.709435] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1878.711132] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1878.712829] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1878.714507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1878.716214] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1878.743206] FAULT_INJECTION: forcing a failure. [ 1878.743206] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.744613] CPU: 1 PID: 25179 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1878.745425] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1878.746379] Call Trace: [ 1878.746696] dump_stack+0x107/0x167 [ 1878.747115] should_fail.cold+0x5/0xa [ 1878.747556] ? create_object.isra.0+0x3a/0xa30 [ 1878.748070] should_failslab+0x5/0x20 [ 1878.748494] kmem_cache_alloc+0x5b/0x310 [ 1878.748948] ? mark_held_locks+0x9e/0xe0 [ 1878.749401] create_object.isra.0+0x3a/0xa30 [ 1878.749896] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1878.750468] kmem_cache_alloc_bulk+0x168/0x320 [ 1878.750984] io_submit_sqes+0x6fe4/0x8610 [ 1878.751460] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1878.752018] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1878.752569] ? find_held_lock+0x2c/0x110 [ 1878.753035] ? io_submit_sqes+0x8610/0x8610 [ 1878.753517] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1878.754063] ? wait_for_completion_io+0x270/0x270 [ 1878.754604] ? rcu_read_lock_any_held+0x75/0xa0 [ 1878.755120] ? vfs_write+0x354/0xb10 [ 1878.755550] ? fput_many+0x2f/0x1a0 [ 1878.755964] ? ksys_write+0x1a9/0x260 [ 1878.756400] ? __ia32_sys_read+0xb0/0xb0 [ 1878.756894] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1878.757493] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1878.758086] do_syscall_64+0x33/0x40 [ 1878.758544] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1878.759132] RIP: 0033:0x7ff6f30cbb19 [ 1878.759560] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.761623] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1878.762477] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1878.763287] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1878.764081] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1878.764898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1878.765717] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:59:11 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffffff8c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:11 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4eb5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:11 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) (fail_nth: 1) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 1878.807035] 9pnet: Insufficient options for proto=fd [ 1878.878764] FAULT_INJECTION: forcing a failure. [ 1878.878764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1878.880468] CPU: 1 PID: 25965 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 1878.881263] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1878.882209] Call Trace: [ 1878.882522] dump_stack+0x107/0x167 [ 1878.882948] should_fail.cold+0x5/0xa [ 1878.883391] _copy_from_user+0x2e/0x1b0 [ 1878.883852] addrconf_del_ifaddr+0xc3/0x160 [ 1878.884343] ? addrconf_add_ifaddr+0x1c0/0x1c0 [ 1878.884873] ? lock_downgrade+0x6d0/0x6d0 [ 1878.885349] inet6_ioctl+0x1e1/0x290 [ 1878.885775] ? inet6_release+0x70/0x70 [ 1878.886222] ? perf_trace_lock+0xac/0x490 [ 1878.886706] ? perf_trace_lock+0xac/0x490 [ 1878.887185] sock_do_ioctl+0xd3/0x300 [ 1878.887622] ? compat_ifr_data_ioctl+0x180/0x180 [ 1878.888164] ? ioctl_has_perm.constprop.0.isra.0+0x29a/0x410 [ 1878.888823] ? __sanitizer_cov_trace_switch+0x45/0x80 [ 1878.889414] ? do_vfs_ioctl+0x283/0x10d0 [ 1878.889880] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 1878.890481] ? generic_block_fiemap+0x60/0x60 [ 1878.891016] ? lock_downgrade+0x6d0/0x6d0 [ 1878.891491] sock_ioctl+0x3ef/0x710 [ 1878.891907] ? dlci_ioctl_set+0x30/0x30 [ 1878.892362] ? selinux_file_ioctl+0xb6/0x270 [ 1878.892867] ? dlci_ioctl_set+0x30/0x30 [ 1878.893323] __x64_sys_ioctl+0x19a/0x210 [ 1878.893791] do_syscall_64+0x33/0x40 [ 1878.894218] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1878.894823] RIP: 0033:0x7f47b0ea4b19 [ 1878.895247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1878.897384] RSP: 002b:00007f47ae41a188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1878.898255] RAX: ffffffffffffffda RBX: 00007f47b0fb7f60 RCX: 00007f47b0ea4b19 [ 1878.899078] RDX: 0000000020000080 RSI: 0000000000008936 RDI: 000000000000000a [ 1878.899886] RBP: 00007f47ae41a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1878.900695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1878.901502] R13: 00007ffc2ec3e0af R14: 00007f47ae41a300 R15: 0000000000022000 03:59:11 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2da, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:11 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4fb5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:11 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfffffff6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:27 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 26) 03:59:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 16) 03:59:27 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2db, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:27 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) openat(r0, &(0x7f0000000000)='./file1\x00', 0x22000, 0x2) fcntl$setlease(r0, 0x400, 0x0) 03:59:27 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x500, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:27 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) (fail_nth: 2) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:27 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x50b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:27 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedc000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 1895.104611] 9pnet: Insufficient options for proto=fd [ 1895.112558] FAULT_INJECTION: forcing a failure. [ 1895.112558] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.115095] CPU: 1 PID: 26446 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1895.116558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.118305] Call Trace: [ 1895.118897] dump_stack+0x107/0x167 [ 1895.119668] should_fail.cold+0x5/0xa [ 1895.120481] should_failslab+0x5/0x20 [ 1895.121286] __kmalloc_track_caller+0x79/0x370 [ 1895.122246] ? p9_client_create+0x598/0x1230 [ 1895.123206] ? kfree+0xd7/0x340 [ 1895.123908] kmemdup_nul+0x2d/0xa0 [ 1895.124656] p9_client_create+0x598/0x1230 [ 1895.125556] ? p9_client_flush+0x430/0x430 [ 1895.126454] ? trace_hardirqs_on+0x5b/0x180 [ 1895.127413] ? lockdep_init_map_type+0x2c7/0x780 [ 1895.128409] ? __raw_spin_lock_init+0x36/0x110 [ 1895.129384] v9fs_session_init+0x1dd/0x1680 [ 1895.130292] ? lock_release+0x680/0x680 [ 1895.131174] ? kmem_cache_alloc_trace+0x151/0x320 [ 1895.132189] ? v9fs_show_options+0x690/0x690 [ 1895.133129] ? trace_hardirqs_on+0x5b/0x180 [ 1895.134039] ? kasan_unpoison_shadow+0x33/0x50 [ 1895.135030] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1895.136098] v9fs_mount+0x79/0x8f0 [ 1895.136851] ? v9fs_write_inode+0x60/0x60 [ 1895.137721] legacy_get_tree+0x105/0x220 [ 1895.138588] vfs_get_tree+0x8e/0x300 [ 1895.139406] path_mount+0x14ab/0x2200 [ 1895.140216] ? strncpy_from_user+0x9e/0x470 [ 1895.141124] ? finish_automount+0xa90/0xa90 [ 1895.142038] ? getname_flags.part.0+0x1dd/0x4f0 [ 1895.143050] ? _copy_from_user+0xfb/0x1b0 [ 1895.143932] __x64_sys_mount+0x282/0x300 [ 1895.144785] ? copy_mnt_ns+0xa00/0xa00 [ 1895.145607] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.146729] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.147829] do_syscall_64+0x33/0x40 [ 1895.148613] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.149691] RIP: 0033:0x7f4689135b19 [ 1895.150472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.154352] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1895.155974] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1895.157478] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1895.158996] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1895.160511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1895.162009] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1895.186847] FAULT_INJECTION: forcing a failure. [ 1895.186847] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1895.189639] CPU: 0 PID: 26457 Comm: syz-executor.4 Not tainted 5.10.250 #1 [ 1895.191122] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.192889] Call Trace: [ 1895.193462] dump_stack+0x107/0x167 [ 1895.194246] should_fail.cold+0x5/0xa [ 1895.195094] _copy_to_user+0x2e/0x180 [ 1895.195178] FAULT_INJECTION: forcing a failure. [ 1895.195178] name failslab, interval 1, probability 0, space 0, times 0 [ 1895.195922] simple_read_from_buffer+0xcc/0x160 [ 1895.195950] proc_fail_nth_read+0x198/0x230 [ 1895.195976] ? proc_sessionid_read+0x230/0x230 [ 1895.195995] ? security_file_permission+0xb1/0xe0 [ 1895.196024] ? proc_sessionid_read+0x230/0x230 [ 1895.196045] vfs_read+0x228/0x620 [ 1895.196069] ksys_read+0x12d/0x260 [ 1895.196089] ? vfs_write+0xb10/0xb10 [ 1895.196116] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.196138] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.196162] do_syscall_64+0x33/0x40 [ 1895.196191] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.209440] RIP: 0033:0x7f47b0e5769c [ 1895.210229] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48 [ 1895.214103] RSP: 002b:00007f47ae41a170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1895.215721] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f47b0e5769c [ 1895.217227] RDX: 000000000000000f RSI: 00007f47ae41a1e0 RDI: 000000000000000c [ 1895.218740] RBP: 00007f47ae41a1d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.220235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1895.221747] R13: 00007ffc2ec3e0af R14: 00007f47ae41a300 R15: 0000000000022000 [ 1895.223300] CPU: 1 PID: 26434 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1895.224785] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1895.226539] Call Trace: [ 1895.227141] dump_stack+0x107/0x167 [ 1895.227921] should_fail.cold+0x5/0xa [ 1895.228734] ? create_object.isra.0+0x3a/0xa30 [ 1895.229704] should_failslab+0x5/0x20 [ 1895.230513] kmem_cache_alloc+0x5b/0x310 [ 1895.231415] ? mark_held_locks+0x9e/0xe0 [ 1895.232287] create_object.isra.0+0x3a/0xa30 [ 1895.233228] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1895.234318] kmem_cache_alloc_bulk+0x168/0x320 [ 1895.235328] io_submit_sqes+0x6fe4/0x8610 [ 1895.236239] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1895.237282] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1895.238307] ? find_held_lock+0x2c/0x110 [ 1895.239205] ? io_submit_sqes+0x8610/0x8610 [ 1895.240134] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1895.241157] ? wait_for_completion_io+0x270/0x270 [ 1895.242189] ? rcu_read_lock_any_held+0x75/0xa0 [ 1895.243209] ? vfs_write+0x354/0xb10 [ 1895.244003] ? fput_many+0x2f/0x1a0 [ 1895.244779] ? ksys_write+0x1a9/0x260 [ 1895.245587] ? __ia32_sys_read+0xb0/0xb0 [ 1895.246457] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1895.247607] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1895.248707] do_syscall_64+0x33/0x40 [ 1895.249501] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1895.250583] RIP: 0033:0x7ff6f30cbb19 [ 1895.251402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1895.255336] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1895.256950] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1895.258464] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1895.260007] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1895.261531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1895.263075] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:59:28 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:28 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2dc, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1911.065993] FAULT_INJECTION: forcing a failure. [ 1911.065993] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.067372] CPU: 1 PID: 27166 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1911.068154] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.069096] Call Trace: [ 1911.069406] dump_stack+0x107/0x167 [ 1911.069820] should_fail.cold+0x5/0xa [ 1911.070253] ? create_object.isra.0+0x3a/0xa30 [ 1911.070769] should_failslab+0x5/0x20 [ 1911.071214] kmem_cache_alloc+0x5b/0x310 [ 1911.071676] create_object.isra.0+0x3a/0xa30 [ 1911.072171] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.072760] __kmalloc_track_caller+0x177/0x370 [ 1911.073284] ? p9_client_create+0x598/0x1230 [ 1911.073797] kmemdup_nul+0x2d/0xa0 [ 1911.074199] p9_client_create+0x598/0x1230 [ 1911.074688] ? p9_client_flush+0x430/0x430 [ 1911.075177] ? trace_hardirqs_on+0x5b/0x180 [ 1911.075678] ? lockdep_init_map_type+0x2c7/0x780 [ 1911.076223] ? __raw_spin_lock_init+0x36/0x110 [ 1911.076751] v9fs_session_init+0x1dd/0x1680 [ 1911.077245] ? lock_release+0x680/0x680 [ 1911.077705] ? kmem_cache_alloc_trace+0x151/0x320 [ 1911.078261] ? v9fs_show_options+0x690/0x690 [ 1911.078766] ? trace_hardirqs_on+0x5b/0x180 [ 1911.079269] ? kasan_unpoison_shadow+0x33/0x50 [ 1911.079796] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.080378] v9fs_mount+0x79/0x8f0 [ 1911.080785] ? v9fs_write_inode+0x60/0x60 [ 1911.081257] legacy_get_tree+0x105/0x220 [ 1911.081724] vfs_get_tree+0x8e/0x300 [ 1911.082148] path_mount+0x14ab/0x2200 [ 1911.082586] ? strncpy_from_user+0x9e/0x470 [ 1911.083085] ? finish_automount+0xa90/0xa90 [ 1911.083578] ? getname_flags.part.0+0x1dd/0x4f0 [ 1911.084114] ? _copy_from_user+0xfb/0x1b0 [ 1911.084597] __x64_sys_mount+0x282/0x300 [ 1911.085059] ? copy_mnt_ns+0xa00/0xa00 [ 1911.085505] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.086108] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.086700] do_syscall_64+0x33/0x40 [ 1911.087132] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.087718] RIP: 0033:0x7f4689135b19 [ 1911.088143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.090251] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1911.091138] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1911.091951] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1911.092767] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1911.093581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.094393] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 03:59:43 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x8100) clone3(&(0x7f0000000140)={0x80000, 0x0, 0x0, 0x0, {0x1e}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt={'fowner>', 0xee01}}]}}) 03:59:43 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2dd, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:43 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 27) 03:59:43 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 17) 03:59:43 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x5b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:43 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x51b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:43 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:43 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 1911.137951] FAULT_INJECTION: forcing a failure. [ 1911.137951] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.139318] CPU: 1 PID: 27182 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1911.140107] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.141054] Call Trace: [ 1911.141358] dump_stack+0x107/0x167 [ 1911.141779] should_fail.cold+0x5/0xa [ 1911.142225] ? create_object.isra.0+0x3a/0xa30 [ 1911.142748] should_failslab+0x5/0x20 [ 1911.143195] kmem_cache_alloc+0x5b/0x310 [ 1911.143664] ? mark_held_locks+0x9e/0xe0 [ 1911.144132] create_object.isra.0+0x3a/0xa30 [ 1911.144636] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.145224] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.145754] io_submit_sqes+0x6fe4/0x8610 [ 1911.146245] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1911.146813] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1911.147377] ? find_held_lock+0x2c/0x110 [ 1911.147842] ? io_submit_sqes+0x8610/0x8610 [ 1911.148342] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.148896] ? wait_for_completion_io+0x270/0x270 [ 1911.149448] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.149979] ? vfs_write+0x354/0xb10 [ 1911.150407] ? fput_many+0x2f/0x1a0 [ 1911.150825] ? ksys_write+0x1a9/0x260 [ 1911.151267] ? __ia32_sys_read+0xb0/0xb0 [ 1911.151740] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.152336] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.152929] do_syscall_64+0x33/0x40 [ 1911.153352] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.153941] RIP: 0033:0x7ff6f30cbb19 [ 1911.154369] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.156488] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.157358] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1911.158175] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1911.158993] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.159807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.160614] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:59:43 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x600, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:43 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x2, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:44 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x100000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:44 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 28) 03:59:44 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 18) 03:59:44 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x4b47, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:44 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2de, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1911.360181] FAULT_INJECTION: forcing a failure. [ 1911.360181] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.361549] CPU: 1 PID: 27720 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1911.362337] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.363298] Call Trace: [ 1911.363598] dump_stack+0x107/0x167 [ 1911.364013] should_fail.cold+0x5/0xa [ 1911.364446] should_failslab+0x5/0x20 [ 1911.364883] __kmalloc_track_caller+0x79/0x370 [ 1911.365405] ? parse_opts.part.0+0x8e/0x340 [ 1911.365905] kstrdup+0x36/0x70 [ 1911.366282] parse_opts.part.0+0x8e/0x340 [ 1911.366764] ? p9_fd_show_options+0x1c0/0x1c0 [ 1911.367280] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.367870] ? quarantine_put+0x8b/0x1a0 [ 1911.368327] ? trace_hardirqs_on+0x5b/0x180 [ 1911.368815] ? kfree+0xd7/0x340 [ 1911.369200] p9_fd_create+0x98/0x4a0 [ 1911.369622] ? p9_conn_create+0x510/0x510 [ 1911.370098] ? p9_client_create+0x798/0x1230 [ 1911.370598] ? kfree+0xd7/0x340 [ 1911.370992] p9_client_create+0x7ff/0x1230 [ 1911.371482] ? p9_client_flush+0x430/0x430 [ 1911.371970] ? trace_hardirqs_on+0x5b/0x180 [ 1911.372468] ? lockdep_init_map_type+0x2c7/0x780 [ 1911.373016] ? __raw_spin_lock_init+0x36/0x110 [ 1911.373544] v9fs_session_init+0x1dd/0x1680 [ 1911.374046] ? lock_release+0x680/0x680 [ 1911.374506] ? kmem_cache_alloc_trace+0x151/0x320 [ 1911.375068] ? v9fs_show_options+0x690/0x690 [ 1911.375569] ? trace_hardirqs_on+0x5b/0x180 [ 1911.376061] ? kasan_unpoison_shadow+0x33/0x50 [ 1911.376586] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.377172] v9fs_mount+0x79/0x8f0 [ 1911.377580] ? v9fs_write_inode+0x60/0x60 [ 1911.378054] legacy_get_tree+0x105/0x220 [ 1911.378518] vfs_get_tree+0x8e/0x300 [ 1911.378955] path_mount+0x14ab/0x2200 [ 1911.379387] ? strncpy_from_user+0x9e/0x470 [ 1911.379880] ? finish_automount+0xa90/0xa90 [ 1911.380371] ? getname_flags.part.0+0x1dd/0x4f0 [ 1911.380906] ? _copy_from_user+0xfb/0x1b0 [ 1911.381390] __x64_sys_mount+0x282/0x300 [ 1911.381856] ? copy_mnt_ns+0xa00/0xa00 [ 1911.382308] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.382921] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.383519] do_syscall_64+0x33/0x40 [ 1911.383947] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.384527] RIP: 0033:0x7f4689135b19 [ 1911.384950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.387067] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1911.387932] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1911.388750] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1911.389558] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1911.390372] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.391196] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1911.392071] 9pnet: Insufficient options for proto=fd 03:59:44 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x52b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1911.405260] FAULT_INJECTION: forcing a failure. [ 1911.405260] name failslab, interval 1, probability 0, space 0, times 0 [ 1911.406618] CPU: 1 PID: 27707 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1911.407414] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1911.408358] Call Trace: [ 1911.408661] dump_stack+0x107/0x167 [ 1911.409077] should_fail.cold+0x5/0xa [ 1911.409513] ? create_object.isra.0+0x3a/0xa30 [ 1911.410033] should_failslab+0x5/0x20 [ 1911.410469] kmem_cache_alloc+0x5b/0x310 [ 1911.410942] ? mark_held_locks+0x9e/0xe0 [ 1911.411407] create_object.isra.0+0x3a/0xa30 [ 1911.411904] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1911.412486] kmem_cache_alloc_bulk+0x168/0x320 [ 1911.413012] io_submit_sqes+0x6fe4/0x8610 [ 1911.413506] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1911.414071] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1911.414619] ? find_held_lock+0x2c/0x110 [ 1911.415096] ? io_submit_sqes+0x8610/0x8610 [ 1911.415591] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1911.416149] ? wait_for_completion_io+0x270/0x270 [ 1911.416701] ? rcu_read_lock_any_held+0x75/0xa0 [ 1911.417232] ? vfs_write+0x354/0xb10 [ 1911.417656] ? fput_many+0x2f/0x1a0 [ 1911.418068] ? ksys_write+0x1a9/0x260 [ 1911.418501] ? __ia32_sys_read+0xb0/0xb0 [ 1911.418975] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1911.419573] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1911.420167] do_syscall_64+0x33/0x40 [ 1911.420591] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1911.421171] RIP: 0033:0x7ff6f30cbb19 [ 1911.421596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1911.423709] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1911.424577] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1911.425392] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1911.426205] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1911.427023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1911.427835] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 03:59:44 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) pwritev2(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f0000000240)="ba43b5f51a5a9195757412f91492849b4634d82c7824be43d9141daf7684360b0bf15a145e8c8d5cbba1f050a05f46f7d4a613c2daf2dc420cd01e43e12f1f04b55de62cd92c584d6ff15d235bdc0567a2f10362483ba45bb206a4cadaccb43308c4cc6852afe3cb3d8f5db8da7b882617060a5be09f37df5a5f92db86c6fee626dca1677c3813dd3527e64a92bdb5", 0x8f}, {&(0x7f0000000400)="2b7f8367cf14f6f3a3b471c378b3588a393f5fa7e17fe1e741d976a8e72a4c85a2da1d941ad7b669cb77e70fecc0801116337b82028b32698863b2bdcda9ec115937a37dc91219f49b6aa5793c6ad426b8ca56fa71aaa3162ed93fd39fbcc17ac5f42de94d06484e22de936582146e75c9514e7469e5313bd6d00e607c6ba8443d1f0ebc0c27bc728ab417166ed6d29638cad9cd385f72483d0373c63b608afee02e74318ac9ff4149e7a638", 0xac}, {&(0x7f00000004c0)="565a1c3fa93a50f7041ac4c2b3149ad44cdceaad70b4ed28deb958b8a906997712222217501c351d9c9824c5cc187f1332b4f38bc454a1ee4bace426e8743d4492", 0x41}, {&(0x7f00000006c0)="f50fdd63fda8bb936ef44d2ee893a6aafbc337247e695563b4c0ccb9000d6c29fe5824b93d11523f0f2ed094dc04dfed64c4967bff8bd4c2e63696455f7a9d4f002be51c725a44f4cb0624bf20dd165e67c2b4ba593096c9f9612e1609ea109c1ebe23bb099488189efa7deb7abe473ea85093f44cfdd233ac898798c22469acb1cc995fb7e876f8aa78242ca12b942747e61fd37e8cc0c2e01e3bcc5afe049e3de7164fdf6b4d8d2527b1ffbebf699e431131a51f8bd7c5a49cc28e4422aa0aa1bd1f4b8fea60b2b64f870447d4cd6f414a4176b7", 0xd5}, {&(0x7f00000007c0)="f743cedd8a41f7443f062a623bd7cdeb3d454dce4f3e9b46d694f5493b4c0ea9fcd824716e47127f18210f42de9b4d446ddf49e45755ce1fb2381bae824089ebb373a9aa14146dd20349332982a2c431681c63bebc6355a8cd590a2b5d08ec1ef34236946144578ed1300126d9b8654f4a0c4d9d", 0x74}, {&(0x7f0000000940)="3c86e08645ae4de10bf3b22d006088594e7144f8dba1a3c2537e5253da42886d786c32b5175fbd054b9151520724b91eef1f28327b3626737a1bd7d50d3b9d41fec68882032a2ecf85e56af93543d4a61629d218885be23e7d90890b4c2591a2816850000aea4910c7c990fcd7b78915640feeb548d3f9caaa65615e3d54394f9458a7066d6d6d7dc534cabdfdcd982242d9277c7c4d875ae0f162eb121baa4fb35067c29cecefefe3591317e4061918687f35073e873ec0d5e45d6222519cbb4309e120518cc64286c191219f3e7394785a032f20c846023cff4e48f587fec2de86f17112e2db5a6e38029375e1df7aa6c40377a7c482ceb8377355694954d01be3721e4dd3bddf4ec38850e0917d91514b644383ed6ae150ff40e0159406335412a9697745f60777144b0c53e8afb26cd091ebf228b2fd157a61e52e0c03a682b3b6a331060ae85ab0b21d3487d8ec4229aca4f45e6f229b8c0929191359320ed9de8c72b9f1ab38debea01437362ec0408c0b099f7362afc1477b7696ffc8beb4a3e30145a52d7734ecf92061bee60060f107bd55e466283e58f75e2861c06929f8fafb090d493aff2c2f45111f488d9b67b7a108397d150b0b12d6a370b85b7ab1db26ca5e046571a7eca745fba75d00292db03bec78f9d5489568730be3d6c39b7ae66b49bbfa7fcd2bd2367f4302e4b053ade9afc697b386d1e3b47d26503aba4cb2f4d32bca905ce4c3b05bd4e83df2b5fce921014c2d0d6ca7355f9d43896713c5c3775595c3a8eaf52a01d8369d46d2ec1909277094770ac9b73d577fc5dabc49fa15d0f057b1f64773639278b2b4dc7cea6b593366fe4f6df0e2147322aff253423f7a154db9098aa26ca8a452d1b92e157c45298b3299e39da5ae9af3f5a36bc7a4bef300134fa030b4eee8e6e71e1928b920494f09fa35bea3bcad89e2f532ec25694c93378e3a32cf78ea3c418155dd488adac40a7955d7b3a1b1dd9c72a2ea190047a607e2ca60b9d4c84a2ff9ae2095096ac7d0e440e1948fff0506969b1db9b2adc492456201964ebcfe3f18c76dc62aac5d6bdf477d8633946aa64d3f9dd99320abcb6ad8fccce5a58641f9d4f1b4a81027f37f35606c9edeca5e4341c32ba7c2dd4facaa1bcad7f846b987dc0cc6b454e30b9e72f4eddf5f280f58b5c77478607228edeba831e31c823c8281cbc8cd0863ad1a409c437f75ead001af3ac9b91dbbb7dee0eb813360d76633dfbe238f7a562ecf9e90d5c1bb4dbc48fe241df45975978681924f117e2bdfe8cc1dc5ba3955e6425ca4d737a29e8a1824231113d1fb6c3e810daae5e5592ed753a10fc0f555bd51a19465dd51c8c9b33b4789816998641eb18b0573e13de9a611154cc8c18e227e79c92978896b2d313f544e0d3d57c1f046fec795eff00cc4ec7f84e2f006bbf06ec4c20077b5f93a22d4b70029d98cb0f066c513cefb214855791aef9e2bbea10e48b5285f576168c332f61a1ab7139bc43107c99f07f70e7f2e3c257c0b72b720b6fea19b94c09ff325c7c033210fded4f137efc30f7bbd42648e0c2be6440ba168ce821dd6cfef7654f7935d654871ca9b702cbd68a0cdead13b16e72a285e134089c5bdc7eb2bf75713b853224023fa9f690c5f0220a862084c8d88d07f603dbfeaced659e828e3e1eeb512ea4c2db5c0364fea567b0703907d447acf4bd92e64221e07954b8219921c250eaf5f47f40e3c09302382f7c9b78db20c9b3248bb563aa066d6e1546eb6d440c9d5dec2af2eb8115f70894659f874975c4751f6afe9ba741ed2e53eb012e8d0752895f6233d3cac3cb9374f186a5f91c53353e187a30777f16b6dc3336e796196a60e8802c71d7d728f511089593c60e1ea9c547c59c106cea69e922c39e0e9e90f50d5b9b604bb9fdaad880db950741d9f01565b5b24cb596a5cbb5a1cf8aeb7f6501c086e4e74085fcfa3e02bfc07ba50e57ed2373a4ff61bace2911678fef337d7d27add18810b764fc738bd0b689b5fc0b318e77ec8346f5bd570d680ac00b0be6b086ea2065113db6af4abaef719bf048ccaf840ac3aba582a41cd4a9b0031ae2cc4b09882f66dc82b403c22967b3d7efdd7c9d0f757ed6c801be7abe728a421b4da0a67b8cc45bead7233700d96af173b6686655aafe989ae6a6a0c4692c885d3045acfa0ce4ca938e0c0d3de26337a378a881b8e75056d7296a1ebc92a2952046d8d17e8b4da127ed980373bf0b82587522b40a7e99fc09065d7667ab7a2dbe35343eeb1f7db6a8b11b11bd1f0a400bf997bb67c709815cf5dc5ba794eaa4ff2bc216ff3c77bb3b234750c96da75985e64bd96aecb6ac893d6d74516bfceebaaafda00d956ed2a2b10cd3cf50966eff788787eb316cc1643ec007e3f89ab3d95a44fd742d7b02c9d3afee3ab9244bb5fd4d6f1c0dd210252beeb3f0c5d6131cf283a25fd14da8843fb7de432c6288fc16c4d75564ae199c08353f576b9bc61789c41d62ff97895cf88687534b8a7045f73c5d93d12b56ea28f61e982f7e3ddccfb9dd64fb12af18d3ee8af8615dda2b4382678d7361acec3cbfce5e18d857a6e45c6924cb2f7fc372a2454f8645d720d5aa72d7ebf952f8034adc00010cf7ad4b50a3c9f1872e61989da6ec2c108998acc0db80d83dd191b9dfa8190fa859a23fcd527f335a8e72e3abc577fada18cd796c498615e353fe621aed7a23de9fe9a26823b093d1c7a51ec133727005b22680371e1cf7ff4805664f1b725045a3ba8ad8d331e8ec45523fd3c749cde8b0199f1c81b31ad346b87ba32ad9aa1e361c3ce224afa20acc4e37dbaf2fa5d42df030662891b19c0bc195a747bd7699dfb099f85cf81cc99a8d17e8ebb91d57a6f79601b090b9e544d06a6091475e476120dce16cb2a51ed1f624d3e580242fc6fa7c53b49100a0a55325b8883b0b7c30a6765d1a96e45ff460f00ee93601f0b82523716bee9391f77181ed50b7c9c86114d17c160f9c47e43a1b4a5bb57b0280ae15b1b65ec88a12150849620018b47db9de49cae875a2d16f9dc70d8a7c374bc25ab18649df9a31a7ecf268582a9ffa6f964aead4d3b70b3186758eac75a637050c6662924a9feade028528deec9db3f75abf222d8aaea7f91077fc3a7ca0419d423640aa4b7a494b2e9b7b6c2472e7ebebb61bce3ac60e69ffdc6c988103a41c68164d11664e8409bbac3d1b2c848ec8fde073be00844eccce79669843e589584821e38e64ee2dd95d2fcce453c131013c9375ee1bbcbf2880589b4a7baa0d5e6e4bfd7a84b543fdd4e8d4ab56473cc98e2ea395dea924e51b03fba4ad9478576b4da27f350debfc962f5644c1c80841f930e45b861cfee0081930ac324a1e58512f0ff72af3220d2029d27b23a8df4057e316a16177a2f5f38331c36df2dfc13c35c73e4a229f0e2f6c151652d3ee202eb3d641694f6da45a2241eeadf1b0d00a1922c6ce36bf1e8c52759fa97d537265b030541968f1837ba97154ff763660c8364ffa6b6c4061d8b8910bd2c642716aa4b58404d9ed2ce6e40376464d305148254c21a18eb47084ed46907710ed46848bc6e0f33df392caff2ead20eebb0ef00bfd7bbd4899a50be9ebc6ddf7a004312b63cc7aaa306dad24699acd13dad01dce4680b152653adbbb323568a1b64a3092fb9f7551037bd984087a7f74377d3fa6b06531ea6aca8c62b1724e8d45125fc845bf38df8b03d581e863ac68cf9e43b9c19e40dafd5940a9509ef3937afb49bdd1b5160ce956e115ba06aafaa35ba41c84175216dac8ae8bce4d3fae99561e46ccbb8e3e838f1d089217170b0901a18aa279d350b0ff81baea1bb71f16925c2018cf0eb260da68d817f0923a1b79241c0ef8ee3b7df9ccdda98a196d2004aa832ec5ad4ccbde28d6331d432e88ad32e0ee851e3671da2f5f4c2e1640acd69c230a1fd8bcc03ae60389cc46ae25f9ace71e0170de1bf617f3ce0b4ae4d605ce2229781a6541aa2d081458671f84e24a81c5af36b3e55ef918809e0da4ffc686399c7146cfcc65074843b3490cce1e508db461edf95acf2806af34ff0e4d255da364c0f970a73933f2fb0557c7d59d343346aa9d66a8e823a2664c34dd69fc31b997ed5b0ff37da1dbe3dc48f0f1e9473728666a5a0ace3fb5b1004dd7b4217a57b262b076fbf5dcaa207bd1b7f60493c0b601c97a3b29be635d53ef1f4cf24295d62886c230c908c2571c55c57777b16c2743b230cf91043b534b99717a735c4acd70708121718d0ea1077ce93e6c4a71b168e83c4aeb3a4dfc85e1214eb751192247d47bdadc0c714dfa2fd710a6ffcef9d84697db4c9d6ba333399a209bb9dd4b377a626197af9948cd8171459e4c1e2c94e45ad71a62ce13f72eb990ef970005ca8923e0dc42fc9ed6db4df647fbc25b4e0ffb4041425dd8cad4265342aa277ea79fe18c25be46a3c013aa1d4d315b1f22198325b3132fb9d8fcf7dc16b8a80fc154ddd4460c9d3d33501fad87ca884a594fc04adf28e4115c7e0f4b327c32d6adc77dc5d452483030848554f3c83abcf44d2b4178588e1c6ef926ca55cce98ffed1547e00bb96d6f9ccaebd80ac042426f3842b816269614abfd0c0b13593113d40ab87a0a6be41fe363ccd2e9fd0521f875b59dffd5b4be0b6063f4cb3073d3fa77bcb57f3cc550390ea32f031f382f5a8856b6c86e68cf50936697cd7188e088aa7623424a55c456d550344b7b8d63962f86c2e654913522aa175e0116ad3c9d1a0390ff095eb5715b756c3c0759523f10b0e103b9f2aa5178824926af5e233fac0362654dc2a1f68fa200029c828ef85bbe7a4198c51feb4e9bfeb6f5ac339975b2d52bb378810e881ea16988e4746854a2cdd6e9d2b4ad84fd633b156f981190c2552177c975a693c2dabc030a4c497123cfdeaf17d2f4ed1bab2973cfba664f454757b53936436deb40e8913942d658a3ca1a311d30bc736aaef4a43f18f26f6f1dd5d5635aa3bb1ba07f86df98b875b69c76657ce9fd5fa5e4786423312967341267a2dc72d98bc1ad30d7918f6a9d29579cb41203412ddec7586182c19c7d95e743ede02e2ca80be1ad8fe5c30394a38667f87e0e5b6e7c86f9f753956ca9469f93d0650804b691db061d2c3cc062c9b634ded2bcc88646ea7ece2cd69afdbd70a8179894a7c383f145164ce28cbd61cd392080f53b98995d9dd74ffa341f743873d6249d36ffa77fbf98bffb7946e758010df3ea6ca896171269e48d07a66266fd9fd640688de87c1f61ca5098c595d77afe0376b80cc8ec7c33ee844b62347fb348ec180d95c1eec0db65f05399aa777a5252c906c02e56ca698d4e8fb49c0393ee045331b74ce7567849d314f61c62ab17eb2b3b986e4364acf0bc1095d2fcc0f969853153aee26723336803dd7fba9b4969cc0446301d7cc9d77ea4b27e35110a23aecd2d06e9889ba3f1f9de35ac0dd9018c2b38b31e3bdfa3bacdbc0faef14c17627228406584fe194b0a22474675488f706968aa5c0c79f027b37c1849f3fa2e0bcb6cb5490ab6fe865ff0b385df11e7e9280d5b5062cef6d48d02e1a3178fe4d6cb8ccde4d92b3be629bbe25b8d050c47484e5ea9956dd45c167cd7e6625fc26545e215d31f6bbb249db7876520ef4a28b8ebd70f2b7d8409fc9c28fb243c9ffa065b0ccb88ffc1e6df09dd76187968d767a89377e46d0ffe66056ed62bf2d46151246197deafddf5a2318172ec66a2b2d72f1a87fdc6115b63d64b3dd9748c92bffd722b466ef93a2d", 0x1000}, {&(0x7f0000001940)="acd8cc5d724dffd85537de9ab84925d670d57fac39ef8619aeb50badd6487d99662f3be02138dbfb8ec7b3966069fc0b827034a54746d833a41b785b2f845886146e3515c1170db9caa82f42b33f35afe952ba68fc2b16db339d085bc5ddd4b5fd05fe7039aa340daa8c789b04f5d7f772bf40139133ef08e04892f9693188489c969e3f444712c6dc2cc0a790705b752cf30e11fdd92964c6c2a995bfdf330cc4341c8beb8ccd93a14c4155215a27307d", 0xb1}], 0x7, 0x80, 0xfffffffb, 0x7) r1 = openat2(r0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040)={0x40000, 0x88, 0x15}, 0x18) fspick(r1, &(0x7f0000000180)='./file1\x00', 0x1) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) r5 = getuid() mount$9p_fd(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f00000001c0), 0x821000, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}, 0x2c, {[{@mmap}, {@debug}, {@cache_none}, {@cachetag={'cachetag', 0x3d, 'cache=mmap'}}, {@cachetag={'cachetag', 0x3d, 'fsmagic'}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'trans=fd,'}}, {@mask={'mask', 0x3d, 'MAY_WRITE'}}, {@fowner_lt={'fowner<', r4}}, {@euid_gt={'euid>', r5}}]}}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '/'}}, {@fowner_gt}]}}) 03:59:56 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:56 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file1/file1\x00', 0x8, 0x7, &(0x7f00000006c0)=[{&(0x7f00000001c0)="d9f3333bbfb4bb28313362c19f29c29e866d674651823c039a61734b10876b826d976d1f3273d79ac78c7dcba7226d9c6f3db6893cdf94d788f00280197f7df3676870fa74dcfe11332033f9d0f8521ebeae2c4892a40a1cad0e4312e5bf21b4cb9e4093bca84e7e717a3aa1e4d0744c6b4b45512ae8830360b679df7a94b3f8106885ad97c5f578cac9d8b7d0bdbb63787aa83636ddb7ea5c11d7292606f340e8f7a1d6d74aa0d2a146d5df064264a2acff468c3feb1b4cee13a80181f0ff7bfd67608492d5debf23b2e7aecf5659845fec35b8bec1e5007e041d34c1d0a68422231fba5cdfbde8d99c236ab86d5cea60", 0xf1, 0xa232}, {&(0x7f00000002c0)="d303dbd7f2a0ab5272ed201bd14e7ad8cb916270588287ab1f2dc3b98e37a239ed91fd24efaacfff25006031a6cce2e63877291e5a9cb1f51cf98533fe9ed8baa51caf005b6db0e1d0abd9ce04bc54b32df24cdb65b467484facbb99c97c460969a678ff58ad3545f748afb8f3f58bdc7814fa01d6047a3b21845be4dfdb76452355051a93b22478f64561de32e40ffff3e8cac9ba28753e7840f4382c0aff87a022782360a3918469d4e613af39e58c262c04647a922cae8064c23bd7961ecc52c6827734e0ef4f6c887d15b5209bf19d178f3fc0457a2760bf96854f930d5ddac2646a8238169a7e816a7abf5e3829f9f5ec326f", 0xf5, 0xc4}, {&(0x7f00000003c0)="c454e771f14ed69cd335f64e187d9870afab107835b66b925955f54be716202590cb2508a8004867aadbbbc3964bffdc96121d0c", 0x34, 0x3}, {&(0x7f0000000400), 0x0, 0x4}, {&(0x7f0000000440)="f8fb1e355e1a47ebdee30f2f54f84c9ff68308f49ee3579e3f049d1d6b676f6cadc6e325cf99f027fc0ad4edcc2c3ee6332c44fe6cbff487c8334c4a1a66419c64e49767994323acaff91f23715ca61e6891f174574a3c61588a1ce9cf3565287e", 0x61, 0x6e1}, {&(0x7f00000004c0)="27595f03cf7ff34136d28ceb232874f09421f34bcb4b48e1d002bb26e957cee333b61137039dc613edc379311938ef8bddcb2e00168651109fa745f311ec5538614f274bdd1b9626dce52b6f4c78356bc7", 0x51, 0x8}, {&(0x7f0000000940)="d52a1085c8fcfd7bc259e013cb964c139e4d1d281220129a07904171319c10f4331ecc16ec2bd30a0ac808d45f227e8d07ed7d1f689ca1c315501c1057e2c49191624d924322bdd117e1f1161dce55e57f2b76eb1ea34cb422759eed1fa2d25bfa944a35c98c5f1f6f6be53f3bfe10363ba757441055c0c463256e662b78315034a83cbf19882864f316fc4c79138d03f1034a393fa5342d1ec14a174c3b17914de1072b0c0c325921a624e9921bca4d42e799737297d7101aa49f696d76f8f299e408d2e36cd82de48aadd0c4e04649b7d47cf6486db3b2c20f2c565a59a2e0a6a0e7f2275f99cebec2db2df4ff501acac71d846b51e18e646b4eafeb0093b9868076afd9205e481b017123ae8b3351b16756bf052dbe39525878ad659218c3477e3c6d949a9e2750272c320f482b4fb47998f376abc1595a9dd666af2286e90f4003179de9071b82748846094dcff6004053ffefeb43d0db4ba645fe8fc0a3bc1bfeabe16dbcc94c93254afe98d889c68ceea02a1573764095fcb16443a6107ea2523200d3eb0bc440bb818338e6707f0b907fbf02c56d329f7b5d457432c2620c4b361822b56381170de90ecf430b303038a66a10aa4fc58916919758fef01cdbd7c0707c6bc5dd47e3869c9abaf65f59d88f9a16b823474acb4934a977ade2fbf729a6428dd6241fb64abfeb4b1738f1dc484bb27c839ef32804ac65dc834cf6ea079fe3a309e7c46e1e2fde41c98c136c9ad84d11f36a0e4c3d6ff76c04536c8e3f17d410f2ef648f7c4a2ba50687c1b056a584267cf37f2743b86059cbf7f96ca9e0cce422a882e8b381454863ce3baf508fd355cea719fce775f683a42111c51bfcec67062abb5e71dc4aa35ff1da4311ccf407c35a8d0556e70e8c0ba792a3dacbfe1f7d3f49695bd3e3d0adfefcc2bbcfa296015ce151126348c977d2cc9ed3a27dd3dc4f23b5992c9b5ab1eed8f76ada64d7d8d920042d8be02b3ea07a660232ca301abbabc8518fa78f39987420e7153141cfea4cad0efecdebef9f9b18f117c37bab394497445dc2ac68b12d3437cedb6fac986e370286d67c98f9401ce9557d0c9e29c2ddba1f77b31e6ae5695c9e76f3beae872ddc9427d1daad95e64f06b17af57d18df111db54123d8d063d6adcb87d3011bbbead5ed0c4ca66eb4d8b63f53e43ecfad1b43097b2492147dd8fbc25a498ef731d4b315ffcfe344ea8871ee1b70cf193cab72a947340b77d1ca48ba25b95ea368c403f50eeadd2e47d8ab6b1c58eb87c0149f135d40843f8619868d57791b15b0197e5acde0ed011460a5d6bd1975e4275a5f323fcab725cb8dbfe64eae28f669b428ed3e17ccec84d9d7972e246bfe6a02c6636af1cb8f1a9017a54071afb75c2d9535b80edceba621ba013d0610a5cd3046e53e6afa2f1bd8f3dd31ad4ab5a2ddb890850e74fd644d5a843ff0c3a65745d2c9e2adc931e687faffcdd1273f5374131d68d0f942a6dad90a3bd105910dca774f1d313486248166bed4c240486114ba9462241ed0f909183aa1abf3b7667ad62004443d83b7ff8b32c2f1d867d35a811f8cc71a7d1c1dbb9fcb420dfc1560b3f5de8be34fdec3d683e1867f1c56aba2dfae9ba19ab6e99f59ad151eee1fb3f0a8fb95ac8e85ed5dd2e70fd712cb7975f8de553af0e966e66ab0fffb04c8315ec6bd9b1b9d52a433faa4653271cb9d51e3d760dc7d41c87926ec786a876745fecb4c30f110fd51cddf5a89b170545111526f11846e69e68f372280ba19132f1165e3b60a9fa675c3510299e761b83179105c10369903bd55c6ba81d1004ece78134274e76c673eb2315c1810c7d3e326fd0883272f3419512a19897cef90e31ba35701441a2abc0c1ada261db29f0b98623ebccd4c773c44e16a0d06d88dbfd667fd14515308c8e587e639192abaed5053b9fe84596c0d7d97d0ebb4b521f2d2343df7ad84d9bb94af5d79c93bd9aa8884cf8c21c99fe57451785f9e5e2d7361e303866b047064b4272cae30d9d9f5a0fcf5a10460663b2cb0b626df852e0e82f01c716ab8c9e52841b33ef62dd87c475d96a1e00625c3924f6a747e6f1d3e479818e3d7ad4889829fe04b1cd34b6b3a0db62a5f39e8a9bcea3746117285f3646f93f3510a88f074e6b03e956a329189de46d1b81fff4b4b816b787d0fbc1864b8da14360226c2a3a375e2773bb477bcb72a0f606b463ed5e055c7167bca9a4690efd31242c04cbe929bc940d91d2519d4b134eceb3be5be4921eaccebe3e6f0d6cd39ece8246a19758fb5c3a8b645505c757111b6a1624c2478a9e071708db6330083306be0660c4a69f72a082935103a053739545fb2c6d080630bd70651f9a5b60312454a05a44813b9a70072e808c4082257640e899e56d220669753af16a5413225bc60f26defa28e8db2dfaf2d0fb836ee87d58584f483c13b0c8e8b7126e979f1bfc9fc4774d5ea90d41bbf1df534b97d8e96e7e32fb4fe393b863b1436a263b9e427457ba4f90f58dcebfaec43c4cde43a706e5b25e6ac425e9c91584779626e0ac33245f0e69de949ac0dfb3b18b69177caa0e8901cdf69de81b34309e81b1f5ebc141d306a07386bcddcecb5a273417c294f83e11356e354092e8bfc8abcd39260ff36c1e2084c841c5cf74de704d2efa67a31d3f661b611772e5992d05cde79f55394a93c8971b454968abfb628b26484329126d3e5e7bbeb45d8673b495163116bcda1f69e15abe39eb3376284508a828ee60e56199234c0494f05d859755f2df3118590ec4a2084a403d0a4c68b91c9dd893eda5743afa4b1e46b0766bac7426a34e26e4dfd15b6161041b20a4290a43d4dbfd37448be487ca3217c9fbeeef24b0e10dee5d71231273809d8a6c3201f54f632cbd89487eb6eeb08b42e86ad2099af0f63ddda1adae3efeee95a6894ce5581b065650d0688f4a6141eef64d9004d40c9db38b2b449bcc0fa344755080879fe55767b7abd5f324b80a9f37dc96c9d35341fa8c115e5920dd1ce42dbd3ddac80a1395f18089c8014d1621d07f8b14a1ea6b56d9c6a8933e683a231c824b8cb34ea7053053c4e9b277a92c96a72b043c52cf014bf04e00419899b27348d49cfb4ee8cc28af892d47581714f6c75f59b0476c419c1487a10a6c576ea1016c27a178a2f705dbbae3bd70453d4316cf7d528f236055f6de5b4ece9a240ba1979093ab54579250366b0bcc745c5508d95488660797a74bba65040ab43d304cc7791a1e130457d2bc247cd793bfd6224128d4399c0588b7436197da33fa2b55c32a58d33d09fe968a64c09d968da19319015ca579af53929c6a6e9dacd9b7efbc1e47df4c8147439f05df2625ded2b7c4d841df864cf5865b74b750f4d8e2eee38c8c21be162065da73eda86333d4d9f05239d673f23a9c51698bc2c87f494d1999ada3a861f4c1d1dcc3dce9fc18f8538d6fc9ef1a8bed2183b50caeed44593c23424d883d368c8336c01a4466fba958c7f9096f7d846a65589225c85433e13f0266ffad77a2b3977d3a376225564056a56235413a124b25138fa8d2c0539b59f88fcfbd81dc04ab3bd1c2733f4a4cb8447aa30545b2408a21ae81e4b9650d21b7c57dd7a0baf3405f6551905b93331c0881631cd7b6602cfc6177140c78e2c019bcc1df004082f251b848409f96af8c66787fc80cdb4a07eb78ebce3aa6abd6fded59dcbe3b482a669c7667a8c897046cff45cda9f27a5602967ca09210d4bd044b6e8d1f95643d3a2542a3ed43b4f88e8d726f8bb7ce141962dc3e09cd21bf487d302cc4d2a31b9bcacda1cebce951fd964b57339d395d9dec67116f4c998ff362b721a6b651e0564bbfabe6b9db231f769448144e94e5b403ecfe7224298420c21caf60fe0e327695a847a8c3cf05d0ecd246873e5b46c5d5745a8ea791cd09e4193a718de724d79b38d579678eaf865b5ec109722a14ecd47b84f6881ed9b393537f3de54b6dc179b596eb80b456e1ff21bf73c532a45abbbcc0415d0f6acd81246a12b36143da6ca6a4571348602298e02234f72ede4120527c5c413e401001ccd75a5d01b503a7ed3823438ff06f53f4e18409f5bd2e7150a3a7f580102e7b124a157cbeaed2ea2a2c86c4520d913dd77415c6d8d5c514693cdf3306ef4161ba7c6e223232e4b6f959dfacd6331bfdf6ef80676f0d7a3977a769be78f799cce2cc9e772c4f3cb41245e4271171c1d2e8f4272d11d6a7a730988ed5ad67af4134aa688a2908d35c7720d34c148bbdf7360ed9fd4f67ce396e2780e5ed58b37485343b4900381a92cf6073870b1f2cd3d323c66ebf7ad9e44a1619d2a3a1e1d3e38bf7960560d4f718d270afd0d6d2ccf2d0f3985a93fff74209caccbfb6bdd1ac9962275cbfee822dd21681b3a4dcf2c26e7c5de884d3834f6707e27d30ffe256720e39926ab013a381c6a8f982bac3171289aae72363859c969d207537b5dd2ba5ac874a45128011ac36db0198a18187fa0075a9ab0049fe26a579847bba631cd7c4a8c93a8e1d5508d37ecf6d67c129c757b82a2dabc07534008b73c41065cab51ad881d5a9e091206000c2d5f6ef8a8ccf18dd2ed5a964a456c8e415cd305ff8999b6a5c0bea5b1ddc43ce2be521a0c052369e326baf9a80edf50b6cf8fe240ae17d18eb329beb3ce47a47dafefecbb8c174a6ae1481b42ebd0d06fe81e3f579ea285f05b6998020dff505c328762bf7da9c8bb974c1f58af6aa23f1a8ef6c63cf01dac129a83eeadd99c29093902823d7bd7e228552dcac89a85ecd88e62d43fc5372b0200c58c8de8692039c5eb36ff4285e7f3f2b989a09d582ad161e4244f7c518b8ad191c782751875736e79caf6aef2b9500df4053093635cf19d5fb9aad61b97417a6fe5549edd9a714aa8541cef3870a5ad089b14a11cedf7f34988424696d3dd59908a887808bd32815575ebf0085b046fa943915f010e1410939a0097db7a0190fd5eb78b8c6855394a475bf62612f6075272a50e3330f8d9f9e0ef2947982e964f97a2db428175affddb462508a8314aa3354eb5d61e1a7d1bb6a3fedb3e36226d7a855ce8ed8c16ad82ca70c0ef6bce7221ef67d5ca5046d108471f3955f15ebe2c8d71b25e1f8eefe36611e69a90a97cfcfd0baf2760528c4537ce7e598c554c3402394c77b916c19f3b2bbce5c946a12629b823873d77feabaf5f9992376580e0949dabc657a18ef35ed425918afef22e744d7184538e3710ed6c79f0a273ea166e4bcdb02c1dc3467f885e68d07670df647b71ed9997b1c938b615e371dfe62505a43a479a28647122f0b9cc0b3723f95d8fcc831b043bb03d60955983058a6cb141788b272c8f33a15a328b7fa07367b550d2480e8707c792e789cff3cb57e0aa910409ad0b766f5b72cb225436e98f9f5a188388d25a4f88cf4263473b5caa355ae2358c1326e8a730d1c999cc6db2e6139e44c09216371b801580ae108050e52c4a931d6b53d72cb103600fea07cc0bdd2782ed01ce9dfb37a09ac34f5c4a43a1895e174c0e195d813860a2a7983705d3a93495f96d5f41c01b174e6248af257914550f9f377b54771b30de56be304b36ddc6544d67cbe37c81382b0ded9f0711767bbd5511758bc44ea246d03eb3b1f337a63f8ef2030cb7b460689602fec8cd9babb284cdb00cbd9d09d62b6986c35ecf0ba97e4cb3ee737b439e9dfea56f75053ff295cf315f301ae566780bba00159e692886e63a0abcf27405ee86c70593eb4392b7db23b6ca582f7dfc676b81c6", 0x1000, 0x1}], 0x290000a, &(0x7f0000000780)={[{@dots}, {@fat=@nocase}, {@dots}], [{@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@subj_type}, {@measure}, {@euid_gt={'euid>', 0xee00}}, {@obj_role={'obj_role', 0x3d, 'smackfstransmute'}}, {@measure}, {@obj_role}, {@subj_role}, {@subj_role={'subj_role', 0x3d, 'trans=fd,'}}]}) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000400), 0x561003, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT_RANGE(r1, 0x4018f50b, &(0x7f0000000540)={0x1, 0x8d, 0x1}) r2 = signalfd(r0, &(0x7f0000000000)={[0x3]}, 0x8) unlinkat(r2, &(0x7f0000000040)='./file1/file0\x00', 0x0) 03:59:56 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x53b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:56 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x4b49, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:56 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2df, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:56 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 29) 03:59:56 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 19) 03:59:56 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x200000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 1923.625474] FAULT_INJECTION: forcing a failure. [ 1923.625474] name failslab, interval 1, probability 0, space 0, times 0 [ 1923.628409] CPU: 0 PID: 28236 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1923.630207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1923.632365] Call Trace: [ 1923.633053] dump_stack+0x107/0x167 [ 1923.633994] should_fail.cold+0x5/0xa [ 1923.634988] ? create_object.isra.0+0x3a/0xa30 [ 1923.636184] should_failslab+0x5/0x20 [ 1923.637177] kmem_cache_alloc+0x5b/0x310 [ 1923.638228] ? legacy_get_tree+0x105/0x220 [ 1923.639322] ? vfs_get_tree+0x8e/0x300 [ 1923.640337] create_object.isra.0+0x3a/0xa30 [ 1923.641482] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1923.642798] __kmalloc_track_caller+0x177/0x370 [ 1923.644021] ? parse_opts.part.0+0x8e/0x340 [ 1923.645159] kstrdup+0x36/0x70 [ 1923.645987] parse_opts.part.0+0x8e/0x340 [ 1923.647071] ? p9_fd_show_options+0x1c0/0x1c0 [ 1923.648250] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.649607] ? quarantine_put+0x8b/0x1a0 [ 1923.650641] ? trace_hardirqs_on+0x5b/0x180 [ 1923.651776] ? kfree+0xd7/0x340 [ 1923.652643] p9_fd_create+0x98/0x4a0 [ 1923.653600] ? p9_conn_create+0x510/0x510 [ 1923.654672] ? p9_client_create+0x798/0x1230 [ 1923.655815] ? kfree+0xd7/0x340 [ 1923.656685] p9_client_create+0x7ff/0x1230 [ 1923.657792] ? p9_client_flush+0x430/0x430 [ 1923.658886] ? trace_hardirqs_on+0x5b/0x180 [ 1923.660009] ? lockdep_init_map_type+0x2c7/0x780 [ 1923.661247] ? __raw_spin_lock_init+0x36/0x110 [ 1923.662434] v9fs_session_init+0x1dd/0x1680 [ 1923.663517] ? lock_release+0x680/0x680 [ 1923.664444] ? kmem_cache_alloc_trace+0x151/0x320 [ 1923.665527] ? v9fs_show_options+0x690/0x690 [ 1923.666465] ? trace_hardirqs_on+0x5b/0x180 [ 1923.667454] ? kasan_unpoison_shadow+0x33/0x50 [ 1923.668510] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1923.669681] v9fs_mount+0x79/0x8f0 [ 1923.670499] ? v9fs_write_inode+0x60/0x60 [ 1923.670668] FAULT_INJECTION: forcing a failure. [ 1923.670668] name failslab, interval 1, probability 0, space 0, times 0 [ 1923.671406] legacy_get_tree+0x105/0x220 [ 1923.671431] vfs_get_tree+0x8e/0x300 [ 1923.671452] path_mount+0x14ab/0x2200 [ 1923.671476] ? strncpy_from_user+0x9e/0x470 [ 1923.671509] ? finish_automount+0xa90/0xa90 [ 1923.678355] ? getname_flags.part.0+0x1dd/0x4f0 [ 1923.679435] ? _copy_from_user+0xfb/0x1b0 [ 1923.680390] __x64_sys_mount+0x282/0x300 [ 1923.681319] ? copy_mnt_ns+0xa00/0xa00 [ 1923.682140] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.683364] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1923.684557] do_syscall_64+0x33/0x40 [ 1923.685408] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1923.686582] RIP: 0033:0x7f4689135b19 [ 1923.687440] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1923.691580] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1923.693322] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1923.694879] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1923.696534] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1923.698197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1923.699786] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1923.701493] CPU: 1 PID: 28242 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1923.702961] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1923.704714] Call Trace: [ 1923.705277] dump_stack+0x107/0x167 [ 1923.706053] should_fail.cold+0x5/0xa [ 1923.706864] should_failslab+0x5/0x20 [ 1923.707672] kmem_cache_alloc_bulk+0x4b/0x320 [ 1923.708623] io_submit_sqes+0x6fe4/0x8610 [ 1923.709537] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1923.710594] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1923.711626] ? find_held_lock+0x2c/0x110 [ 1923.712493] ? io_submit_sqes+0x8610/0x8610 [ 1923.713413] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1923.714434] ? wait_for_completion_io+0x270/0x270 [ 1923.715470] ? rcu_read_lock_any_held+0x75/0xa0 [ 1923.716450] ? vfs_write+0x354/0xb10 [ 1923.717242] ? fput_many+0x2f/0x1a0 [ 1923.718007] ? ksys_write+0x1a9/0x260 [ 1923.718812] ? __ia32_sys_read+0xb0/0xb0 [ 1923.719681] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1923.720794] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1923.721896] do_syscall_64+0x33/0x40 [ 1923.722687] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1923.723772] RIP: 0033:0x7ff6f30cbb19 [ 1923.724566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1923.728463] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1923.730089] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1923.731605] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1923.733117] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1923.734616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1923.736123] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 1923.740221] 9pnet: Insufficient options for proto=fd 03:59:56 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x54b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:56 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x300000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 03:59:56 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x541b, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 03:59:56 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x700, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 03:59:56 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 03:59:56 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="74fd94fc544430cdddca16123d00"/28, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:00:21 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 20) 04:00:21 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x55b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:21 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 30) 04:00:21 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:00:21 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x400000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:21 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x5421, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:00:21 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e1, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:21 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) sendmsg$SMC_PNETID_DEL(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0x30, 0x0, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x40}, 0x8081) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1948.651206] FAULT_INJECTION: forcing a failure. [ 1948.651206] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.651965] 9pnet: Insufficient options for proto=fd [ 1948.653607] CPU: 1 PID: 29290 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1948.653620] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.653639] Call Trace: [ 1948.658455] dump_stack+0x107/0x167 [ 1948.659230] should_fail.cold+0x5/0xa [ 1948.660043] should_failslab+0x5/0x20 [ 1948.660842] __kmalloc_track_caller+0x79/0x370 [ 1948.661803] ? match_number+0xaf/0x1d0 [ 1948.662630] kmemdup_nul+0x2d/0xa0 [ 1948.663395] match_number+0xaf/0x1d0 [ 1948.664182] ? match_u64+0x190/0x190 [ 1948.664979] ? __kmalloc_track_caller+0x2c6/0x370 [ 1948.665994] ? memcpy+0x39/0x60 [ 1948.666696] parse_opts.part.0+0x1f3/0x340 [ 1948.667603] ? p9_fd_show_options+0x1c0/0x1c0 [ 1948.668551] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.669655] ? trace_hardirqs_on+0x5b/0x180 [ 1948.670577] ? kfree+0xd7/0x340 [ 1948.671296] p9_fd_create+0x98/0x4a0 [ 1948.672084] ? p9_conn_create+0x510/0x510 [ 1948.672962] ? p9_client_create+0x798/0x1230 [ 1948.673889] ? kfree+0xd7/0x340 [ 1948.674591] p9_client_create+0x7ff/0x1230 [ 1948.675497] ? p9_client_flush+0x430/0x430 [ 1948.676395] ? trace_hardirqs_on+0x5b/0x180 [ 1948.677351] ? lockdep_init_map_type+0x2c7/0x780 [ 1948.678527] ? __raw_spin_lock_init+0x36/0x110 [ 1948.679550] v9fs_session_init+0x1dd/0x1680 [ 1948.680461] ? lock_release+0x680/0x680 [ 1948.681309] ? kmem_cache_alloc_trace+0x151/0x320 [ 1948.682316] ? v9fs_show_options+0x690/0x690 [ 1948.683271] ? trace_hardirqs_on+0x5b/0x180 [ 1948.684179] ? kasan_unpoison_shadow+0x33/0x50 [ 1948.685139] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1948.686211] v9fs_mount+0x79/0x8f0 [ 1948.686959] ? v9fs_write_inode+0x60/0x60 [ 1948.687843] legacy_get_tree+0x105/0x220 [ 1948.688702] vfs_get_tree+0x8e/0x300 [ 1948.689486] path_mount+0x14ab/0x2200 [ 1948.690296] ? strncpy_from_user+0x9e/0x470 [ 1948.691204] ? finish_automount+0xa90/0xa90 [ 1948.692140] ? getname_flags.part.0+0x1dd/0x4f0 [ 1948.693125] ? _copy_from_user+0xfb/0x1b0 [ 1948.694008] __x64_sys_mount+0x282/0x300 [ 1948.694863] ? copy_mnt_ns+0xa00/0xa00 [ 1948.695693] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.696801] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.697893] do_syscall_64+0x33/0x40 [ 1948.698682] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.699772] RIP: 0033:0x7f4689135b19 [ 1948.700562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.704449] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1948.706052] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1948.707571] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1948.709062] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1948.710568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.712079] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1948.715069] 9pnet: Insufficient options for proto=fd [ 1948.797142] FAULT_INJECTION: forcing a failure. [ 1948.797142] name failslab, interval 1, probability 0, space 0, times 0 [ 1948.799824] CPU: 0 PID: 29306 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1948.801318] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1948.803102] Call Trace: [ 1948.803701] dump_stack+0x107/0x167 [ 1948.804501] should_fail.cold+0x5/0xa [ 1948.805340] ? create_object.isra.0+0x3a/0xa30 [ 1948.806340] should_failslab+0x5/0x20 [ 1948.807173] kmem_cache_alloc+0x5b/0x310 [ 1948.808075] create_object.isra.0+0x3a/0xa30 [ 1948.809013] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1948.810109] kmem_cache_alloc_bulk+0x168/0x320 [ 1948.811097] io_submit_sqes+0x6fe4/0x8610 [ 1948.812029] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1948.813096] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1948.814130] ? find_held_lock+0x2c/0x110 [ 1948.815012] ? io_submit_sqes+0x8610/0x8610 [ 1948.815954] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1948.816988] ? wait_for_completion_io+0x270/0x270 [ 1948.818028] ? rcu_read_lock_any_held+0x75/0xa0 [ 1948.819026] ? vfs_write+0x354/0xb10 [ 1948.819831] ? fput_many+0x2f/0x1a0 [ 1948.820615] ? ksys_write+0x1a9/0x260 [ 1948.821432] ? __ia32_sys_read+0xb0/0xb0 [ 1948.822314] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1948.823456] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1948.824559] do_syscall_64+0x33/0x40 [ 1948.825356] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1948.826452] RIP: 0033:0x7ff6f30cbb19 [ 1948.827252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1948.831206] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1948.832836] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1948.834363] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1948.835905] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1948.837440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1948.838970] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:00:21 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x56b5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:21 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x5450, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:00:21 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x500000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:21 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:21 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) write$binfmt_aout(r0, &(0x7f0000000940)={{0x10b, 0x2, 0x0, 0x252, 0x186, 0x9414, 0x363, 0x9f}, "bb34cfa0f3c073a519743366f4fc13724bd8936cc050831b33351e873b35a9521d6ecc3db5fd9811cf26081d16adbcbe754d73983258817e3742fef5efcb3909fa4fa7e28c151af6ecd3e3b2e35b752c7588b493d3b4b4821332498bc597ef51efba1c83a471de221de327dce8f7b448ad90b77bce3423606893600155b6207319f08b02f876ad82170fd4d284b7024c43d6b53993dfaa882333a65e168fd99644dd510987dc5d0ef98cc8073af35dfc59e43354", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x6d4) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:21 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:00:21 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 31) [ 1949.043694] 9pnet: Insufficient options for proto=fd 04:00:21 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6800, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1949.147109] FAULT_INJECTION: forcing a failure. [ 1949.147109] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.149587] CPU: 0 PID: 30187 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1949.151058] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.152855] Call Trace: [ 1949.153426] dump_stack+0x107/0x167 [ 1949.154215] should_fail.cold+0x5/0xa [ 1949.155038] ? create_object.isra.0+0x3a/0xa30 [ 1949.156038] should_failslab+0x5/0x20 [ 1949.156875] kmem_cache_alloc+0x5b/0x310 [ 1949.157771] create_object.isra.0+0x3a/0xa30 [ 1949.158737] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.159861] __kmalloc_track_caller+0x177/0x370 [ 1949.160871] ? match_number+0xaf/0x1d0 [ 1949.161738] kmemdup_nul+0x2d/0xa0 [ 1949.162512] match_number+0xaf/0x1d0 [ 1949.163338] ? match_u64+0x190/0x190 [ 1949.164159] ? __kmalloc_track_caller+0x2c6/0x370 [ 1949.165230] ? memcpy+0x39/0x60 [ 1949.165955] parse_opts.part.0+0x1f3/0x340 [ 1949.166881] ? p9_fd_show_options+0x1c0/0x1c0 [ 1949.167879] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.169027] ? trace_hardirqs_on+0x5b/0x180 [ 1949.169982] ? kfree+0xd7/0x340 [ 1949.170710] p9_fd_create+0x98/0x4a0 [ 1949.171528] ? p9_conn_create+0x510/0x510 [ 1949.172433] ? p9_client_create+0x798/0x1230 [ 1949.173403] ? kfree+0xd7/0x340 [ 1949.174131] p9_client_create+0x7ff/0x1230 [ 1949.175061] ? p9_client_flush+0x430/0x430 [ 1949.175994] ? trace_hardirqs_on+0x5b/0x180 [ 1949.176935] ? lockdep_init_map_type+0x2c7/0x780 [ 1949.177971] ? __raw_spin_lock_init+0x36/0x110 [ 1949.178975] v9fs_session_init+0x1dd/0x1680 [ 1949.179929] ? lock_release+0x680/0x680 [ 1949.180808] ? kmem_cache_alloc_trace+0x151/0x320 [ 1949.181860] ? v9fs_show_options+0x690/0x690 [ 1949.182830] ? trace_hardirqs_on+0x5b/0x180 [ 1949.183808] ? kasan_unpoison_shadow+0x33/0x50 [ 1949.184805] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.185915] v9fs_mount+0x79/0x8f0 [ 1949.186692] ? v9fs_write_inode+0x60/0x60 [ 1949.187603] legacy_get_tree+0x105/0x220 [ 1949.188504] vfs_get_tree+0x8e/0x300 [ 1949.189316] path_mount+0x14ab/0x2200 [ 1949.190149] ? strncpy_from_user+0x9e/0x470 [ 1949.191091] ? finish_automount+0xa90/0xa90 [ 1949.192041] ? getname_flags.part.0+0x1dd/0x4f0 [ 1949.193056] ? _copy_from_user+0xfb/0x1b0 [ 1949.193969] __x64_sys_mount+0x282/0x300 [ 1949.194851] ? copy_mnt_ns+0xa00/0xa00 [ 1949.195717] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.196861] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.197988] do_syscall_64+0x33/0x40 [ 1949.198799] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.199929] RIP: 0033:0x7f4689135b19 [ 1949.200750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.204786] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1949.206453] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1949.208036] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1949.209612] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1949.211184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.212749] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:00:21 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 21) 04:00:21 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x5451, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 1949.320667] FAULT_INJECTION: forcing a failure. [ 1949.320667] name failslab, interval 1, probability 0, space 0, times 0 [ 1949.322911] CPU: 1 PID: 30347 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1949.324216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1949.325761] Call Trace: [ 1949.326263] dump_stack+0x107/0x167 [ 1949.326948] should_fail.cold+0x5/0xa [ 1949.327699] ? create_object.isra.0+0x3a/0xa30 [ 1949.328597] should_failslab+0x5/0x20 [ 1949.329341] kmem_cache_alloc+0x5b/0x310 [ 1949.330122] ? mark_held_locks+0x9e/0xe0 [ 1949.330896] create_object.isra.0+0x3a/0xa30 [ 1949.331907] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1949.333091] kmem_cache_alloc_bulk+0x168/0x320 [ 1949.334072] io_submit_sqes+0x6fe4/0x8610 [ 1949.334985] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1949.336035] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1949.336982] ? find_held_lock+0x2c/0x110 [ 1949.337794] ? io_submit_sqes+0x8610/0x8610 [ 1949.338659] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1949.339618] ? wait_for_completion_io+0x270/0x270 [ 1949.340578] ? rcu_read_lock_any_held+0x75/0xa0 [ 1949.341482] ? vfs_write+0x354/0xb10 [ 1949.342211] ? fput_many+0x2f/0x1a0 [ 1949.342934] ? ksys_write+0x1a9/0x260 [ 1949.343685] ? __ia32_sys_read+0xb0/0xb0 [ 1949.344480] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1949.345510] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1949.346540] do_syscall_64+0x33/0x40 [ 1949.347274] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1949.348306] RIP: 0033:0x7ff6f30cbb19 [ 1949.349036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1949.352619] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1949.354081] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1949.355460] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1949.356831] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1949.358189] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1949.359580] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:00:35 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x600000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:35 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 22) 04:00:35 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 32) 04:00:35 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:35 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r2 = open_tree(r0, &(0x7f0000000000)='./file1\x00', 0x99100) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) sendmsg$unix(r2, &(0x7f0000000640)={&(0x7f0000000140)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000000280)=[{&(0x7f00000001c0)="1e52ab1b27bb6bbb8deee37758a29e6b9b245645e8758e5e2b467fd5e8d8cb4b1ca5b99874eea8980069618e624c5ae432e66d9853f65f23fe6c1c61de5d9261782f0b84c72a7a15947972d23083eea594f69326ef60c6d153d158547c8a287e58d5139e754dc8a923f63a3d5ac41a720573915865cd955b51663f6bad7512b40a144584e29dec3bf9ca2f5596d8c8", 0x8f}, {&(0x7f00000004c0)="18761772e9e8655c2b337fe527d74b65061edfafa2c7886597dc82a066ceab640e54d9b9be89fbca93a69cbe3c12dd512a686f46aacdf5544e5b1a9e229148b94ac62527b49fcad177b9053f0e9448dd9c5be5002656f8a8024eebe76c1ba902f8e8242a1315dc9af9ccb29dd2314d638da382339feb765d29bed9a93899d2f407e4af0765f4dfc095418de77c34af78765fcdc5d29c58b80f86", 0x9a}, {&(0x7f0000000040)="c8a400d90d1f8ca8e7af3fee14ed7455b2c81a3fe387f519b5af58dccda9da92da96effc66f9fe718bb115a63d54781fd004fd9955db", 0x36}, {&(0x7f0000000580)="ff5c62d7df96e7d10e119d33682cbe432b7accfa1d672879f8b2b7ef6f64edcbd486e1bed52fb39e9fc248b167b89cd8873554309d9515232348a9471ffd308ddfcdc26d51f958abb0320f326897e583c3ce4d731f53e9dec20f709b3a580c8dc38251ed969c0e1c88c04007e1052501c8e4f62a101572e41552106b2cf259dbac771526378a6c05cf29074e649cba64e5b714f5f8fb1d83b565a85a252fee9ba98d46edcfbc7f", 0xa7}], 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="24000000000000000100000001000000", @ANYRES32=r3, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r1, @ANYRES32=r0, @ANYBLOB="41d3dd49be", @ANYRES32=r0, @ANYRES32], 0x40, 0x4000000}, 0x40000) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@access_client}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@subj_role={'subj_role', 0x3d, '{#'}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '\xa1\"U\x8cw\xcc[t6F\x00\x9b\x80Zo\xb1..\t\x91~\x8a\x19\\\xa9\x06\x00\x00\x00\x00\x00\x00\x001V\xd6\xbf\xdf\rd_\x85\xacC]\x16\xe1)\xb2\t\xb6\xb9>\x8f\xff\x1f6x5z\x7fi\x81>\x8c\xea\xb74k\xe3\xd5\xfe\xebK<\x8a\x01G\xfe<[\xb5(\x0e/\xa9\xe6\xbd\xa3\xf7heA$ys\x83X\xe7\xaa+J\xb85\xe1\xfbE\xe7\xdbC\xd1Ix\xf4d\f\x8d\xe5\x7fR\xce:\x86\x86Z\xef2\xe3\xef\xdcy\x95\xdfV\xfb\x00\x00\x00\x00\x00'}}, {@fowner_gt}]}}) 04:00:35 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x900, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:00:35 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6c00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1962.599828] FAULT_INJECTION: forcing a failure. [ 1962.599828] name failslab, interval 1, probability 0, space 0, times 0 [ 1962.601396] CPU: 1 PID: 30449 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1962.602175] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1962.603115] Call Trace: [ 1962.603429] dump_stack+0x107/0x167 [ 1962.603844] should_fail.cold+0x5/0xa [ 1962.604279] should_failslab+0x5/0x20 [ 1962.604715] kmem_cache_alloc_bulk+0x4b/0x320 [ 1962.605229] io_submit_sqes+0x6fe4/0x8610 [ 1962.605716] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1962.606280] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1962.606829] ? find_held_lock+0x2c/0x110 [ 1962.607291] ? io_submit_sqes+0x8610/0x8610 [ 1962.607790] ? __mutex_unlock_slowpath+0xe1/0x600 04:00:35 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x5452, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 1962.608339] ? wait_for_completion_io+0x270/0x270 [ 1962.609039] ? rcu_read_lock_any_held+0x75/0xa0 [ 1962.609633] ? vfs_write+0x354/0xb10 [ 1962.610052] ? fput_many+0x2f/0x1a0 [ 1962.610460] ? ksys_write+0x1a9/0x260 [ 1962.610890] ? __ia32_sys_read+0xb0/0xb0 [ 1962.611349] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.611958] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1962.612539] do_syscall_64+0x33/0x40 [ 1962.612968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1962.613544] RIP: 0033:0x7ff6f30cbb19 [ 1962.613966] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1962.616044] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1962.616900] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1962.617702] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1962.618504] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1962.619309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1962.620121] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 1962.634931] FAULT_INJECTION: forcing a failure. [ 1962.634931] name failslab, interval 1, probability 0, space 0, times 0 [ 1962.637852] CPU: 0 PID: 30480 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1962.639636] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1962.641764] Call Trace: [ 1962.642440] dump_stack+0x107/0x167 [ 1962.643373] should_fail.cold+0x5/0xa [ 1962.644275] should_failslab+0x5/0x20 [ 1962.645137] __kmalloc_track_caller+0x79/0x370 [ 1962.646166] ? match_number+0xaf/0x1d0 [ 1962.647040] ? kfree+0xd7/0x340 [ 1962.647797] kmemdup_nul+0x2d/0xa0 [ 1962.648594] match_number+0xaf/0x1d0 [ 1962.649440] ? match_u64+0x190/0x190 [ 1962.650282] ? memcpy+0x39/0x60 [ 1962.651030] parse_opts.part.0+0x1f3/0x340 [ 1962.651984] ? p9_fd_show_options+0x1c0/0x1c0 [ 1962.653002] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.654193] ? trace_hardirqs_on+0x5b/0x180 [ 1962.655162] ? kfree+0xd7/0x340 [ 1962.655925] p9_fd_create+0x98/0x4a0 [ 1962.656766] ? p9_conn_create+0x510/0x510 [ 1962.657708] ? p9_client_create+0x798/0x1230 [ 1962.658706] ? kfree+0xd7/0x340 [ 1962.659463] p9_client_create+0x7ff/0x1230 [ 1962.660423] ? p9_client_flush+0x430/0x430 [ 1962.661368] ? trace_hardirqs_on+0x5b/0x180 [ 1962.662335] ? lockdep_init_map_type+0x2c7/0x780 [ 1962.663407] ? __raw_spin_lock_init+0x36/0x110 [ 1962.664449] v9fs_session_init+0x1dd/0x1680 [ 1962.665427] ? lock_release+0x680/0x680 [ 1962.666334] ? kmem_cache_alloc_trace+0x151/0x320 [ 1962.667427] ? v9fs_show_options+0x690/0x690 [ 1962.668425] ? trace_hardirqs_on+0x5b/0x180 [ 1962.669395] ? kasan_unpoison_shadow+0x33/0x50 [ 1962.670417] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1962.671568] v9fs_mount+0x79/0x8f0 [ 1962.672374] ? v9fs_write_inode+0x60/0x60 [ 1962.673308] legacy_get_tree+0x105/0x220 [ 1962.674236] vfs_get_tree+0x8e/0x300 [ 1962.675070] path_mount+0x14ab/0x2200 [ 1962.675948] ? strncpy_from_user+0x9e/0x470 [ 1962.676925] ? finish_automount+0xa90/0xa90 [ 1962.677893] ? getname_flags.part.0+0x1dd/0x4f0 [ 1962.678935] ? _copy_from_user+0xfb/0x1b0 [ 1962.679884] __x64_sys_mount+0x282/0x300 [ 1962.680810] ? copy_mnt_ns+0xa00/0xa00 [ 1962.681700] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.682890] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1962.684070] do_syscall_64+0x33/0x40 [ 1962.684907] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1962.686054] RIP: 0033:0x7f4689135b19 [ 1962.686899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1962.691062] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1962.692780] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1962.694391] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1962.696008] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1962.697602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1962.699206] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1962.700961] 9pnet: Insufficient options for proto=fd [ 1962.707839] 9pnet: Insufficient options for proto=fd 04:00:35 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x700000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:35 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7400, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:35 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 23) 04:00:35 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 33) [ 1962.887887] FAULT_INJECTION: forcing a failure. [ 1962.887887] name failslab, interval 1, probability 0, space 0, times 0 [ 1962.889286] CPU: 1 PID: 31179 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1962.890061] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1962.891003] Call Trace: [ 1962.891312] dump_stack+0x107/0x167 [ 1962.891748] should_fail.cold+0x5/0xa [ 1962.892184] ? create_object.isra.0+0x3a/0xa30 [ 1962.892704] should_failslab+0x5/0x20 [ 1962.893141] kmem_cache_alloc+0x5b/0x310 [ 1962.893604] create_object.isra.0+0x3a/0xa30 [ 1962.894101] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1962.894679] __kmalloc_track_caller+0x177/0x370 [ 1962.895212] ? match_number+0xaf/0x1d0 [ 1962.895669] kmemdup_nul+0x2d/0xa0 [ 1962.896085] match_number+0xaf/0x1d0 [ 1962.896518] ? match_u64+0x190/0x190 [ 1962.896947] ? __kmalloc_track_caller+0x2c6/0x370 [ 1962.897504] ? memcpy+0x39/0x60 [ 1962.897984] parse_opts.part.0+0x1f3/0x340 [ 1962.898483] ? p9_fd_show_options+0x1c0/0x1c0 [ 1962.899003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.899642] ? trace_hardirqs_on+0x5b/0x180 [ 1962.900143] ? kfree+0xd7/0x340 [ 1962.900526] p9_fd_create+0x98/0x4a0 [ 1962.900961] ? p9_conn_create+0x510/0x510 [ 1962.901434] ? p9_client_create+0x798/0x1230 [ 1962.901947] ? kfree+0xd7/0x340 [ 1962.902326] p9_client_create+0x7ff/0x1230 [ 1962.902814] ? p9_client_flush+0x430/0x430 [ 1962.903300] ? trace_hardirqs_on+0x5b/0x180 [ 1962.903805] ? lockdep_init_map_type+0x2c7/0x780 [ 1962.904341] ? __raw_spin_lock_init+0x36/0x110 [ 1962.904867] v9fs_session_init+0x1dd/0x1680 [ 1962.905355] ? lock_release+0x680/0x680 [ 1962.905819] ? kmem_cache_alloc_trace+0x151/0x320 [ 1962.906363] ? v9fs_show_options+0x690/0x690 [ 1962.906874] ? trace_hardirqs_on+0x5b/0x180 [ 1962.907373] ? kasan_unpoison_shadow+0x33/0x50 [ 1962.907905] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1962.908496] v9fs_mount+0x79/0x8f0 [ 1962.908912] ? v9fs_write_inode+0x60/0x60 [ 1962.909389] legacy_get_tree+0x105/0x220 [ 1962.909861] vfs_get_tree+0x8e/0x300 [ 1962.910299] path_mount+0x14ab/0x2200 [ 1962.910745] ? strncpy_from_user+0x9e/0x470 [ 1962.911249] ? finish_automount+0xa90/0xa90 [ 1962.911781] ? getname_flags.part.0+0x1dd/0x4f0 [ 1962.912319] ? _copy_from_user+0xfb/0x1b0 [ 1962.912800] __x64_sys_mount+0x282/0x300 [ 1962.913267] ? copy_mnt_ns+0xa00/0xa00 [ 1962.913722] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.914334] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1962.914924] do_syscall_64+0x33/0x40 [ 1962.915351] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1962.915953] RIP: 0033:0x7f4689135b19 [ 1962.916386] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1962.918520] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1962.919408] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1962.920252] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1962.921079] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1962.921904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1962.922722] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1962.937937] FAULT_INJECTION: forcing a failure. [ 1962.937937] name failslab, interval 1, probability 0, space 0, times 0 [ 1962.939404] CPU: 1 PID: 31178 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1962.940218] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1962.941175] Call Trace: [ 1962.941486] dump_stack+0x107/0x167 [ 1962.941902] should_fail.cold+0x5/0xa [ 1962.942348] ? memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1962.942941] should_failslab+0x5/0x20 [ 1962.943372] __kmalloc_node+0x76/0x420 [ 1962.943827] memcg_alloc_page_obj_cgroups+0x73/0x100 [ 1962.944409] memcg_slab_post_alloc_hook+0x1f0/0x430 [ 1962.944981] kmem_cache_alloc_bulk+0x182/0x320 [ 1962.945509] io_submit_sqes+0x6fe4/0x8610 [ 1962.946005] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1962.946593] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1962.947150] ? find_held_lock+0x2c/0x110 [ 1962.947643] ? io_submit_sqes+0x8610/0x8610 [ 1962.948151] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1962.948711] ? wait_for_completion_io+0x270/0x270 [ 1962.949270] ? rcu_read_lock_any_held+0x75/0xa0 [ 1962.949810] ? vfs_write+0x354/0xb10 [ 1962.950239] ? fput_many+0x2f/0x1a0 [ 1962.950655] ? ksys_write+0x1a9/0x260 [ 1962.951088] ? __ia32_sys_read+0xb0/0xb0 [ 1962.951563] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1962.952164] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1962.952749] do_syscall_64+0x33/0x40 [ 1962.953173] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1962.953755] RIP: 0033:0x7ff6f30cbb19 [ 1962.954187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1962.956329] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1962.957203] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1962.958022] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1962.958840] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1962.959672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1962.960485] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:00:49 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x800000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:49 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 34) 04:00:49 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x5460, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:00:49 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7a00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:49 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:49 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x9b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 1976.402708] FAULT_INJECTION: forcing a failure. [ 1976.402708] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.405553] CPU: 0 PID: 31194 Comm: syz-executor.6 Not tainted 5.10.250 #1 04:00:49 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r1}, './file1\x00'}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c7766646e953d62db855ac3b83b5cfed5215338f53175af3b66dc001e30098b90be0c10e76b04eedeb0d733a371c4a2a279353087434f510c970fa01086c2f8823e95ddab146a6e6f74a8d241d6f0ef77d78736ab3b09ffade369fcd674d31e71ac2a8b463b2114727bf762fad91be1210f8eb923536a121e7b08e59e2bdc4bfde58fd34bb170d347502a11dafdf9399ea45e23d8db4d15afaf982cdebc7d51fbda278890be15c85a0935ba607e0c673bd77c858170b7b6ecdc2f620054571d2b416461b16673a1141963ccc8acb4aa7987ecfb9aeb9157d6eb339ad25857397347f690ba8384852857a0a28193c1ce731058b24f5320", @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r3 = signalfd(r0, &(0x7f0000000380), 0x8) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f00000003c0)={r1, 0x4, 0x5, 0x7fffffff}) sendfile(r3, r4, &(0x7f0000000400)=0x3, 0x1f) 04:00:49 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 24) [ 1976.407241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.409371] Call Trace: [ 1976.410020] dump_stack+0x107/0x167 [ 1976.410900] should_fail.cold+0x5/0xa [ 1976.411836] ? p9_fd_create+0x161/0x4a0 [ 1976.412806] should_failslab+0x5/0x20 [ 1976.413730] kmem_cache_alloc_trace+0x55/0x320 [ 1976.414855] p9_fd_create+0x161/0x4a0 [ 1976.415785] ? p9_conn_create+0x510/0x510 [ 1976.416776] ? p9_client_create+0x798/0x1230 [ 1976.417838] ? kfree+0xd7/0x340 [ 1976.418642] p9_client_create+0x7ff/0x1230 [ 1976.419677] ? p9_client_flush+0x430/0x430 [ 1976.420226] FAULT_INJECTION: forcing a failure. [ 1976.420226] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.420692] ? trace_hardirqs_on+0x5b/0x180 [ 1976.420725] ? lockdep_init_map_type+0x2c7/0x780 [ 1976.424343] ? __raw_spin_lock_init+0x36/0x110 [ 1976.425441] v9fs_session_init+0x1dd/0x1680 [ 1976.426481] ? lock_release+0x680/0x680 [ 1976.427445] ? kmem_cache_alloc_trace+0x151/0x320 [ 1976.428629] ? v9fs_show_options+0x690/0x690 [ 1976.429698] ? trace_hardirqs_on+0x5b/0x180 [ 1976.430726] ? kasan_unpoison_shadow+0x33/0x50 [ 1976.431827] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.433047] v9fs_mount+0x79/0x8f0 [ 1976.433905] ? v9fs_write_inode+0x60/0x60 [ 1976.434896] legacy_get_tree+0x105/0x220 [ 1976.435881] vfs_get_tree+0x8e/0x300 [ 1976.436764] path_mount+0x14ab/0x2200 [ 1976.437674] ? strncpy_from_user+0x9e/0x470 [ 1976.438725] ? finish_automount+0xa90/0xa90 [ 1976.439776] ? getname_flags.part.0+0x1dd/0x4f0 [ 1976.440894] ? _copy_from_user+0xfb/0x1b0 [ 1976.441880] __x64_sys_mount+0x282/0x300 [ 1976.442839] ? copy_mnt_ns+0xa00/0xa00 [ 1976.443779] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.445024] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.446250] do_syscall_64+0x33/0x40 [ 1976.447133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.448366] RIP: 0033:0x7f4689135b19 [ 1976.449256] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.453645] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1976.455452] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1976.457162] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1976.458851] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1976.460559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.462270] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1976.464012] CPU: 1 PID: 31200 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1976.464954] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.466065] Call Trace: [ 1976.466414] dump_stack+0x107/0x167 [ 1976.466954] should_fail.cold+0x5/0xa [ 1976.467472] ? create_object.isra.0+0x3a/0xa30 [ 1976.468084] should_failslab+0x5/0x20 [ 1976.468586] kmem_cache_alloc+0x5b/0x310 [ 1976.469127] create_object.isra.0+0x3a/0xa30 [ 1976.469715] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.470382] kmem_cache_alloc_bulk+0x168/0x320 [ 1976.470988] io_submit_sqes+0x6fe4/0x8610 [ 1976.471576] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1976.472259] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1976.472898] ? find_held_lock+0x2c/0x110 [ 1976.473441] ? io_submit_sqes+0x8610/0x8610 [ 1976.474020] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1976.474658] ? wait_for_completion_io+0x270/0x270 [ 1976.475309] ? rcu_read_lock_any_held+0x75/0xa0 [ 1976.475943] ? vfs_write+0x354/0xb10 [ 1976.476440] ? fput_many+0x2f/0x1a0 [ 1976.476926] ? ksys_write+0x1a9/0x260 [ 1976.477431] ? __ia32_sys_read+0xb0/0xb0 [ 1976.477970] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.478665] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.479349] do_syscall_64+0x33/0x40 [ 1976.479847] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.480526] RIP: 0033:0x7ff6f30cbb19 [ 1976.481020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.483463] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1976.484476] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1976.485414] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1976.486364] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.487295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.488237] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:00:49 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x900000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:49 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r0 = socket$inet_udplite(0x2, 0x2, 0x88) read(r0, &(0x7f0000000000)=""/92, 0x5c) 04:00:49 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4d8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1976.642854] 9pnet: Insufficient options for proto=fd 04:00:49 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 25) 04:00:49 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:00:49 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:00:49 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8901, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:00:49 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xa00000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:00:49 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4d9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1976.796976] FAULT_INJECTION: forcing a failure. [ 1976.796976] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.799712] CPU: 0 PID: 31902 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1976.801177] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.802939] Call Trace: [ 1976.803503] dump_stack+0x107/0x167 [ 1976.804294] should_fail.cold+0x5/0xa [ 1976.805105] ? create_object.isra.0+0x3a/0xa30 [ 1976.806069] should_failslab+0x5/0x20 [ 1976.806888] kmem_cache_alloc+0x5b/0x310 [ 1976.807763] ? mark_held_locks+0x9e/0xe0 [ 1976.808627] create_object.isra.0+0x3a/0xa30 [ 1976.809560] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.810638] kmem_cache_alloc_bulk+0x168/0x320 [ 1976.811620] io_submit_sqes+0x6fe4/0x8610 [ 1976.812545] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1976.813595] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1976.814623] ? find_held_lock+0x2c/0x110 [ 1976.815488] ? io_submit_sqes+0x8610/0x8610 [ 1976.816407] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1976.817424] ? wait_for_completion_io+0x270/0x270 [ 1976.818446] ? rcu_read_lock_any_held+0x75/0xa0 [ 1976.819426] ? vfs_write+0x354/0xb10 [ 1976.820220] ? fput_many+0x2f/0x1a0 [ 1976.820984] ? ksys_write+0x1a9/0x260 [ 1976.821799] ? __ia32_sys_read+0xb0/0xb0 [ 1976.822673] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.823778] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.824869] do_syscall_64+0x33/0x40 [ 1976.825665] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.826738] RIP: 0033:0x7ff6f30cbb19 [ 1976.827524] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.831431] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1976.833042] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1976.834554] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1976.836069] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1976.837570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.839073] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:00:49 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 35) 04:00:49 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8902, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:00:49 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xab9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 1976.925807] FAULT_INJECTION: forcing a failure. [ 1976.925807] name failslab, interval 1, probability 0, space 0, times 0 [ 1976.928427] CPU: 0 PID: 32357 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1976.929893] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1976.931654] Call Trace: [ 1976.932221] dump_stack+0x107/0x167 [ 1976.932999] should_fail.cold+0x5/0xa [ 1976.933803] ? create_object.isra.0+0x3a/0xa30 [ 1976.934761] should_failslab+0x5/0x20 [ 1976.935559] kmem_cache_alloc+0x5b/0x310 [ 1976.936421] ? p9_fd_show_options+0x1c0/0x1c0 [ 1976.937364] create_object.isra.0+0x3a/0xa30 [ 1976.938284] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.939353] kmem_cache_alloc_trace+0x151/0x320 [ 1976.940346] p9_fd_create+0x161/0x4a0 [ 1976.941149] ? p9_conn_create+0x510/0x510 [ 1976.942022] ? p9_client_create+0x798/0x1230 [ 1976.942949] ? kfree+0xd7/0x340 [ 1976.943667] p9_client_create+0x7ff/0x1230 [ 1976.944569] ? p9_client_flush+0x430/0x430 [ 1976.945461] ? trace_hardirqs_on+0x5b/0x180 [ 1976.946370] ? lockdep_init_map_type+0x2c7/0x780 [ 1976.947372] ? __raw_spin_lock_init+0x36/0x110 [ 1976.948353] v9fs_session_init+0x1dd/0x1680 [ 1976.949281] ? kmem_cache_alloc_trace+0x151/0x320 [ 1976.950294] ? v9fs_show_options+0x690/0x690 [ 1976.951232] ? trace_hardirqs_on+0x5b/0x180 [ 1976.952150] ? kasan_unpoison_shadow+0x33/0x50 [ 1976.953105] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1976.954175] v9fs_mount+0x79/0x8f0 [ 1976.954927] ? v9fs_write_inode+0x60/0x60 [ 1976.955810] legacy_get_tree+0x105/0x220 [ 1976.956675] vfs_get_tree+0x8e/0x300 [ 1976.957465] path_mount+0x14ab/0x2200 [ 1976.958272] ? strncpy_from_user+0x9e/0x470 [ 1976.959180] ? finish_automount+0xa90/0xa90 [ 1976.960092] ? getname_flags.part.0+0x1dd/0x4f0 [ 1976.961078] ? _copy_from_user+0xfb/0x1b0 [ 1976.961962] __x64_sys_mount+0x282/0x300 [ 1976.962818] ? copy_mnt_ns+0xa00/0xa00 [ 1976.963652] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1976.964751] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1976.965840] do_syscall_64+0x33/0x40 [ 1976.966625] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1976.967723] RIP: 0033:0x7f4689135b19 [ 1976.968501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1976.972372] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1976.973982] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1976.975474] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1976.976975] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1976.978477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1976.979988] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:01:03 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r0 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) openat(r0, &(0x7f0000000040)='./file1\x00', 0x80600, 0x4) 04:01:03 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 36) 04:01:03 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:03 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8903, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:03 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb00000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:03 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4da, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:03 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:03 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 26) [ 1991.007815] 9pnet: Insufficient options for proto=fd [ 1991.023176] FAULT_INJECTION: forcing a failure. [ 1991.023176] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.025695] CPU: 0 PID: 32573 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1991.027096] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.028772] Call Trace: [ 1991.029309] dump_stack+0x107/0x167 [ 1991.030042] should_fail.cold+0x5/0xa [ 1991.030815] ? p9_client_prepare_req.part.0+0x3a/0xac0 [ 1991.031870] should_failslab+0x5/0x20 [ 1991.032638] kmem_cache_alloc+0x5b/0x310 [ 1991.033458] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1991.034481] p9_client_rpc+0x220/0x1370 [ 1991.035281] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.036348] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1991.037471] ? pipe_poll+0x21b/0x800 [ 1991.038356] ? p9_fd_close+0x4a0/0x4a0 [ 1991.039283] ? wait_for_partner+0x3c0/0x3c0 [ 1991.040325] ? p9_fd_poll+0x1e0/0x2c0 [ 1991.041257] ? p9_fd_create+0x357/0x4a0 [ 1991.042204] ? p9_conn_create+0x510/0x510 [ 1991.043022] ? p9_client_create+0x798/0x1230 [ 1991.043944] ? kfree+0xd7/0x340 [ 1991.044604] p9_client_create+0xa76/0x1230 [ 1991.045451] ? p9_client_flush+0x430/0x430 [ 1991.046298] ? trace_hardirqs_on+0x5b/0x180 [ 1991.047151] ? lockdep_init_map_type+0x2c7/0x780 [ 1991.048103] ? __raw_spin_lock_init+0x36/0x110 [ 1991.049013] v9fs_session_init+0x1dd/0x1680 [ 1991.049869] ? lock_release+0x680/0x680 [ 1991.050666] ? kmem_cache_alloc_trace+0x151/0x320 [ 1991.051620] ? v9fs_show_options+0x690/0x690 [ 1991.052511] ? trace_hardirqs_on+0x5b/0x180 [ 1991.053363] ? kasan_unpoison_shadow+0x33/0x50 [ 1991.054272] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1991.055285] v9fs_mount+0x79/0x8f0 [ 1991.055998] ? v9fs_write_inode+0x60/0x60 [ 1991.056814] legacy_get_tree+0x105/0x220 [ 1991.057624] vfs_get_tree+0x8e/0x300 [ 1991.058359] path_mount+0x14ab/0x2200 [ 1991.059113] ? strncpy_from_user+0x9e/0x470 [ 1991.059988] ? finish_automount+0xa90/0xa90 [ 1991.060842] ? getname_flags.part.0+0x1dd/0x4f0 [ 1991.061912] ? _copy_from_user+0xfb/0x1b0 [ 1991.062906] __x64_sys_mount+0x282/0x300 [ 1991.063878] ? copy_mnt_ns+0xa00/0xa00 [ 1991.064802] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.066039] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.067076] do_syscall_64+0x33/0x40 [ 1991.067819] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.068833] RIP: 0033:0x7f4689135b19 [ 1991.069565] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.073161] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1991.074670] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1991.076072] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1991.077468] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1991.078859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1991.080258] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:01:03 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 37) [ 1991.195908] FAULT_INJECTION: forcing a failure. [ 1991.195908] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.198650] CPU: 1 PID: 32620 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 1991.200134] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.201878] Call Trace: [ 1991.202441] dump_stack+0x107/0x167 [ 1991.203210] should_fail.cold+0x5/0xa [ 1991.204038] ? create_object.isra.0+0x3a/0xa30 [ 1991.204999] should_failslab+0x5/0x20 [ 1991.205804] kmem_cache_alloc+0x5b/0x310 [ 1991.206658] ? mark_held_locks+0x9e/0xe0 [ 1991.207523] create_object.isra.0+0x3a/0xa30 [ 1991.208459] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1991.209535] kmem_cache_alloc_bulk+0x168/0x320 [ 1991.210501] io_submit_sqes+0x6fe4/0x8610 [ 1991.211406] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 1991.212465] __do_sys_io_uring_enter+0x6b2/0x1890 [ 1991.213492] ? find_held_lock+0x2c/0x110 [ 1991.214357] ? io_submit_sqes+0x8610/0x8610 [ 1991.215272] ? __mutex_unlock_slowpath+0xe1/0x600 [ 1991.216304] ? wait_for_completion_io+0x270/0x270 [ 1991.217332] ? rcu_read_lock_any_held+0x75/0xa0 [ 1991.218284] ? vfs_write+0x354/0xb10 [ 1991.219067] ? fput_many+0x2f/0x1a0 [ 1991.219841] ? ksys_write+0x1a9/0x260 [ 1991.220637] ? __ia32_sys_read+0xb0/0xb0 [ 1991.221472] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.222582] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.223667] do_syscall_64+0x33/0x40 [ 1991.224466] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.225547] RIP: 0033:0x7ff6f30cbb19 [ 1991.226331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.230193] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 1991.231808] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 1991.233300] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 1991.234791] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 1991.236294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1991.237787] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:01:04 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:04 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) openat(r1, &(0x7f0000000000)='./file1\x00', 0xe6d652d64fad233f, 0xc9) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) creat(&(0x7f0000000140)='./file0\x00', 0x2) pipe(0x0) ftruncate(r0, 0xacf) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 1991.294420] FAULT_INJECTION: forcing a failure. [ 1991.294420] name failslab, interval 1, probability 0, space 0, times 0 [ 1991.296518] CPU: 0 PID: 33064 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 1991.297721] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 1991.299161] Call Trace: [ 1991.299630] dump_stack+0x107/0x167 [ 1991.300272] should_fail.cold+0x5/0xa [ 1991.300941] ? create_object.isra.0+0x3a/0xa30 [ 1991.301745] should_failslab+0x5/0x20 [ 1991.302406] kmem_cache_alloc+0x5b/0x310 [ 1991.303116] create_object.isra.0+0x3a/0xa30 [ 1991.303889] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1991.304779] kmem_cache_alloc+0x159/0x310 [ 1991.305502] p9_client_prepare_req.part.0+0x3a/0xac0 [ 1991.306394] p9_client_rpc+0x220/0x1370 [ 1991.307078] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.308002] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 1991.308919] ? pipe_poll+0x21b/0x800 [ 1991.309565] ? p9_fd_close+0x4a0/0x4a0 [ 1991.310232] ? wait_for_partner+0x3c0/0x3c0 [ 1991.310976] ? p9_fd_poll+0x1e0/0x2c0 [ 1991.311638] ? p9_fd_create+0x357/0x4a0 [ 1991.312321] ? p9_conn_create+0x510/0x510 [ 1991.313029] ? p9_client_create+0x798/0x1230 [ 1991.313785] ? kfree+0xd7/0x340 [ 1991.314361] p9_client_create+0xa76/0x1230 [ 1991.315101] ? p9_client_flush+0x430/0x430 [ 1991.315832] ? trace_hardirqs_on+0x5b/0x180 [ 1991.316576] ? lockdep_init_map_type+0x2c7/0x780 [ 1991.317394] ? __raw_spin_lock_init+0x36/0x110 [ 1991.318185] v9fs_session_init+0x1dd/0x1680 [ 1991.318929] ? lock_release+0x680/0x680 [ 1991.319617] ? kmem_cache_alloc_trace+0x151/0x320 [ 1991.320454] ? v9fs_show_options+0x690/0x690 [ 1991.321221] ? trace_hardirqs_on+0x5b/0x180 [ 1991.321989] ? kasan_unpoison_shadow+0x33/0x50 [ 1991.322767] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 1991.323630] v9fs_mount+0x79/0x8f0 [ 1991.324240] ? v9fs_write_inode+0x60/0x60 [ 1991.324941] legacy_get_tree+0x105/0x220 [ 1991.325630] vfs_get_tree+0x8e/0x300 [ 1991.326256] path_mount+0x14ab/0x2200 [ 1991.326907] ? strncpy_from_user+0x9e/0x470 [ 1991.327637] ? finish_automount+0xa90/0xa90 [ 1991.328375] ? getname_flags.part.0+0x1dd/0x4f0 [ 1991.329171] ? _copy_from_user+0xfb/0x1b0 [ 1991.329888] __x64_sys_mount+0x282/0x300 [ 1991.330573] ? copy_mnt_ns+0xa00/0xa00 [ 1991.331241] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 1991.332144] ? syscall_enter_from_user_mode+0x1d/0x50 [ 1991.333033] do_syscall_64+0x33/0x40 [ 1991.333664] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 1991.334547] RIP: 0033:0x7f4689135b19 [ 1991.335186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 1991.338340] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1991.339630] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 1991.340834] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 1991.342022] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 1991.343232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1991.344448] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 1991.380220] 9pnet: Insufficient options for proto=fd 04:01:04 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1000000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:04 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xbb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:04 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4db, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:04 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2000000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:04 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8904, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:04 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4dc, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:04 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:16 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 38) 04:01:16 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2e9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:16 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8906, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:16 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2010000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:16 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) 04:01:16 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xcb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:16 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4dd, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:16 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 27) [ 2004.164557] FAULT_INJECTION: forcing a failure. [ 2004.164557] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.165920] CPU: 1 PID: 34002 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2004.166713] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.167652] Call Trace: [ 2004.167969] dump_stack+0x107/0x167 [ 2004.168395] should_fail.cold+0x5/0xa [ 2004.168827] ? p9_fcall_init+0x97/0x290 [ 2004.169289] should_failslab+0x5/0x20 [ 2004.169732] __kmalloc+0x72/0x390 [ 2004.170129] p9_fcall_init+0x97/0x290 [ 2004.170565] p9_client_prepare_req.part.0+0x8c/0xac0 [ 2004.171144] p9_client_rpc+0x220/0x1370 [ 2004.171594] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.172178] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2004.172770] ? pipe_poll+0x21b/0x800 [ 2004.173202] ? p9_fd_close+0x4a0/0x4a0 [ 2004.173697] ? wait_for_partner+0x3c0/0x3c0 [ 2004.174276] ? p9_fd_poll+0x1e0/0x2c0 [ 2004.174744] ? p9_fd_create+0x357/0x4a0 [ 2004.175228] ? p9_conn_create+0x510/0x510 [ 2004.175753] ? p9_client_create+0x798/0x1230 [ 2004.176336] ? kfree+0xd7/0x340 [ 2004.176753] p9_client_create+0xa76/0x1230 [ 2004.177296] ? p9_client_flush+0x430/0x430 [ 2004.177838] ? trace_hardirqs_on+0x5b/0x180 [ 2004.178341] ? lockdep_init_map_type+0x2c7/0x780 [ 2004.178894] ? __raw_spin_lock_init+0x36/0x110 [ 2004.179498] v9fs_session_init+0x1dd/0x1680 [ 2004.180036] ? lock_release+0x680/0x680 [ 2004.180533] ? kmem_cache_alloc_trace+0x151/0x320 [ 2004.181119] ? v9fs_show_options+0x690/0x690 [ 2004.181684] ? trace_hardirqs_on+0x5b/0x180 [ 2004.182213] ? kasan_unpoison_shadow+0x33/0x50 [ 2004.182776] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2004.183405] v9fs_mount+0x79/0x8f0 [ 2004.183854] ? v9fs_write_inode+0x60/0x60 [ 2004.184370] legacy_get_tree+0x105/0x220 [ 2004.184830] vfs_get_tree+0x8e/0x300 [ 2004.185250] path_mount+0x14ab/0x2200 [ 2004.185691] ? strncpy_from_user+0x9e/0x470 [ 2004.186184] ? finish_automount+0xa90/0xa90 [ 2004.186652] ? getname_flags.part.0+0x1dd/0x4f0 [ 2004.187156] ? _copy_from_user+0xfb/0x1b0 [ 2004.187635] __x64_sys_mount+0x282/0x300 [ 2004.188091] ? copy_mnt_ns+0xa00/0xa00 [ 2004.188544] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.189115] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.189692] do_syscall_64+0x33/0x40 [ 2004.190110] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.190670] RIP: 0033:0x7f4689135b19 [ 2004.191099] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.193188] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2004.194038] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2004.194859] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2004.195644] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2004.196432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2004.197200] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2004.205549] FAULT_INJECTION: forcing a failure. [ 2004.205549] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.206995] CPU: 1 PID: 33935 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2004.207799] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.208747] Call Trace: [ 2004.209049] dump_stack+0x107/0x167 [ 2004.209467] should_fail.cold+0x5/0xa [ 2004.209901] ? create_object.isra.0+0x3a/0xa30 [ 2004.210426] should_failslab+0x5/0x20 [ 2004.210839] kmem_cache_alloc+0x5b/0x310 [ 2004.211280] ? mark_held_locks+0x9e/0xe0 [ 2004.211736] create_object.isra.0+0x3a/0xa30 [ 2004.212255] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2004.212830] kmem_cache_alloc_bulk+0x168/0x320 [ 2004.213353] io_submit_sqes+0x6fe4/0x8610 [ 2004.213849] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2004.214427] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2004.214973] ? find_held_lock+0x2c/0x110 [ 2004.215437] ? io_submit_sqes+0x8610/0x8610 [ 2004.215943] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2004.216497] ? wait_for_completion_io+0x270/0x270 [ 2004.217025] ? rcu_read_lock_any_held+0x75/0xa0 [ 2004.217541] ? vfs_write+0x354/0xb10 [ 2004.217957] ? fput_many+0x2f/0x1a0 [ 2004.218371] ? ksys_write+0x1a9/0x260 [ 2004.218809] ? __ia32_sys_read+0xb0/0xb0 [ 2004.219259] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.219871] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.220429] do_syscall_64+0x33/0x40 [ 2004.220843] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.221409] RIP: 0033:0x7ff6f30cbb19 [ 2004.221820] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.223875] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2004.224758] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2004.225582] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2004.226415] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2004.227229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2004.228056] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:01:17 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ea, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:17 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000700)={{{@in=@empty, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@local}}, &(0x7f0000000800)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="44c4a9147a5b55c8ac61965030be5eaae1332798f804f1ab4220690b8ede72f252ee216e602420a28596887795c9deedeb29abc18d840acd243b3ce72549084d", @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,cachetag=,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=r1, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) [ 2004.340441] 9pnet: Insufficient options for proto=fd 04:01:17 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:17 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 39) 04:01:17 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4800000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:17 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2eb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:17 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 28) [ 2004.458963] FAULT_INJECTION: forcing a failure. [ 2004.458963] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.460375] CPU: 1 PID: 34705 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2004.461169] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.462122] Call Trace: [ 2004.462434] dump_stack+0x107/0x167 [ 2004.462863] should_fail.cold+0x5/0xa [ 2004.463306] ? create_object.isra.0+0x3a/0xa30 [ 2004.463830] should_failslab+0x5/0x20 [ 2004.464282] kmem_cache_alloc+0x5b/0x310 [ 2004.464753] create_object.isra.0+0x3a/0xa30 [ 2004.465258] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2004.465844] __kmalloc+0x16e/0x390 [ 2004.466263] p9_fcall_init+0x97/0x290 [ 2004.466705] p9_client_prepare_req.part.0+0x8c/0xac0 [ 2004.467291] p9_client_rpc+0x220/0x1370 [ 2004.467752] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.468366] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2004.468981] ? pipe_poll+0x21b/0x800 [ 2004.469409] ? p9_fd_close+0x4a0/0x4a0 [ 2004.469860] ? wait_for_partner+0x3c0/0x3c0 [ 2004.470357] ? p9_fd_poll+0x1e0/0x2c0 [ 2004.470806] ? p9_fd_create+0x357/0x4a0 [ 2004.471262] ? p9_conn_create+0x510/0x510 [ 2004.471742] ? p9_client_create+0x798/0x1230 [ 2004.472260] ? kfree+0xd7/0x340 [ 2004.472655] p9_client_create+0xa76/0x1230 [ 2004.473145] ? p9_client_flush+0x430/0x430 [ 2004.473635] ? trace_hardirqs_on+0x5b/0x180 [ 2004.474134] ? lockdep_init_map_type+0x2c7/0x780 [ 2004.474683] ? __raw_spin_lock_init+0x36/0x110 [ 2004.475217] v9fs_session_init+0x1dd/0x1680 [ 2004.475721] ? lock_release+0x680/0x680 [ 2004.476199] ? kmem_cache_alloc_trace+0x151/0x320 [ 2004.476755] ? v9fs_show_options+0x690/0x690 [ 2004.477267] ? trace_hardirqs_on+0x5b/0x180 [ 2004.477770] ? kasan_unpoison_shadow+0x33/0x50 [ 2004.478294] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2004.478881] v9fs_mount+0x79/0x8f0 [ 2004.479293] ? v9fs_write_inode+0x60/0x60 [ 2004.479770] legacy_get_tree+0x105/0x220 [ 2004.480248] vfs_get_tree+0x8e/0x300 [ 2004.480683] path_mount+0x14ab/0x2200 [ 2004.481125] ? strncpy_from_user+0x9e/0x470 [ 2004.481620] ? finish_automount+0xa90/0xa90 [ 2004.482117] ? getname_flags.part.0+0x1dd/0x4f0 [ 2004.482657] ? _copy_from_user+0xfb/0x1b0 [ 2004.483140] __x64_sys_mount+0x282/0x300 [ 2004.483614] ? copy_mnt_ns+0xa00/0xa00 [ 2004.484075] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.484681] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.485282] do_syscall_64+0x33/0x40 [ 2004.485714] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.486304] RIP: 0033:0x7f4689135b19 [ 2004.486745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.488871] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2004.489753] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2004.490574] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2004.491397] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2004.492223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2004.493048] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2004.515763] FAULT_INJECTION: forcing a failure. [ 2004.515763] name failslab, interval 1, probability 0, space 0, times 0 [ 2004.517203] CPU: 1 PID: 34708 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2004.518002] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2004.518949] Call Trace: [ 2004.519257] dump_stack+0x107/0x167 [ 2004.519678] should_fail.cold+0x5/0xa [ 2004.520126] ? create_object.isra.0+0x3a/0xa30 [ 2004.520655] should_failslab+0x5/0x20 [ 2004.521095] kmem_cache_alloc+0x5b/0x310 [ 2004.521564] ? mark_held_locks+0x9e/0xe0 [ 2004.522035] create_object.isra.0+0x3a/0xa30 [ 2004.522539] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2004.523131] kmem_cache_alloc_bulk+0x168/0x320 [ 2004.523663] io_submit_sqes+0x6fe4/0x8610 [ 2004.524171] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2004.524747] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2004.525309] ? find_held_lock+0x2c/0x110 [ 2004.525781] ? io_submit_sqes+0x8610/0x8610 [ 2004.526283] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2004.526846] ? wait_for_completion_io+0x270/0x270 [ 2004.527407] ? rcu_read_lock_any_held+0x75/0xa0 [ 2004.527955] ? vfs_write+0x354/0xb10 [ 2004.528382] ? fput_many+0x2f/0x1a0 [ 2004.528801] ? ksys_write+0x1a9/0x260 [ 2004.529238] ? __ia32_sys_read+0xb0/0xb0 [ 2004.529709] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2004.530311] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2004.530909] do_syscall_64+0x33/0x40 [ 2004.531340] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2004.531940] RIP: 0033:0x7ff6f30cbb19 [ 2004.532370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2004.534499] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2004.535374] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2004.536205] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2004.537026] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2004.537844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2004.538668] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:01:29 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4de, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:29 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ec, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:29 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4c00000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:29 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:29 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) setxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file1\x00', &(0x7f0000000040), &(0x7f0000000140)={'L+', 0x1ff}, 0x16, 0x2) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:29 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8907, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 29) 04:01:29 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 40) [ 2016.657259] FAULT_INJECTION: forcing a failure. [ 2016.657259] name failslab, interval 1, probability 0, space 0, times 0 [ 2016.658671] CPU: 1 PID: 35001 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2016.659461] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2016.659873] FAULT_INJECTION: forcing a failure. [ 2016.659873] name failslab, interval 1, probability 0, space 0, times 0 [ 2016.660413] Call Trace: [ 2016.660432] dump_stack+0x107/0x167 [ 2016.660446] should_fail.cold+0x5/0xa [ 2016.660472] ? create_object.isra.0+0x3a/0xa30 [ 2016.664929] should_failslab+0x5/0x20 [ 2016.665372] kmem_cache_alloc+0x5b/0x310 [ 2016.665836] create_object.isra.0+0x3a/0xa30 [ 2016.666342] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2016.666926] kmem_cache_alloc_bulk+0x168/0x320 [ 2016.667457] io_submit_sqes+0x6fe4/0x8610 [ 2016.667963] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2016.668554] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2016.669109] ? find_held_lock+0x2c/0x110 [ 2016.669731] ? io_submit_sqes+0x8610/0x8610 [ 2016.670230] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2016.670794] ? wait_for_completion_io+0x270/0x270 [ 2016.671348] ? rcu_read_lock_any_held+0x75/0xa0 [ 2016.671879] ? vfs_write+0x354/0xb10 [ 2016.672315] ? fput_many+0x2f/0x1a0 [ 2016.672728] ? ksys_write+0x1a9/0x260 [ 2016.673174] ? __ia32_sys_read+0xb0/0xb0 [ 2016.673644] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2016.674242] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2016.674829] do_syscall_64+0x33/0x40 [ 2016.675257] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2016.675853] RIP: 0033:0x7ff6f30cbb19 [ 2016.676305] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2016.678398] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2016.679264] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2016.680083] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2016.680892] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2016.681709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2016.682530] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 2016.683387] CPU: 0 PID: 35009 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2016.684856] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2016.686632] Call Trace: [ 2016.687194] dump_stack+0x107/0x167 [ 2016.687973] should_fail.cold+0x5/0xa [ 2016.688768] ? p9_fcall_init+0x97/0x290 [ 2016.689597] should_failslab+0x5/0x20 [ 2016.690406] __kmalloc+0x72/0x390 [ 2016.691150] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2016.692224] p9_fcall_init+0x97/0x290 [ 2016.693029] p9_client_prepare_req.part.0+0xf4/0xac0 [ 2016.694096] p9_client_rpc+0x220/0x1370 [ 2016.694945] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2016.696061] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2016.697182] ? pipe_poll+0x21b/0x800 [ 2016.697958] ? p9_fd_close+0x4a0/0x4a0 [ 2016.698782] ? wait_for_partner+0x3c0/0x3c0 [ 2016.699695] ? p9_fd_poll+0x1e0/0x2c0 [ 2016.700515] ? p9_fd_create+0x357/0x4a0 [ 2016.701346] ? p9_conn_create+0x510/0x510 [ 2016.702233] ? p9_client_create+0x798/0x1230 [ 2016.703156] ? kfree+0xd7/0x340 [ 2016.703853] p9_client_create+0xa76/0x1230 [ 2016.704756] ? p9_client_flush+0x430/0x430 [ 2016.705654] ? trace_hardirqs_on+0x5b/0x180 [ 2016.706575] ? lockdep_init_map_type+0x2c7/0x780 [ 2016.707572] ? __raw_spin_lock_init+0x36/0x110 [ 2016.708533] v9fs_session_init+0x1dd/0x1680 [ 2016.709443] ? lock_release+0x680/0x680 [ 2016.710279] ? kmem_cache_alloc_trace+0x151/0x320 [ 2016.711292] ? v9fs_show_options+0x690/0x690 [ 2016.712211] ? trace_hardirqs_on+0x5b/0x180 [ 2016.713127] ? kasan_unpoison_shadow+0x33/0x50 [ 2016.714081] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2016.715130] v9fs_mount+0x79/0x8f0 [ 2016.715864] ? v9fs_write_inode+0x60/0x60 [ 2016.716743] legacy_get_tree+0x105/0x220 [ 2016.717606] vfs_get_tree+0x8e/0x300 [ 2016.718391] path_mount+0x14ab/0x2200 [ 2016.719193] ? strncpy_from_user+0x9e/0x470 [ 2016.720119] ? finish_automount+0xa90/0xa90 [ 2016.721035] ? getname_flags.part.0+0x1dd/0x4f0 [ 2016.722013] ? _copy_from_user+0xfb/0x1b0 [ 2016.722900] __x64_sys_mount+0x282/0x300 [ 2016.723754] ? copy_mnt_ns+0xa00/0xa00 [ 2016.724582] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2016.725693] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2016.726801] do_syscall_64+0x33/0x40 [ 2016.727590] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2016.728663] RIP: 0033:0x7f4689135b19 [ 2016.729447] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2016.733274] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2016.734883] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2016.736413] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2016.737922] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2016.739419] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2016.740938] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:01:29 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfb9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:29 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ed, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:29 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x890b, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:29 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r2 = getpgrp(0x0) pidfd_open(r2, 0x0) r3 = fcntl$getown(r0, 0x9) r4 = getpgrp(0x0) pidfd_open(r4, 0x0) clone3(&(0x7f0000000280)={0x40000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000140), {0x8}, &(0x7f0000000180)=""/49, 0x31, &(0x7f00000001c0)=""/116, &(0x7f0000000240)=[r2, r1, 0x0, r3, r4, r1], 0x6}, 0x58) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2016.923813] 9pnet: Insufficient options for proto=fd 04:01:45 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x890c, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:45 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 41) [ 2032.448402] FAULT_INJECTION: forcing a failure. [ 2032.448402] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.449725] CPU: 1 PID: 35824 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2032.450513] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.451457] Call Trace: [ 2032.451763] dump_stack+0x107/0x167 [ 2032.452185] should_fail.cold+0x5/0xa [ 2032.452638] ? create_object.isra.0+0x3a/0xa30 [ 2032.453168] should_failslab+0x5/0x20 [ 2032.453607] kmem_cache_alloc+0x5b/0x310 [ 2032.454072] create_object.isra.0+0x3a/0xa30 [ 2032.454680] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.455396] __kmalloc+0x16e/0x390 [ 2032.455911] p9_fcall_init+0x97/0x290 [ 2032.456482] p9_client_prepare_req.part.0+0xf4/0xac0 [ 2032.457192] p9_client_rpc+0x220/0x1370 [ 2032.457747] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.458483] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2032.459234] ? pipe_poll+0x21b/0x800 [ 2032.459767] ? p9_fd_close+0x4a0/0x4a0 [ 2032.460340] ? wait_for_partner+0x3c0/0x3c0 [ 2032.460946] ? p9_fd_poll+0x1e0/0x2c0 [ 2032.461505] ? p9_fd_create+0x357/0x4a0 [ 2032.462071] ? p9_conn_create+0x510/0x510 [ 2032.462667] ? p9_client_create+0x798/0x1230 [ 2032.463170] ? kfree+0xd7/0x340 [ 2032.463552] p9_client_create+0xa76/0x1230 [ 2032.464048] ? p9_client_flush+0x430/0x430 [ 2032.464552] ? trace_hardirqs_on+0x5b/0x180 [ 2032.465067] ? lockdep_init_map_type+0x2c7/0x780 [ 2032.465620] ? __raw_spin_lock_init+0x36/0x110 [ 2032.466289] v9fs_session_init+0x1dd/0x1680 [ 2032.466798] ? lock_release+0x680/0x680 [ 2032.467256] ? kmem_cache_alloc_trace+0x151/0x320 [ 2032.467824] ? v9fs_show_options+0x690/0x690 [ 2032.468339] ? trace_hardirqs_on+0x5b/0x180 [ 2032.468846] ? kasan_unpoison_shadow+0x33/0x50 [ 2032.469366] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.469954] v9fs_mount+0x79/0x8f0 [ 2032.470362] ? v9fs_write_inode+0x60/0x60 [ 2032.470836] legacy_get_tree+0x105/0x220 [ 2032.471312] vfs_get_tree+0x8e/0x300 [ 2032.471739] path_mount+0x14ab/0x2200 [ 2032.472190] ? strncpy_from_user+0x9e/0x470 [ 2032.472685] ? finish_automount+0xa90/0xa90 [ 2032.473183] ? getname_flags.part.0+0x1dd/0x4f0 [ 2032.473719] ? _copy_from_user+0xfb/0x1b0 [ 2032.474204] __x64_sys_mount+0x282/0x300 [ 2032.474671] ? copy_mnt_ns+0xa00/0xa00 [ 2032.475118] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.475741] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.476337] do_syscall_64+0x33/0x40 [ 2032.476766] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.477366] RIP: 0033:0x7f4689135b19 [ 2032.477795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.479900] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2032.480786] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2032.481145] FAULT_INJECTION: forcing a failure. [ 2032.481145] name failslab, interval 1, probability 0, space 0, times 0 04:01:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 30) 04:01:45 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6800000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2032.481592] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2032.481599] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2032.481605] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.481612] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2032.492795] CPU: 0 PID: 35831 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2032.494539] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.496663] Call Trace: [ 2032.497345] dump_stack+0x107/0x167 [ 2032.498264] should_fail.cold+0x5/0xa 04:01:45 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1020, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:45 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ee, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:45 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4df, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:45 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@dont_measure}, {@audit}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r1, 0xc018937d, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0x7}}, './file1\x00'}) dup3(r2, r1, 0x0) [ 2032.499230] ? create_object.isra.0+0x3a/0xa30 [ 2032.500480] should_failslab+0x5/0x20 [ 2032.501455] kmem_cache_alloc+0x5b/0x310 [ 2032.502488] ? mark_held_locks+0x9e/0xe0 [ 2032.503523] create_object.isra.0+0x3a/0xa30 [ 2032.504656] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.505938] kmem_cache_alloc_bulk+0x168/0x320 [ 2032.507093] io_submit_sqes+0x6fe4/0x8610 [ 2032.508208] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2032.509470] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2032.510689] ? find_held_lock+0x2c/0x110 [ 2032.511726] ? io_submit_sqes+0x8610/0x8610 [ 2032.512746] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2032.513766] ? wait_for_completion_io+0x270/0x270 [ 2032.514784] ? rcu_read_lock_any_held+0x75/0xa0 [ 2032.515765] ? vfs_write+0x354/0xb10 [ 2032.516575] ? fput_many+0x2f/0x1a0 [ 2032.517336] ? ksys_write+0x1a9/0x260 [ 2032.518133] ? __ia32_sys_read+0xb0/0xb0 [ 2032.518991] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.520091] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.521178] do_syscall_64+0x33/0x40 [ 2032.521959] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.523024] RIP: 0033:0x7ff6f30cbb19 [ 2032.523800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.527624] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2032.529217] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2032.530705] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2032.532195] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.533682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.535166] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 2032.555023] 9pnet: Insufficient options for proto=fd 04:01:45 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 42) 04:01:45 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:01:45 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) fremovexattr(r0, &(0x7f0000000000)=@known='user.incfs.size\x00') 04:01:45 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ef, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2032.713597] FAULT_INJECTION: forcing a failure. [ 2032.713597] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.715079] CPU: 1 PID: 36310 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2032.715876] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.716829] Call Trace: [ 2032.717140] dump_stack+0x107/0x167 [ 2032.717560] should_fail.cold+0x5/0xa [ 2032.718001] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2032.718656] should_failslab+0x5/0x20 [ 2032.719102] kmem_cache_alloc+0x5b/0x310 [ 2032.719576] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2032.720224] idr_get_free+0x4b5/0x8f0 [ 2032.720670] idr_alloc_u32+0x184/0x300 [ 2032.721119] ? __fprop_inc_percpu_max+0x130/0x130 [ 2032.721670] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2032.722280] ? lock_release+0x680/0x680 [ 2032.722738] idr_alloc+0xc2/0x130 [ 2032.723135] ? idr_alloc_u32+0x300/0x300 [ 2032.723598] ? rwlock_bug.part.0+0x90/0x90 [ 2032.724088] p9_client_prepare_req.part.0+0x612/0xac0 [ 2032.724688] p9_client_rpc+0x220/0x1370 [ 2032.725145] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.725743] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2032.726358] ? pipe_poll+0x21b/0x800 [ 2032.726788] ? p9_fd_close+0x4a0/0x4a0 [ 2032.727231] ? wait_for_partner+0x3c0/0x3c0 [ 2032.727725] ? p9_fd_poll+0x1e0/0x2c0 [ 2032.728160] ? p9_fd_create+0x357/0x4a0 [ 2032.728626] ? p9_conn_create+0x510/0x510 [ 2032.729097] ? p9_client_create+0x798/0x1230 [ 2032.729598] ? kfree+0xd7/0x340 [ 2032.729977] p9_client_create+0xa76/0x1230 [ 2032.730464] ? p9_client_flush+0x430/0x430 [ 2032.730952] ? trace_hardirqs_on+0x5b/0x180 [ 2032.731451] ? lockdep_init_map_type+0x2c7/0x780 [ 2032.731992] ? __raw_spin_lock_init+0x36/0x110 [ 2032.732532] v9fs_session_init+0x1dd/0x1680 [ 2032.733023] ? lock_release+0x680/0x680 [ 2032.733488] ? kmem_cache_alloc_trace+0x151/0x320 [ 2032.734039] ? v9fs_show_options+0x690/0x690 [ 2032.734549] ? trace_hardirqs_on+0x5b/0x180 [ 2032.735043] ? kasan_unpoison_shadow+0x33/0x50 [ 2032.735563] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.736147] v9fs_mount+0x79/0x8f0 [ 2032.736566] ? v9fs_write_inode+0x60/0x60 [ 2032.737036] legacy_get_tree+0x105/0x220 [ 2032.737503] vfs_get_tree+0x8e/0x300 [ 2032.737930] path_mount+0x14ab/0x2200 [ 2032.738367] ? strncpy_from_user+0x9e/0x470 [ 2032.738858] ? finish_automount+0xa90/0xa90 [ 2032.739348] ? getname_flags.part.0+0x1dd/0x4f0 [ 2032.739894] ? _copy_from_user+0xfb/0x1b0 [ 2032.740388] __x64_sys_mount+0x282/0x300 [ 2032.740853] ? copy_mnt_ns+0xa00/0xa00 [ 2032.741303] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.741900] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.742490] do_syscall_64+0x33/0x40 [ 2032.742915] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.743497] RIP: 0033:0x7f4689135b19 [ 2032.743923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.746025] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2032.746888] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2032.747701] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2032.748523] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2032.749337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.750155] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2032.756140] 9pnet: Insufficient options for proto=fd 04:01:45 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6c00000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:01:45 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:01:45 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x10b9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:01:45 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 31) 04:01:45 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8918, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2032.910609] FAULT_INJECTION: forcing a failure. [ 2032.910609] name failslab, interval 1, probability 0, space 0, times 0 [ 2032.913598] CPU: 0 PID: 36472 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2032.915042] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2032.916782] Call Trace: [ 2032.917337] dump_stack+0x107/0x167 [ 2032.918106] should_fail.cold+0x5/0xa [ 2032.918908] ? create_object.isra.0+0x3a/0xa30 [ 2032.919860] should_failslab+0x5/0x20 [ 2032.920678] kmem_cache_alloc+0x5b/0x310 [ 2032.921533] ? mark_held_locks+0x9e/0xe0 [ 2032.922392] create_object.isra.0+0x3a/0xa30 [ 2032.923312] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2032.924387] kmem_cache_alloc_bulk+0x168/0x320 [ 2032.925352] io_submit_sqes+0x6fe4/0x8610 [ 2032.926261] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2032.927309] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2032.928337] ? find_held_lock+0x2c/0x110 [ 2032.929193] ? io_submit_sqes+0x8610/0x8610 [ 2032.930109] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2032.931119] ? wait_for_completion_io+0x270/0x270 [ 2032.932140] ? rcu_read_lock_any_held+0x75/0xa0 [ 2032.933119] ? vfs_write+0x354/0xb10 [ 2032.933906] ? fput_many+0x2f/0x1a0 [ 2032.934668] ? ksys_write+0x1a9/0x260 [ 2032.935472] ? __ia32_sys_read+0xb0/0xb0 [ 2032.936342] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2032.937436] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2032.938517] do_syscall_64+0x33/0x40 [ 2032.939305] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2032.940391] RIP: 0033:0x7ff6f30cbb19 [ 2032.941176] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2032.945047] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2032.946635] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2032.948124] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2032.949620] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2032.951119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2032.952620] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:02:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 32) 04:02:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e1, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x1400, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7400000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:02 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) openat(r1, &(0x7f0000000180)='./file1\x00', 0x434480, 0x80) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat$cgroup_procs(r0, &(0x7f0000000140)='tasks\x00', 0x2, 0x0) sendfile(r2, r3, 0x0, 0x6) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x32002, 0x0) openat(r4, &(0x7f0000000040)='./file1\x00', 0x80, 0x43) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 43) 04:02:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8940, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2049.355111] FAULT_INJECTION: forcing a failure. [ 2049.355111] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.356468] CPU: 1 PID: 36898 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2049.357261] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2049.358220] Call Trace: [ 2049.358530] dump_stack+0x107/0x167 [ 2049.358955] should_fail.cold+0x5/0xa [ 2049.359404] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2049.360069] should_failslab+0x5/0x20 [ 2049.360526] kmem_cache_alloc+0x5b/0x310 [ 2049.361000] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2049.361642] idr_get_free+0x4b5/0x8f0 [ 2049.362091] idr_alloc_u32+0x184/0x300 [ 2049.362545] ? __fprop_inc_percpu_max+0x130/0x130 [ 2049.363101] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2049.363728] ? lock_release+0x680/0x680 [ 2049.364196] idr_alloc+0xc2/0x130 [ 2049.364616] ? idr_alloc_u32+0x300/0x300 [ 2049.365085] ? rwlock_bug.part.0+0x90/0x90 [ 2049.365582] p9_client_prepare_req.part.0+0x612/0xac0 [ 2049.366177] p9_client_rpc+0x220/0x1370 [ 2049.366639] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.367247] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2049.367865] ? pipe_poll+0x21b/0x800 [ 2049.368298] ? p9_fd_close+0x4a0/0x4a0 [ 2049.368770] ? wait_for_partner+0x3c0/0x3c0 [ 2049.369269] ? p9_fd_poll+0x1e0/0x2c0 [ 2049.369712] ? p9_fd_create+0x357/0x4a0 [ 2049.370177] ? p9_conn_create+0x510/0x510 [ 2049.370654] ? p9_client_create+0x798/0x1230 [ 2049.371166] ? kfree+0xd7/0x340 [ 2049.371553] p9_client_create+0xa76/0x1230 [ 2049.372050] ? p9_client_flush+0x430/0x430 [ 2049.372559] ? trace_hardirqs_on+0x5b/0x180 [ 2049.373061] ? lockdep_init_map_type+0x2c7/0x780 [ 2049.373614] ? __raw_spin_lock_init+0x36/0x110 [ 2049.374145] v9fs_session_init+0x1dd/0x1680 [ 2049.374645] ? lock_release+0x680/0x680 [ 2049.375116] ? kmem_cache_alloc_trace+0x151/0x320 [ 2049.375673] ? v9fs_show_options+0x690/0x690 [ 2049.376185] ? trace_hardirqs_on+0x5b/0x180 [ 2049.376698] ? kasan_unpoison_shadow+0x33/0x50 [ 2049.377227] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2049.377810] v9fs_mount+0x79/0x8f0 [ 2049.378221] ? v9fs_write_inode+0x60/0x60 [ 2049.378700] legacy_get_tree+0x105/0x220 [ 2049.379174] vfs_get_tree+0x8e/0x300 [ 2049.379606] path_mount+0x14ab/0x2200 [ 2049.380045] ? strncpy_from_user+0x9e/0x470 [ 2049.380559] ? finish_automount+0xa90/0xa90 [ 2049.381058] ? getname_flags.part.0+0x1dd/0x4f0 [ 2049.381597] ? _copy_from_user+0xfb/0x1b0 [ 2049.382085] __x64_sys_mount+0x282/0x300 [ 2049.382550] ? copy_mnt_ns+0xa00/0xa00 [ 2049.383005] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.383615] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2049.384210] do_syscall_64+0x33/0x40 [ 2049.384655] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2049.385251] RIP: 0033:0x7f4689135b19 [ 2049.385681] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2049.387793] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2049.388693] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2049.389526] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2049.390352] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2049.391174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.391996] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2049.414322] 9pnet: Insufficient options for proto=fd [ 2049.416207] FAULT_INJECTION: forcing a failure. [ 2049.416207] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.417706] CPU: 1 PID: 36897 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2049.418503] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2049.419448] Call Trace: [ 2049.419756] dump_stack+0x107/0x167 [ 2049.420176] should_fail.cold+0x5/0xa [ 2049.420632] ? create_object.isra.0+0x3a/0xa30 [ 2049.421158] should_failslab+0x5/0x20 [ 2049.421597] kmem_cache_alloc+0x5b/0x310 [ 2049.422064] ? mark_held_locks+0x9e/0xe0 [ 2049.422535] create_object.isra.0+0x3a/0xa30 [ 2049.423038] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2049.423622] kmem_cache_alloc_bulk+0x168/0x320 [ 2049.424155] io_submit_sqes+0x6fe4/0x8610 [ 2049.424668] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2049.425241] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2049.425802] ? find_held_lock+0x2c/0x110 [ 2049.426275] ? io_submit_sqes+0x8610/0x8610 [ 2049.426777] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2049.427334] ? wait_for_completion_io+0x270/0x270 [ 2049.427892] ? rcu_read_lock_any_held+0x75/0xa0 [ 2049.428442] ? vfs_write+0x354/0xb10 [ 2049.428871] ? fput_many+0x2f/0x1a0 [ 2049.429291] ? ksys_write+0x1a9/0x260 [ 2049.429730] ? __ia32_sys_read+0xb0/0xb0 [ 2049.430201] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.430805] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2049.431400] do_syscall_64+0x33/0x40 [ 2049.431829] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2049.432435] RIP: 0033:0x7ff6f30cbb19 [ 2049.432867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2049.434974] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2049.435847] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2049.436689] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2049.437509] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2049.438330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.439147] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:02:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f1, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7a00000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:02 executing program 5: r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mkdirat(r0, &(0x7f0000000140)='./file1\x00', 0x121) openat(0xffffffffffffffff, &(0x7f0000000040)='./file1\x00', 0x28082, 0x110) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x1050, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@access_any}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}]}}) chdir(&(0x7f0000000000)='./file1\x00') 04:02:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2010, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 33) 04:02:02 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 44) [ 2049.758699] FAULT_INJECTION: forcing a failure. [ 2049.758699] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.760111] CPU: 1 PID: 37887 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2049.760904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2049.761857] Call Trace: [ 2049.762168] dump_stack+0x107/0x167 [ 2049.762589] should_fail.cold+0x5/0xa [ 2049.763032] ? create_object.isra.0+0x3a/0xa30 [ 2049.763555] should_failslab+0x5/0x20 [ 2049.763998] kmem_cache_alloc+0x5b/0x310 [ 2049.764472] ? mark_held_locks+0x9e/0xe0 [ 2049.764940] create_object.isra.0+0x3a/0xa30 [ 2049.765446] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2049.766033] kmem_cache_alloc_bulk+0x168/0x320 [ 2049.766566] io_submit_sqes+0x6fe4/0x8610 [ 2049.767056] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2049.767625] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2049.768188] ? io_submit_sqes+0x8610/0x8610 [ 2049.768693] ? __mutex_unlock_slowpath+0xfd/0x600 [ 2049.769242] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2049.769799] ? wait_for_completion_io+0x270/0x270 [ 2049.770358] ? rcu_read_lock_any_held+0x75/0xa0 [ 2049.770891] ? vfs_write+0x354/0xb10 [ 2049.771322] ? fput_many+0x2f/0x1a0 [ 2049.771741] ? ksys_write+0x1a9/0x260 [ 2049.772174] ? __ia32_sys_read+0xb0/0xb0 [ 2049.772659] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.773260] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2049.773852] do_syscall_64+0x33/0x40 [ 2049.774280] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2049.774869] RIP: 0033:0x7ff6f30cbb19 [ 2049.775293] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2049.777399] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2049.778275] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2049.779090] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2049.779904] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2049.780727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.781547] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:02:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x8cffffff00000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x2e00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2049.834024] FAULT_INJECTION: forcing a failure. [ 2049.834024] name failslab, interval 1, probability 0, space 0, times 0 [ 2049.836328] CPU: 0 PID: 38105 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2049.837747] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2049.839453] Call Trace: [ 2049.840009] dump_stack+0x107/0x167 [ 2049.840766] should_fail.cold+0x5/0xa [ 2049.841570] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2049.842764] should_failslab+0x5/0x20 [ 2049.843565] kmem_cache_alloc+0x5b/0x310 [ 2049.844424] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2049.845569] idr_get_free+0x4b5/0x8f0 [ 2049.846372] idr_alloc_u32+0x184/0x300 [ 2049.847176] ? __fprop_inc_percpu_max+0x130/0x130 [ 2049.848169] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2049.849278] ? lock_release+0x680/0x680 [ 2049.850100] idr_alloc+0xc2/0x130 [ 2049.850823] ? idr_alloc_u32+0x300/0x300 [ 2049.851648] ? rwlock_bug.part.0+0x90/0x90 [ 2049.852533] p9_client_prepare_req.part.0+0x612/0xac0 [ 2049.853609] p9_client_rpc+0x220/0x1370 [ 2049.854427] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.855511] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2049.856630] ? pipe_poll+0x21b/0x800 [ 2049.857394] ? p9_fd_close+0x4a0/0x4a0 [ 2049.858205] ? wait_for_partner+0x3c0/0x3c0 [ 2049.859098] ? p9_fd_poll+0x1e0/0x2c0 [ 2049.859884] ? p9_fd_create+0x357/0x4a0 [ 2049.860708] ? p9_conn_create+0x510/0x510 [ 2049.861558] ? p9_client_create+0x798/0x1230 [ 2049.862467] ? kfree+0xd7/0x340 [ 2049.863158] p9_client_create+0xa76/0x1230 [ 2049.864031] ? p9_client_flush+0x430/0x430 [ 2049.864918] ? trace_hardirqs_on+0x5b/0x180 [ 2049.865804] ? lockdep_init_map_type+0x2c7/0x780 [ 2049.866780] ? __raw_spin_lock_init+0x36/0x110 [ 2049.867732] v9fs_session_init+0x1dd/0x1680 [ 2049.868632] ? lock_release+0x680/0x680 [ 2049.869461] ? kmem_cache_alloc_trace+0x151/0x320 [ 2049.870459] ? v9fs_show_options+0x690/0x690 [ 2049.871370] ? trace_hardirqs_on+0x5b/0x180 [ 2049.872254] ? kasan_unpoison_shadow+0x33/0x50 [ 2049.873200] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2049.874260] v9fs_mount+0x79/0x8f0 [ 2049.874991] ? v9fs_write_inode+0x60/0x60 [ 2049.875852] legacy_get_tree+0x105/0x220 [ 2049.876691] vfs_get_tree+0x8e/0x300 [ 2049.877455] path_mount+0x14ab/0x2200 [ 2049.878252] ? strncpy_from_user+0x9e/0x470 [ 2049.879135] ? finish_automount+0xa90/0xa90 [ 2049.880027] ? getname_flags.part.0+0x1dd/0x4f0 [ 2049.881014] ? _copy_from_user+0xfb/0x1b0 [ 2049.881884] __x64_sys_mount+0x282/0x300 [ 2049.882717] ? copy_mnt_ns+0xa00/0xa00 [ 2049.883523] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2049.884620] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2049.885703] do_syscall_64+0x33/0x40 [ 2049.886489] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2049.887530] RIP: 0033:0x7f4689135b19 [ 2049.888292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2049.892081] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2049.893630] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2049.895083] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2049.896561] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2049.898012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2049.899467] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf6ffffff00000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8941, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:15 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 45) 04:02:15 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x894c, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:15 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x3f00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:15 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c66736e716d653d2e2c666f776e65723eb0b5c3abb2af699ad5fb74a37dabb8ab7480b2a9a60d0eaf850a69ba525c1ce70b3afe0999a034a29d434ec560f3db27f749ea8f36cc9b24fa5b3cecc5c9a38af5e8c2e08c6316a982918c6862db3948ec0567e7574101a444c01b40bd4090d5c43fd97d0427f1838b58517f7466878924c0e01047d3501ff60a7d84b648b0c2c044429d62a909a0cdf4d1248056cd3de00f477c3cda33547c160358ad0319bb0c27c4643039acf2bd0f6a4433ce37fcb7134b5b066a75f0ee5f546597bb9c0fec1e61b6fd8f3bc77490b86e1ff29ee223c1d85bf1bbe68fecefb15e397d341116aff123df8bb3bc91ceeb83946dd5d13242dadcf7e2dca38bea174bd3741ee41dabc9240a49d2cc6254af44ac6005d3e83bd62b67a767d8f45b98004b7cda56857f17d103b45e02", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:02:15 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 34) 04:02:15 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffff000000000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2062.493606] FAULT_INJECTION: forcing a failure. [ 2062.493606] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.494896] CPU: 1 PID: 38590 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2062.495692] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.496666] Call Trace: [ 2062.496981] dump_stack+0x107/0x167 [ 2062.497404] should_fail.cold+0x5/0xa [ 2062.497843] ? create_object.isra.0+0x3a/0xa30 [ 2062.498367] should_failslab+0x5/0x20 [ 2062.498806] kmem_cache_alloc+0x5b/0x310 [ 2062.499275] create_object.isra.0+0x3a/0xa30 [ 2062.499776] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.500359] kmem_cache_alloc+0x159/0x310 [ 2062.500861] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2062.501498] idr_get_free+0x4b5/0x8f0 [ 2062.501941] idr_alloc_u32+0x184/0x300 [ 2062.502388] ? __fprop_inc_percpu_max+0x130/0x130 [ 2062.502951] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2062.503569] ? lock_release+0x680/0x680 [ 2062.504027] idr_alloc+0xc2/0x130 [ 2062.504424] ? idr_alloc_u32+0x300/0x300 [ 2062.504910] ? rwlock_bug.part.0+0x90/0x90 [ 2062.505403] p9_client_prepare_req.part.0+0x612/0xac0 [ 2062.506006] p9_client_rpc+0x220/0x1370 [ 2062.506461] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.507066] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2062.507678] ? pipe_poll+0x21b/0x800 [ 2062.508107] ? p9_fd_close+0x4a0/0x4a0 [ 2062.508577] ? wait_for_partner+0x3c0/0x3c0 [ 2062.509080] ? p9_fd_poll+0x1e0/0x2c0 [ 2062.509524] ? p9_fd_create+0x357/0x4a0 [ 2062.509869] 9pnet: Insufficient options for proto=fd [ 2062.509977] ? p9_conn_create+0x510/0x510 [ 2062.511798] ? p9_client_create+0x798/0x1230 [ 2062.512308] ? kfree+0xd7/0x340 [ 2062.512724] p9_client_create+0xa76/0x1230 [ 2062.513227] ? p9_client_flush+0x430/0x430 [ 2062.513716] ? trace_hardirqs_on+0x5b/0x180 [ 2062.514210] ? lockdep_init_map_type+0x2c7/0x780 [ 2062.514758] ? __raw_spin_lock_init+0x36/0x110 [ 2062.515292] v9fs_session_init+0x1dd/0x1680 [ 2062.515788] ? lock_release+0x680/0x680 [ 2062.516251] ? kmem_cache_alloc_trace+0x151/0x320 [ 2062.516825] ? v9fs_show_options+0x690/0x690 [ 2062.517342] ? trace_hardirqs_on+0x5b/0x180 [ 2062.517839] ? kasan_unpoison_shadow+0x33/0x50 [ 2062.518377] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.518968] v9fs_mount+0x79/0x8f0 [ 2062.519377] ? v9fs_write_inode+0x60/0x60 [ 2062.519854] legacy_get_tree+0x105/0x220 [ 2062.520322] vfs_get_tree+0x8e/0x300 [ 2062.520764] path_mount+0x14ab/0x2200 [ 2062.521200] ? strncpy_from_user+0x9e/0x470 [ 2062.521696] ? finish_automount+0xa90/0xa90 [ 2062.522194] ? getname_flags.part.0+0x1dd/0x4f0 [ 2062.522727] ? _copy_from_user+0xfb/0x1b0 [ 2062.523207] __x64_sys_mount+0x282/0x300 [ 2062.523672] ? copy_mnt_ns+0xa00/0xa00 [ 2062.524121] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.524745] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.525346] do_syscall_64+0x33/0x40 [ 2062.525774] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.526364] RIP: 0033:0x7f4689135b19 [ 2062.526791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.528913] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2062.529792] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2062.530610] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2062.531434] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2062.532249] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.533087] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:15 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8980, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:15 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2062.639234] FAULT_INJECTION: forcing a failure. [ 2062.639234] name failslab, interval 1, probability 0, space 0, times 0 [ 2062.641870] CPU: 0 PID: 38653 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2062.643482] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2062.645228] Call Trace: [ 2062.645792] dump_stack+0x107/0x167 [ 2062.646566] should_fail.cold+0x5/0xa [ 2062.647373] ? create_object.isra.0+0x3a/0xa30 [ 2062.648334] should_failslab+0x5/0x20 [ 2062.649149] kmem_cache_alloc+0x5b/0x310 [ 2062.650010] ? mark_held_locks+0x9e/0xe0 [ 2062.650869] create_object.isra.0+0x3a/0xa30 [ 2062.651793] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2062.652878] kmem_cache_alloc_bulk+0x168/0x320 [ 2062.653859] io_submit_sqes+0x6fe4/0x8610 [ 2062.654768] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2062.655815] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2062.656850] ? find_held_lock+0x2c/0x110 [ 2062.657718] ? io_submit_sqes+0x8610/0x8610 [ 2062.658638] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2062.659661] ? wait_for_completion_io+0x270/0x270 [ 2062.660690] ? rcu_read_lock_any_held+0x75/0xa0 [ 2062.661673] ? vfs_write+0x354/0xb10 [ 2062.662463] ? fput_many+0x2f/0x1a0 [ 2062.663227] ? ksys_write+0x1a9/0x260 [ 2062.664035] ? __ia32_sys_read+0xb0/0xb0 [ 2062.664906] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2062.666016] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2062.667106] do_syscall_64+0x33/0x40 [ 2062.667899] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2062.668982] RIP: 0033:0x7ff6f30cbb19 [ 2062.669766] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2062.673692] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2062.675310] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2062.676817] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2062.678347] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2062.679848] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2062.681366] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:02:15 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffffff7f00000000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:15 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 35) 04:02:27 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 46) 04:02:27 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r0 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x210000, 0x0) ioctl$LOOP_CHANGE_FD(r0, 0x4c06, 0xffffffffffffffff) 04:02:27 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:27 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:27 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8981, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2074.400789] FAULT_INJECTION: forcing a failure. [ 2074.400789] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.403890] CPU: 0 PID: 39422 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2074.405782] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.408058] Call Trace: [ 2074.408802] dump_stack+0x107/0x167 [ 2074.409819] should_fail.cold+0x5/0xa [ 2074.410871] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2074.412437] should_failslab+0x5/0x20 [ 2074.413498] kmem_cache_alloc+0x5b/0x310 [ 2074.414626] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2074.416161] idr_get_free+0x4b5/0x8f0 [ 2074.417244] idr_alloc_u32+0x184/0x300 [ 2074.418327] ? __fprop_inc_percpu_max+0x130/0x130 [ 2074.419650] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2074.421142] ? lock_release+0x680/0x680 [ 2074.422250] idr_alloc+0xc2/0x130 [ 2074.423196] ? idr_alloc_u32+0x300/0x300 [ 2074.424309] ? rwlock_bug.part.0+0x90/0x90 [ 2074.425501] p9_client_prepare_req.part.0+0x612/0xac0 [ 2074.426942] p9_client_rpc+0x220/0x1370 [ 2074.428036] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.429502] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2074.430968] ? pipe_poll+0x21b/0x800 [ 2074.431996] ? p9_fd_close+0x4a0/0x4a0 [ 2074.433078] ? wait_for_partner+0x3c0/0x3c0 [ 2074.434261] ? p9_fd_poll+0x1e0/0x2c0 [ 2074.435316] ? p9_fd_create+0x357/0x4a0 [ 2074.436403] ? p9_conn_create+0x510/0x510 [ 2074.437525] ? p9_client_create+0x798/0x1230 [ 2074.438537] ? kfree+0xd7/0x340 [ 2074.439308] p9_client_create+0xa76/0x1230 [ 2074.440285] ? p9_client_flush+0x430/0x430 [ 2074.441261] ? trace_hardirqs_on+0x5b/0x180 [ 2074.442259] ? lockdep_init_map_type+0x2c7/0x780 [ 2074.443326] ? __raw_spin_lock_init+0x36/0x110 [ 2074.444385] v9fs_session_init+0x1dd/0x1680 [ 2074.445404] ? lock_release+0x680/0x680 [ 2074.446325] ? kmem_cache_alloc_trace+0x151/0x320 [ 2074.447416] ? v9fs_show_options+0x690/0x690 [ 2074.448414] ? trace_hardirqs_on+0x5b/0x180 [ 2074.449395] ? kasan_unpoison_shadow+0x33/0x50 [ 2074.450457] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2074.451636] v9fs_mount+0x79/0x8f0 [ 2074.452472] ? v9fs_write_inode+0x60/0x60 [ 2074.453449] legacy_get_tree+0x105/0x220 [ 2074.454407] vfs_get_tree+0x8e/0x300 [ 2074.455272] path_mount+0x14ab/0x2200 [ 2074.456142] ? strncpy_from_user+0x9e/0x470 [ 2074.457138] ? finish_automount+0xa90/0xa90 [ 2074.458137] ? getname_flags.part.0+0x1dd/0x4f0 [ 2074.459197] ? _copy_from_user+0xfb/0x1b0 [ 2074.460139] __x64_sys_mount+0x282/0x300 [ 2074.461061] ? copy_mnt_ns+0xa00/0xa00 [ 2074.461968] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.463181] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.464361] do_syscall_64+0x33/0x40 [ 2074.465252] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.466403] RIP: 0033:0x7f4689135b19 [ 2074.467238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.471450] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2074.473189] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2074.474795] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2074.476418] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2074.478029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2074.479620] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2074.511132] 9pnet: Insufficient options for proto=fd [ 2074.570774] FAULT_INJECTION: forcing a failure. [ 2074.570774] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.572471] CPU: 1 PID: 39508 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2074.573307] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.574289] Call Trace: [ 2074.574610] dump_stack+0x107/0x167 [ 2074.575048] should_fail.cold+0x5/0xa [ 2074.575505] ? create_object.isra.0+0x3a/0xa30 [ 2074.576045] should_failslab+0x5/0x20 [ 2074.576499] kmem_cache_alloc+0x5b/0x310 [ 2074.576989] ? mark_held_locks+0x9e/0xe0 [ 2074.577471] create_object.isra.0+0x3a/0xa30 [ 2074.577995] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2074.578598] kmem_cache_alloc_bulk+0x168/0x320 [ 2074.579144] io_submit_sqes+0x6fe4/0x8610 [ 2074.579653] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2074.580246] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2074.580819] ? find_held_lock+0x2c/0x110 [ 2074.581305] ? io_submit_sqes+0x8610/0x8610 [ 2074.581824] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2074.582397] ? wait_for_completion_io+0x270/0x270 [ 2074.582972] ? rcu_read_lock_any_held+0x75/0xa0 [ 2074.583486] ? vfs_write+0x354/0xb10 [ 2074.583932] ? fput_many+0x2f/0x1a0 [ 2074.584359] ? ksys_write+0x1a9/0x260 [ 2074.584814] ? __ia32_sys_read+0xb0/0xb0 [ 2074.585299] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.585916] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.586530] do_syscall_64+0x33/0x40 [ 2074.586968] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.587576] RIP: 0033:0x7ff6f30cbb19 [ 2074.588022] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.590228] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2074.591129] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2074.591981] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2074.592826] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2074.593673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2074.594522] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:02:27 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x3, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:27 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x200400c, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@cache_mmap}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8982, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:27 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4084, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:27 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:27 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) openat(r0, &(0x7f0000000040)='./file1\x00', 0x2c00, 0x49) open$dir(&(0x7f0000000140)='./file1\x00', 0x40180, 0x0) fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000000)='version=9p2000.L', 0x0, r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000180)={{0x2, 0x4e23, @private=0xa010100}, {0x0, @remote}, 0xf, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x26}}}) [ 2074.880751] 9pnet: Insufficient options for proto=fd 04:02:27 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 47) [ 2074.945129] FAULT_INJECTION: forcing a failure. [ 2074.945129] name failslab, interval 1, probability 0, space 0, times 0 [ 2074.946439] CPU: 1 PID: 40475 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2074.947225] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2074.948159] Call Trace: [ 2074.948454] dump_stack+0x107/0x167 [ 2074.948856] should_fail.cold+0x5/0xa [ 2074.949293] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2074.949973] should_failslab+0x5/0x20 [ 2074.950413] kmem_cache_alloc+0x5b/0x310 [ 2074.950895] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2074.951555] idr_get_free+0x4b5/0x8f0 [ 2074.952009] idr_alloc_u32+0x184/0x300 [ 2074.952466] ? __fprop_inc_percpu_max+0x130/0x130 [ 2074.953037] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2074.953665] ? lock_release+0x680/0x680 [ 2074.954129] idr_alloc+0xc2/0x130 [ 2074.954520] ? idr_alloc_u32+0x300/0x300 [ 2074.954994] ? rwlock_bug.part.0+0x90/0x90 [ 2074.955485] p9_client_prepare_req.part.0+0x612/0xac0 [ 2074.956066] p9_client_rpc+0x220/0x1370 [ 2074.956525] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.957098] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2074.957732] ? pipe_poll+0x21b/0x800 [ 2074.958165] ? p9_fd_close+0x4a0/0x4a0 [ 2074.958622] ? wait_for_partner+0x3c0/0x3c0 [ 2074.959135] ? p9_fd_poll+0x1e0/0x2c0 [ 2074.959584] ? p9_fd_create+0x357/0x4a0 [ 2074.960047] ? p9_conn_create+0x510/0x510 [ 2074.960531] ? p9_client_create+0x798/0x1230 [ 2074.961050] ? kfree+0xd7/0x340 [ 2074.961438] p9_client_create+0xa76/0x1230 [ 2074.961935] ? p9_client_flush+0x430/0x430 [ 2074.962433] ? trace_hardirqs_on+0x5b/0x180 [ 2074.962943] ? lockdep_init_map_type+0x2c7/0x780 [ 2074.963509] ? __raw_spin_lock_init+0x36/0x110 [ 2074.964050] v9fs_session_init+0x1dd/0x1680 [ 2074.964560] ? lock_release+0x680/0x680 [ 2074.965039] ? kmem_cache_alloc_trace+0x151/0x320 [ 2074.965601] ? v9fs_show_options+0x690/0x690 [ 2074.966119] ? trace_hardirqs_on+0x5b/0x180 [ 2074.966614] ? kasan_unpoison_shadow+0x33/0x50 [ 2074.967118] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2074.967669] v9fs_mount+0x79/0x8f0 [ 2074.968068] ? v9fs_write_inode+0x60/0x60 [ 2074.968522] legacy_get_tree+0x105/0x220 [ 2074.969007] vfs_get_tree+0x8e/0x300 [ 2074.969437] path_mount+0x14ab/0x2200 [ 2074.969882] ? strncpy_from_user+0x9e/0x470 [ 2074.970388] ? finish_automount+0xa90/0xa90 [ 2074.970895] ? getname_flags.part.0+0x1dd/0x4f0 [ 2074.971438] ? _copy_from_user+0xfb/0x1b0 [ 2074.971931] __x64_sys_mount+0x282/0x300 [ 2074.972405] ? copy_mnt_ns+0xa00/0xa00 [ 2074.972870] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2074.973495] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2074.974101] do_syscall_64+0x33/0x40 [ 2074.974536] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2074.975140] RIP: 0033:0x7f4689135b19 [ 2074.975578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2074.977717] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2074.978617] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2074.979443] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2074.980211] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2074.981054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2074.981887] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:39 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:39 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 36) 04:02:39 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8983, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4800, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:39 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4e9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 48) 04:02:39 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x4, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2087.037570] 9pnet: Insufficient options for proto=fd [ 2087.060103] FAULT_INJECTION: forcing a failure. [ 2087.060103] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.062986] CPU: 0 PID: 40688 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2087.064730] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.066827] Call Trace: [ 2087.067526] dump_stack+0x107/0x167 [ 2087.068572] should_fail.cold+0x5/0xa [ 2087.069552] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2087.070809] should_failslab+0x5/0x20 [ 2087.071635] kmem_cache_alloc+0x5b/0x310 [ 2087.072546] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2087.073782] idr_get_free+0x4b5/0x8f0 [ 2087.074648] idr_alloc_u32+0x184/0x300 [ 2087.075513] ? __fprop_inc_percpu_max+0x130/0x130 [ 2087.076577] ? p9_client_prepare_req.part.0+0x20a/0xac0 [ 2087.077757] ? lock_release+0x680/0x680 [ 2087.078633] idr_alloc+0xc2/0x130 [ 2087.079392] ? idr_alloc_u32+0x300/0x300 [ 2087.080270] ? rwlock_bug.part.0+0x90/0x90 [ 2087.081220] p9_client_prepare_req.part.0+0x612/0xac0 [ 2087.082348] p9_client_rpc+0x220/0x1370 [ 2087.083216] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.084368] ? p9_client_prepare_req.part.0+0xac0/0xac0 [ 2087.085549] ? pipe_poll+0x21b/0x800 [ 2087.086363] ? p9_fd_close+0x4a0/0x4a0 [ 2087.087215] ? wait_for_partner+0x3c0/0x3c0 [ 2087.088158] ? p9_fd_poll+0x1e0/0x2c0 [ 2087.089016] ? p9_fd_create+0x357/0x4a0 [ 2087.089888] ? p9_conn_create+0x510/0x510 [ 2087.090781] ? p9_client_create+0x798/0x1230 04:02:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x4c00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2087.091738] ? kfree+0xd7/0x340 [ 2087.092599] p9_client_create+0xa76/0x1230 [ 2087.093544] ? p9_client_flush+0x430/0x430 [ 2087.094464] ? trace_hardirqs_on+0x5b/0x180 [ 2087.095405] ? lockdep_init_map_type+0x2c7/0x780 [ 2087.096436] ? __raw_spin_lock_init+0x36/0x110 [ 2087.097457] v9fs_session_init+0x1dd/0x1680 [ 2087.098388] ? lock_release+0x680/0x680 [ 2087.099267] ? kmem_cache_alloc_trace+0x151/0x320 [ 2087.100308] ? v9fs_show_options+0x690/0x690 [ 2087.101267] ? trace_hardirqs_on+0x5b/0x180 [ 2087.102194] ? kasan_unpoison_shadow+0x33/0x50 [ 2087.103176] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.104262] v9fs_mount+0x79/0x8f0 [ 2087.105040] ? v9fs_write_inode+0x60/0x60 [ 2087.105935] legacy_get_tree+0x105/0x220 [ 2087.106808] vfs_get_tree+0x8e/0x300 [ 2087.107607] path_mount+0x14ab/0x2200 [ 2087.108425] ? strncpy_from_user+0x9e/0x470 [ 2087.109365] ? finish_automount+0xa90/0xa90 [ 2087.110289] ? getname_flags.part.0+0x1dd/0x4f0 [ 2087.111283] ? _copy_from_user+0xfb/0x1b0 [ 2087.112177] __x64_sys_mount+0x282/0x300 [ 2087.113050] ? copy_mnt_ns+0xa00/0xa00 [ 2087.113887] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.115005] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.116111] do_syscall_64+0x33/0x40 [ 2087.116911] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.118005] RIP: 0033:0x7f4689135b19 [ 2087.118803] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.122700] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2087.124304] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2087.125814] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2087.127324] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2087.128841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.130349] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:39 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6d6d61702c63616368653d667363616368652c64656275673d30783030679e3030a5c1ffff3030303932342c6e6f6465766d61702c76657273696f6e3d393bec2cc0b67b14c9736d61636bb0737472616e736d754d7140a3f820b8e1027f2442697b96589abb74653d6e6f6465766d61702c666f776e", @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) [ 2087.166365] FAULT_INJECTION: forcing a failure. [ 2087.166365] name failslab, interval 1, probability 0, space 0, times 0 [ 2087.167763] CPU: 1 PID: 40729 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2087.168572] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2087.169529] Call Trace: [ 2087.169842] dump_stack+0x107/0x167 [ 2087.170260] should_fail.cold+0x5/0xa [ 2087.170676] ? create_object.isra.0+0x3a/0xa30 [ 2087.171197] should_failslab+0x5/0x20 [ 2087.171624] kmem_cache_alloc+0x5b/0x310 [ 2087.172067] create_object.isra.0+0x3a/0xa30 [ 2087.172574] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2087.173133] kmem_cache_alloc_bulk+0x168/0x320 [ 2087.173649] io_submit_sqes+0x6fe4/0x8610 [ 2087.174122] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2087.174690] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2087.175249] ? find_held_lock+0x2c/0x110 [ 2087.175718] ? io_submit_sqes+0x8610/0x8610 [ 2087.176221] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2087.176777] ? wait_for_completion_io+0x270/0x270 [ 2087.177339] ? rcu_read_lock_any_held+0x75/0xa0 [ 2087.177865] ? vfs_write+0x354/0xb10 [ 2087.178295] ? fput_many+0x2f/0x1a0 [ 2087.178705] ? ksys_write+0x1a9/0x260 [ 2087.179139] ? __ia32_sys_read+0xb0/0xb0 [ 2087.179609] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2087.180206] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2087.180774] do_syscall_64+0x33/0x40 [ 2087.181202] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2087.181759] RIP: 0033:0x7ff6f30cbb19 [ 2087.182182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2087.184297] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2087.185173] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2087.185988] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2087.186803] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2087.187608] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2087.188429] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 2087.206706] 9pnet: Unknown protocol version 9;ì 04:02:39 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4ea, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 37) 04:02:52 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6800, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:52 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4eb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:52 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:52 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 49) 04:02:52 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) sendfile(r0, r1, &(0x7f0000000000)=0x3fb000000000, 0x500000000000000) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fscontext=system_u,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c008f12e42e68fc46ee84038eeb6b50d5bbcdf45fe1fdbbc27c1b877ac778f05a0968097e11020000002349c3b4eeb25ce7d3cc369d46b568d98b7b174ab630c4984b500d2c2e192e940a0891daa53ef2b3606334e26f721f94b632d909726453d3eb5f065876ae93ba7dd058dda0e80a9ca400"]) 04:02:52 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x89a0, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:52 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x5, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2099.718726] 9pnet: Insufficient options for proto=fd [ 2099.728967] FAULT_INJECTION: forcing a failure. [ 2099.728967] name failslab, interval 1, probability 0, space 0, times 0 [ 2099.730514] CPU: 1 PID: 41539 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2099.731305] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2099.732244] Call Trace: [ 2099.732552] dump_stack+0x107/0x167 [ 2099.732975] should_fail.cold+0x5/0xa [ 2099.733413] should_failslab+0x5/0x20 [ 2099.733850] kmem_cache_alloc_bulk+0x4b/0x320 [ 2099.734378] io_submit_sqes+0x6fe4/0x8610 [ 2099.734867] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2099.735439] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2099.735649] FAULT_INJECTION: forcing a failure. [ 2099.735649] name failslab, interval 1, probability 0, space 0, times 0 [ 2099.735997] ? find_held_lock+0x2c/0x110 [ 2099.736012] ? io_submit_sqes+0x8610/0x8610 [ 2099.736036] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2099.740403] ? wait_for_completion_io+0x270/0x270 [ 2099.740966] ? rcu_read_lock_any_held+0x75/0xa0 [ 2099.741497] ? vfs_write+0x354/0xb10 [ 2099.741918] ? fput_many+0x2f/0x1a0 [ 2099.742332] ? ksys_write+0x1a9/0x260 [ 2099.742764] ? __ia32_sys_read+0xb0/0xb0 [ 2099.743230] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2099.743829] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2099.744421] do_syscall_64+0x33/0x40 [ 2099.744842] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2099.745437] RIP: 0033:0x7ff6f30cbb19 [ 2099.745865] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2099.747968] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2099.748835] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2099.749661] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2099.750473] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2099.751283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2099.752099] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 2099.752950] CPU: 0 PID: 41549 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2099.754466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2099.756216] Call Trace: [ 2099.756786] dump_stack+0x107/0x167 [ 2099.757582] should_fail.cold+0x5/0xa [ 2099.758419] ? create_object.isra.0+0x3a/0xa30 [ 2099.759418] should_failslab+0x5/0x20 [ 2099.760251] kmem_cache_alloc+0x5b/0x310 [ 2099.761148] create_object.isra.0+0x3a/0xa30 [ 2099.762109] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2099.763228] __kmalloc+0x16e/0x390 [ 2099.764010] p9pdu_readf+0xadb/0x1d40 [ 2099.764854] ? pipe_poll+0x21b/0x800 [ 2099.765677] ? p9pdu_writef+0x100/0x100 [ 2099.766546] ? p9_fd_poll+0x1e0/0x2c0 [ 2099.767384] ? p9_fd_create+0x357/0x4a0 [ 2099.768257] ? p9_conn_create+0x510/0x510 [ 2099.769166] ? p9_client_create+0x798/0x1230 [ 2099.770126] ? kfree+0xd7/0x340 [ 2099.770853] p9_client_create+0xaee/0x1230 [ 2099.771784] ? p9_client_flush+0x430/0x430 [ 2099.772709] ? trace_hardirqs_on+0x5b/0x180 [ 2099.773664] ? lockdep_init_map_type+0x2c7/0x780 [ 2099.774698] ? __raw_spin_lock_init+0x36/0x110 [ 2099.775704] v9fs_session_init+0x1dd/0x1680 [ 2099.776645] ? lock_release+0x680/0x680 [ 2099.777532] ? kmem_cache_alloc_trace+0x151/0x320 [ 2099.778586] ? v9fs_show_options+0x690/0x690 [ 2099.779524] ? trace_hardirqs_on+0x5b/0x180 [ 2099.780467] ? kasan_unpoison_shadow+0x33/0x50 [ 2099.781445] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2099.782554] v9fs_mount+0x79/0x8f0 [ 2099.783315] ? v9fs_write_inode+0x60/0x60 [ 2099.784215] legacy_get_tree+0x105/0x220 [ 2099.785081] vfs_get_tree+0x8e/0x300 [ 2099.785893] path_mount+0x14ab/0x2200 [ 2099.786706] ? strncpy_from_user+0x9e/0x470 [ 2099.787650] ? finish_automount+0xa90/0xa90 [ 2099.788624] ? getname_flags.part.0+0x1dd/0x4f0 [ 2099.789852] ? _copy_from_user+0xfb/0x1b0 [ 2099.790792] __x64_sys_mount+0x282/0x300 [ 2099.791691] ? copy_mnt_ns+0xa00/0xa00 [ 2099.792559] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2099.793747] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2099.794905] do_syscall_64+0x33/0x40 [ 2099.795737] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2099.796874] RIP: 0033:0x7f4689135b19 [ 2099.797725] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2099.801938] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2099.803644] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2099.805237] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2099.806824] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2099.808401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2099.810010] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:52 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, 'r+\x06'}}, {@fowner_gt}]}}) 04:02:52 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x6c00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2099.881305] 9pnet: Insufficient options for proto=fd 04:02:52 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7400, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:52 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x89a1, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:52 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 38) 04:02:52 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x6, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:02:52 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4ec, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:52 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2f9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:52 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 50) 04:02:52 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) accept$unix(r0, &(0x7f00000009c0)=@abs, &(0x7f0000000880)=0x6e) syz_io_uring_setup(0x63d4, &(0x7f0000000000)={0x0, 0x77f5, 0x1, 0x0, 0x9}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ff2000/0xe000)=nil, &(0x7f0000000140), &(0x7f0000000180)=0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) r3 = accept$unix(r0, &(0x7f00000001c0)=@abs, &(0x7f0000000240)=0x6e) syz_io_uring_submit(0x0, r1, &(0x7f0000000280)=@IORING_OP_SPLICE={0x1e, 0x1, 0x0, @fd=r2, 0x1, {0x0, r3}, 0x1000, 0xf, 0x0, {0x0, 0x0, r0}}, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) vmsplice(r3, &(0x7f0000000940)=[{&(0x7f00000002c0)="e0534438b1e5a1ee0a8756f489996c17a87bce5c227289a7ebda88163a9f577d4259eacbba52da12f154bdac3770d839b2e269a8f42be0fc16890f2c1f0564f213510c40a2ece1a0fe6143886a713962c58ec509cd47fcd12558e52410b4a13f093894161a6d2d6d801a81483d37007e5a1e6b7c6d952d61d150e7c6ef1c64a139e412647666b4697dfc58b56ceba15c60fa6da49750aca08c1f2c326694bbdd3494ed647e7ecc3974861afb4fa83f4add8f6d52181ffd00616f35b74a219f0ca49eee252e149ae1cd55bab158b28d06a5e26b69dced7b688410f91f51b20a9a7d0a912019d5e09a7351bf0e03ac", 0xee}, {&(0x7f00000003c0)="29002dba8cbbe49b3919b8709d31359d30ac385cfd6ace993f91eae1d31b4686928255ab22911cf01701eb1a2b392ed2b3743d419b9d60ce70521b4cf00c6361eedfed8ea8715fb600154b9f1698c3668603f2bd40c4161eb8ecd4fd573c92fd89e5e3f08979343345b7fdb5b872e18c490678a1f66deeae7936981cbf150e53437c58a9dd4a433d45f431887bfe188479b1fd372b0eb0b3054945b758f5a5b51e7c56ca93c8696ed05c786d9355568d5fe530e48a522cf1ba5e9e1f0eaa259a32b998e6cb4b35821d33b44dc04f548aba2c24fe6aa88145b31df514", 0xdc}, {&(0x7f00000004c0)="a37a3883ed374d89e14c51efe62b3d4ce58fd83df37265721e3f5dffa30ae245fb9f1c2ced4bf822c41afc571cd6b13fe3ebb3fb6bfc8aa604d2d1ed7220ede6157ca9cad314b32c114968569399a97971606031205c3e51eec8497b767b51dfd1fde968e7b90f6e9198ab0f705e9bd3065fd695ca54f584989afd9f56adf41a16cd", 0x82}, {&(0x7f00000006c0)="3c737f78a51be4c010461ce541c197c8927883bb8939409722cf1a5d5aa629ea2b9d58c836907037743d58683d0f36ab83ef3b97fbf22ca161b5b0faed21a5291828243ac231694b1c4b08f6c25f1f42ab33c7cbb259c6e9a7f61be55268b278e15c7885d7de6e53c04db45e2f", 0x6d}, {&(0x7f0000000740)="1339cb4f04", 0x5}, {&(0x7f0000000780)="4e3eaa72f5379aba2bcb79d12d7a0c117880a366b6deaeeaa1a0ca853902bddb87889e4752346f8e9f13f2924b71c3935ee717d9e9039baaba846da9df164b005c218ecf503dcb1b69fdeb163a8a1b0e112d918403a1d8de6ef58082ccfac008219f4e5cddca3c1e9bc5c362e7e89b2e8116ceea621e033dc85382bf50a6afbc5a6478fc078c9022863890beb1536d3d87e2924ac306a4dcd80a0cbe0a8ffcb8db56cdaf68976cb959ae699abc75546cd051a1cdd198e7c4888c6bc91a52dc6144d89e47472b9ddf1ce3a63cac4791423a241b37fee0dee5ed2f46dd27972fc088ae4992dca54fa9bbe067", 0xeb}], 0x6, 0x0) [ 2100.107052] FAULT_INJECTION: forcing a failure. [ 2100.107052] name failslab, interval 1, probability 0, space 0, times 0 [ 2100.109797] CPU: 0 PID: 42349 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2100.111274] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2100.113017] Call Trace: [ 2100.113593] dump_stack+0x107/0x167 [ 2100.114369] should_fail.cold+0x5/0xa [ 2100.115175] ? create_object.isra.0+0x3a/0xa30 [ 2100.116138] should_failslab+0x5/0x20 [ 2100.116973] kmem_cache_alloc+0x5b/0x310 [ 2100.117838] create_object.isra.0+0x3a/0xa30 [ 2100.118761] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2100.119839] kmem_cache_alloc_bulk+0x168/0x320 [ 2100.120803] io_submit_sqes+0x6fe4/0x8610 [ 2100.121614] FAULT_INJECTION: forcing a failure. [ 2100.121614] name failslab, interval 1, probability 0, space 0, times 0 [ 2100.121724] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2100.124062] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2100.125096] ? find_held_lock+0x2c/0x110 [ 2100.125956] ? io_submit_sqes+0x8610/0x8610 [ 2100.126865] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2100.127879] ? wait_for_completion_io+0x270/0x270 [ 2100.128925] ? rcu_read_lock_any_held+0x75/0xa0 [ 2100.129898] ? vfs_write+0x354/0xb10 [ 2100.130677] ? fput_many+0x2f/0x1a0 [ 2100.131438] ? ksys_write+0x1a9/0x260 [ 2100.132241] ? __ia32_sys_read+0xb0/0xb0 [ 2100.133111] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2100.134227] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2100.135335] do_syscall_64+0x33/0x40 [ 2100.136123] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2100.137210] RIP: 0033:0x7ff6f30cbb19 [ 2100.137995] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2100.141883] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2100.143550] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2100.145120] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2100.146677] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2100.148236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2100.149818] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 [ 2100.151408] CPU: 1 PID: 42417 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2100.152251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2100.153244] Call Trace: [ 2100.153569] dump_stack+0x107/0x167 [ 2100.154005] should_fail.cold+0x5/0xa [ 2100.154461] should_failslab+0x5/0x20 [ 2100.154916] __kmalloc_track_caller+0x79/0x370 [ 2100.155454] ? kasprintf+0xbb/0xf0 04:02:52 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x7a00, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2100.155874] ? __delete_object+0xb3/0x100 [ 2100.156513] kvasprintf+0xb5/0x150 [ 2100.156946] ? bust_spinlocks+0xe0/0xe0 [ 2100.157420] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2100.158043] kasprintf+0xbb/0xf0 [ 2100.158440] ? kvasprintf_const+0x1a0/0x1a0 [ 2100.158950] ? kmem_cache_free+0x249/0x2d0 [ 2100.159454] ? p9_client_create+0xbfa/0x1230 [ 2100.159972] p9_client_create+0xc1b/0x1230 [ 2100.160475] ? p9_client_flush+0x430/0x430 [ 2100.160984] ? trace_hardirqs_on+0x5b/0x180 [ 2100.161495] ? lockdep_init_map_type+0x2c7/0x780 [ 2100.162055] ? __raw_spin_lock_init+0x36/0x110 [ 2100.162598] v9fs_session_init+0x1dd/0x1680 [ 2100.163106] ? lock_release+0x680/0x680 [ 2100.163585] ? kmem_cache_alloc_trace+0x151/0x320 [ 2100.164154] ? v9fs_show_options+0x690/0x690 [ 2100.164677] ? trace_hardirqs_on+0x5b/0x180 [ 2100.165199] ? kasan_unpoison_shadow+0x33/0x50 [ 2100.165739] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2100.166346] v9fs_mount+0x79/0x8f0 [ 2100.166766] ? v9fs_write_inode+0x60/0x60 [ 2100.167255] legacy_get_tree+0x105/0x220 [ 2100.167737] vfs_get_tree+0x8e/0x300 [ 2100.168184] path_mount+0x14ab/0x2200 [ 2100.168638] ? strncpy_from_user+0x9e/0x470 [ 2100.169153] ? finish_automount+0xa90/0xa90 [ 2100.169664] ? getname_flags.part.0+0x1dd/0x4f0 [ 2100.170211] ? _copy_from_user+0xfb/0x1b0 [ 2100.170707] __x64_sys_mount+0x282/0x300 [ 2100.171182] ? copy_mnt_ns+0xa00/0xa00 [ 2100.171647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2100.172269] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2100.172879] do_syscall_64+0x33/0x40 [ 2100.173323] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2100.173927] RIP: 0033:0x7f4689135b19 [ 2100.174366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2100.176540] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2100.177454] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2100.178293] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2100.179132] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2100.179970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2100.180811] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:02:52 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x40049409, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2100.259111] 9pnet: Insufficient options for proto=fd 04:02:52 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4ed, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:53 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2fa, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:53 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x40086602, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:53 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4ee, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:02:53 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:02:53 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x40087602, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:02:53 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r2, 0xc018937e, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, @out_args}, './file1\x00'}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) pidfd_getfd(r1, r3, 0x0) 04:02:53 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 51) [ 2100.475911] 9pnet: Insufficient options for proto=fd [ 2100.515231] FAULT_INJECTION: forcing a failure. [ 2100.515231] name failslab, interval 1, probability 0, space 0, times 0 [ 2100.516633] CPU: 1 PID: 43347 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2100.517453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2100.518404] Call Trace: [ 2100.518717] dump_stack+0x107/0x167 [ 2100.519135] should_fail.cold+0x5/0xa [ 2100.519573] ? create_object.isra.0+0x3a/0xa30 [ 2100.520094] should_failslab+0x5/0x20 [ 2100.520533] kmem_cache_alloc+0x5b/0x310 [ 2100.521023] ? vsnprintf+0x4ba/0x1600 [ 2100.521481] create_object.isra.0+0x3a/0xa30 [ 2100.521990] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2100.522574] __kmalloc_track_caller+0x177/0x370 [ 2100.523107] ? kasprintf+0xbb/0xf0 [ 2100.523519] kvasprintf+0xb5/0x150 [ 2100.523926] ? bust_spinlocks+0xe0/0xe0 [ 2100.524391] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2100.525020] kasprintf+0xbb/0xf0 [ 2100.525413] ? kvasprintf_const+0x1a0/0x1a0 [ 2100.525909] ? kmem_cache_free+0x249/0x2d0 [ 2100.526399] ? p9_client_create+0xbfa/0x1230 [ 2100.526913] p9_client_create+0xc1b/0x1230 [ 2100.527401] ? p9_client_flush+0x430/0x430 [ 2100.527887] ? trace_hardirqs_on+0x5b/0x180 [ 2100.528379] ? lockdep_init_map_type+0x2c7/0x780 [ 2100.528928] ? __raw_spin_lock_init+0x36/0x110 [ 2100.529462] v9fs_session_init+0x1dd/0x1680 [ 2100.529956] ? lock_release+0x680/0x680 [ 2100.530419] ? kmem_cache_alloc_trace+0x151/0x320 [ 2100.530971] ? v9fs_show_options+0x690/0x690 [ 2100.531477] ? trace_hardirqs_on+0x5b/0x180 [ 2100.531976] ? kasan_unpoison_shadow+0x33/0x50 [ 2100.532501] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2100.533093] v9fs_mount+0x79/0x8f0 [ 2100.533502] ? v9fs_write_inode+0x60/0x60 [ 2100.533982] legacy_get_tree+0x105/0x220 [ 2100.534455] vfs_get_tree+0x8e/0x300 [ 2100.534890] path_mount+0x14ab/0x2200 [ 2100.535330] ? strncpy_from_user+0x9e/0x470 [ 2100.535828] ? finish_automount+0xa90/0xa90 [ 2100.536325] ? getname_flags.part.0+0x1dd/0x4f0 [ 2100.536859] ? _copy_from_user+0xfb/0x1b0 [ 2100.537345] __x64_sys_mount+0x282/0x300 [ 2100.537809] ? copy_mnt_ns+0xa00/0xa00 [ 2100.538256] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2100.538860] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2100.539452] do_syscall_64+0x33/0x40 [ 2100.539885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2100.540479] RIP: 0033:0x7f4689135b19 [ 2100.540918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2100.543026] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2100.543901] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2100.544722] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2100.545556] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2100.546373] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2100.547195] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:03:05 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x7, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:03:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 52) 04:03:05 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4ef, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:05 executing program 5: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, r0, 0x300, 0x70bd26, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0xfffffc00, 0x76}}}}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x20000080}, 0x4000014) r1 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$NL80211_CMD_REGISTER_BEACONS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000055000000080001006f00000008000300", @ANYRES32, @ANYBLOB="08009900"], 0x30}}, 0x0) sendmsg$NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000340)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)={0x34, r3, 0x8, 0x70bd28, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x15}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x34}, 0x1, 0x0, 0x0, 0x51}, 0x0) pipe(0x0) openat(r1, &(0x7f0000000000)='./file1\x00', 0x2, 0x100) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2040042, &(0x7f00000003c0)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cachetag={'cachetag', 0x3d, 'cache=fscache'}}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@permit_directio}, {@fowner_gt}]}}) open$dir(&(0x7f0000000240)='./file1\x00', 0x8000, 0x17c) 04:03:05 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 39) 04:03:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:05 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2fb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:05 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x4020940d, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2112.932255] FAULT_INJECTION: forcing a failure. [ 2112.932255] name failslab, interval 1, probability 0, space 0, times 0 [ 2112.934045] CPU: 1 PID: 43441 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2112.934823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2112.935763] Call Trace: [ 2112.936071] dump_stack+0x107/0x167 [ 2112.936489] should_fail.cold+0x5/0xa [ 2112.936926] ? create_object.isra.0+0x3a/0xa30 [ 2112.937466] should_failslab+0x5/0x20 [ 2112.937901] kmem_cache_alloc+0x5b/0x310 [ 2112.938366] ? mark_held_locks+0x9e/0xe0 [ 2112.938831] create_object.isra.0+0x3a/0xa30 [ 2112.939333] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2112.939921] kmem_cache_alloc_bulk+0x168/0x320 [ 2112.940452] io_submit_sqes+0x6fe4/0x8610 [ 2112.940940] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2112.941516] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2112.942069] ? find_held_lock+0x2c/0x110 [ 2112.942532] ? io_submit_sqes+0x8610/0x8610 [ 2112.943027] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2112.943575] ? wait_for_completion_io+0x270/0x270 [ 2112.944138] ? rcu_read_lock_any_held+0x75/0xa0 [ 2112.944665] ? vfs_write+0x354/0xb10 [ 2112.945103] ? fput_many+0x2f/0x1a0 [ 2112.945517] ? ksys_write+0x1a9/0x260 [ 2112.945955] ? __ia32_sys_read+0xb0/0xb0 [ 2112.946417] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2112.947013] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2112.947596] do_syscall_64+0x33/0x40 [ 2112.948025] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2112.948608] RIP: 0033:0x7ff6f30cbb19 [ 2112.949033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2112.951126] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2112.951997] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2112.952809] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2112.953624] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2112.954434] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2112.955238] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:03:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:05 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2113.016719] FAULT_INJECTION: forcing a failure. [ 2113.016719] name failslab, interval 1, probability 0, space 0, times 0 [ 2113.019636] CPU: 0 PID: 43550 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2113.021200] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2113.023076] Call Trace: [ 2113.023684] dump_stack+0x107/0x167 [ 2113.024523] should_fail.cold+0x5/0xa [ 2113.025396] should_failslab+0x5/0x20 [ 2113.026257] __kmalloc_track_caller+0x79/0x370 [ 2113.027287] ? kstrdup_const+0x53/0x80 [ 2113.028174] kstrdup+0x36/0x70 [ 2113.028905] kstrdup_const+0x53/0x80 [ 2113.029768] kmem_cache_create_usercopy+0x12f/0x2f0 [ 2113.030903] p9_client_create+0xc6a/0x1230 [ 2113.031865] ? p9_client_flush+0x430/0x430 [ 2113.032822] ? trace_hardirqs_on+0x5b/0x180 [ 2113.033817] ? lockdep_init_map_type+0x2c7/0x780 [ 2113.034887] ? __raw_spin_lock_init+0x36/0x110 [ 2113.035933] v9fs_session_init+0x1dd/0x1680 [ 2113.036905] ? lock_release+0x680/0x680 [ 2113.037831] ? kmem_cache_alloc_trace+0x151/0x320 [ 2113.038918] ? v9fs_show_options+0x690/0x690 [ 2113.039921] ? trace_hardirqs_on+0x5b/0x180 [ 2113.040902] ? kasan_unpoison_shadow+0x33/0x50 [ 2113.041943] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2113.043097] v9fs_mount+0x79/0x8f0 [ 2113.043899] ? v9fs_write_inode+0x60/0x60 [ 2113.044836] legacy_get_tree+0x105/0x220 [ 2113.045772] vfs_get_tree+0x8e/0x300 [ 2113.046622] path_mount+0x14ab/0x2200 [ 2113.047489] ? strncpy_from_user+0x9e/0x470 [ 2113.048461] ? finish_automount+0xa90/0xa90 [ 2113.049447] ? getname_flags.part.0+0x1dd/0x4f0 [ 2113.050504] ? _copy_from_user+0xfb/0x1b0 [ 2113.051456] __x64_sys_mount+0x282/0x300 [ 2113.052370] ? copy_mnt_ns+0xa00/0xa00 [ 2113.053268] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2113.054458] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2113.055630] do_syscall_64+0x33/0x40 [ 2113.056471] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2113.057635] RIP: 0033:0x7f4689135b19 [ 2113.058478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2113.062654] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2113.064368] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2113.065992] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2113.067605] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2113.069230] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2113.070847] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2113.072535] kmem_cache_create(9p-fcall-cache-382) failed with error -12 [ 2113.074090] CPU: 0 PID: 43550 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2113.075647] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2113.077520] Call Trace: [ 2113.078116] dump_stack+0x107/0x167 [ 2113.078948] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2113.080140] p9_client_create+0xc6a/0x1230 [ 2113.081120] ? p9_client_flush+0x430/0x430 [ 2113.082078] ? trace_hardirqs_on+0x5b/0x180 [ 2113.083052] ? lockdep_init_map_type+0x2c7/0x780 [ 2113.084132] ? __raw_spin_lock_init+0x36/0x110 [ 2113.085181] v9fs_session_init+0x1dd/0x1680 [ 2113.086160] ? lock_release+0x680/0x680 [ 2113.087067] ? kmem_cache_alloc_trace+0x151/0x320 [ 2113.088152] ? v9fs_show_options+0x690/0x690 [ 2113.089164] ? trace_hardirqs_on+0x5b/0x180 [ 2113.090140] ? kasan_unpoison_shadow+0x33/0x50 [ 2113.091161] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2113.092304] v9fs_mount+0x79/0x8f0 [ 2113.093113] ? v9fs_write_inode+0x60/0x60 [ 2113.094044] legacy_get_tree+0x105/0x220 [ 2113.094956] vfs_get_tree+0x8e/0x300 [ 2113.095795] path_mount+0x14ab/0x2200 [ 2113.096657] ? strncpy_from_user+0x9e/0x470 [ 2113.097643] ? finish_automount+0xa90/0xa90 [ 2113.098625] ? getname_flags.part.0+0x1dd/0x4f0 [ 2113.099671] ? _copy_from_user+0xfb/0x1b0 [ 2113.100622] __x64_sys_mount+0x282/0x300 [ 2113.101549] ? copy_mnt_ns+0xa00/0xa00 [ 2113.102426] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2113.103604] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2113.104756] do_syscall_64+0x33/0x40 [ 2113.105603] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2113.106751] RIP: 0033:0x7f4689135b19 [ 2113.107590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2113.111734] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2113.113494] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2113.115102] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2113.116716] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2113.118328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2113.119935] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:03:19 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2fc, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:19 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@access_user}, {@nodevmap}, {@access_user}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:19 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x80086601, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:03:19 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:19 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f1, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:19 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 53) 04:03:19 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 40) 04:03:19 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x8, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2126.603785] FAULT_INJECTION: forcing a failure. [ 2126.603785] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.605122] CPU: 1 PID: 44183 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2126.605916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.606852] Call Trace: [ 2126.607159] dump_stack+0x107/0x167 [ 2126.607571] should_fail.cold+0x5/0xa [ 2126.608004] ? create_object.isra.0+0x3a/0xa30 [ 2126.608522] should_failslab+0x5/0x20 [ 2126.608952] kmem_cache_alloc+0x5b/0x310 [ 2126.609418] ? lock_acquire+0x197/0x470 [ 2126.609869] create_object.isra.0+0x3a/0xa30 [ 2126.610370] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.610941] __kmalloc_track_caller+0x177/0x370 [ 2126.611463] ? kstrdup_const+0x53/0x80 [ 2126.611900] ? kasprintf+0xbb/0xf0 [ 2126.612302] kstrdup+0x36/0x70 [ 2126.612665] kstrdup_const+0x53/0x80 [ 2126.613088] kmem_cache_create_usercopy+0x12f/0x2f0 [ 2126.613667] p9_client_create+0xc6a/0x1230 [ 2126.614152] ? p9_client_flush+0x430/0x430 [ 2126.614631] ? trace_hardirqs_on+0x5b/0x180 [ 2126.615119] ? lockdep_init_map_type+0x2c7/0x780 [ 2126.615659] ? __raw_spin_lock_init+0x36/0x110 [ 2126.616182] v9fs_session_init+0x1dd/0x1680 [ 2126.616670] ? lock_release+0x680/0x680 [ 2126.617121] ? kmem_cache_alloc_trace+0x151/0x320 [ 2126.617675] ? v9fs_show_options+0x690/0x690 [ 2126.618177] ? trace_hardirqs_on+0x5b/0x180 [ 2126.618666] ? kasan_unpoison_shadow+0x33/0x50 [ 2126.619183] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.619760] v9fs_mount+0x79/0x8f0 [ 2126.620163] ? v9fs_write_inode+0x60/0x60 [ 2126.620631] legacy_get_tree+0x105/0x220 [ 2126.621098] vfs_get_tree+0x8e/0x300 [ 2126.621534] path_mount+0x14ab/0x2200 [ 2126.621972] ? strncpy_from_user+0x9e/0x470 [ 2126.622460] ? finish_automount+0xa90/0xa90 [ 2126.622949] ? getname_flags.part.0+0x1dd/0x4f0 [ 2126.623479] ? _copy_from_user+0xfb/0x1b0 [ 2126.623953] __x64_sys_mount+0x282/0x300 [ 2126.624413] ? copy_mnt_ns+0xa00/0xa00 [ 2126.624861] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.625467] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.626057] do_syscall_64+0x33/0x40 [ 2126.626480] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.627062] RIP: 0033:0x7f4689135b19 [ 2126.627489] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.629570] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2126.630434] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2126.631244] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2126.632052] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2126.632857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.633670] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2126.656631] 9pnet: Insufficient options for proto=fd 04:03:19 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x80087601, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2126.705116] FAULT_INJECTION: forcing a failure. [ 2126.705116] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.706489] CPU: 1 PID: 44186 Comm: syz-executor.0 Not tainted 5.10.250 #1 [ 2126.707273] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.708210] Call Trace: [ 2126.708516] dump_stack+0x107/0x167 [ 2126.708930] should_fail.cold+0x5/0xa [ 2126.709376] ? create_object.isra.0+0x3a/0xa30 [ 2126.709893] should_failslab+0x5/0x20 [ 2126.710326] kmem_cache_alloc+0x5b/0x310 [ 2126.710788] ? mark_held_locks+0x9e/0xe0 [ 2126.711248] create_object.isra.0+0x3a/0xa30 [ 2126.711747] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.712326] kmem_cache_alloc_bulk+0x168/0x320 [ 2126.712850] io_submit_sqes+0x6fe4/0x8610 [ 2126.713358] ? __do_sys_io_uring_enter+0x6b2/0x1890 [ 2126.713919] __do_sys_io_uring_enter+0x6b2/0x1890 [ 2126.714465] ? find_held_lock+0x2c/0x110 [ 2126.714931] ? io_submit_sqes+0x8610/0x8610 [ 2126.715427] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2126.715989] ? wait_for_completion_io+0x270/0x270 [ 2126.716539] ? rcu_read_lock_any_held+0x75/0xa0 [ 2126.717064] ? vfs_write+0x354/0xb10 [ 2126.717497] ? fput_many+0x2f/0x1a0 [ 2126.717910] ? ksys_write+0x1a9/0x260 [ 2126.718341] ? __ia32_sys_read+0xb0/0xb0 [ 2126.718806] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.719404] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.719992] do_syscall_64+0x33/0x40 [ 2126.720416] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.721002] RIP: 0033:0x7ff6f30cbb19 [ 2126.721433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.723517] RSP: 002b:00007ff6f0641188 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2126.724382] RAX: ffffffffffffffda RBX: 00007ff6f31def60 RCX: 00007ff6f30cbb19 [ 2126.725202] RDX: 0000000000000000 RSI: 00000000000058ab RDI: 0000000000000004 [ 2126.726009] RBP: 00007ff6f06411d0 R08: 0000000000000000 R09: 0000000000000000 [ 2126.726815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.727622] R13: 00007ffc701a291f R14: 00007ff6f0641300 R15: 0000000000022000 04:03:19 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 54) 04:03:19 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x9, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:03:19 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:19 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x80108906, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:03:19 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2fd, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2126.884914] FAULT_INJECTION: forcing a failure. [ 2126.884914] name failslab, interval 1, probability 0, space 0, times 0 [ 2126.886336] CPU: 1 PID: 44712 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2126.887116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2126.888053] Call Trace: [ 2126.888360] dump_stack+0x107/0x167 [ 2126.888774] should_fail.cold+0x5/0xa [ 2126.889214] ? create_object.isra.0+0x3a/0xa30 [ 2126.889731] should_failslab+0x5/0x20 [ 2126.890165] kmem_cache_alloc+0x5b/0x310 [ 2126.890629] ? lock_acquire+0x197/0x470 [ 2126.891081] create_object.isra.0+0x3a/0xa30 [ 2126.891577] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.892153] __kmalloc_track_caller+0x177/0x370 [ 2126.892677] ? kstrdup_const+0x53/0x80 [ 2126.893116] ? kasprintf+0xbb/0xf0 [ 2126.893527] kstrdup+0x36/0x70 [ 2126.893895] kstrdup_const+0x53/0x80 [ 2126.894318] kmem_cache_create_usercopy+0x12f/0x2f0 [ 2126.894887] p9_client_create+0xc6a/0x1230 [ 2126.895373] ? p9_client_flush+0x430/0x430 [ 2126.895852] ? trace_hardirqs_on+0x5b/0x180 [ 2126.896341] ? lockdep_init_map_type+0x2c7/0x780 [ 2126.896877] ? __raw_spin_lock_init+0x36/0x110 [ 2126.897410] v9fs_session_init+0x1dd/0x1680 [ 2126.897901] ? lock_release+0x680/0x680 [ 2126.898358] ? kmem_cache_alloc_trace+0x151/0x320 [ 2126.898903] ? v9fs_show_options+0x690/0x690 [ 2126.899409] ? trace_hardirqs_on+0x5b/0x180 [ 2126.899898] ? kasan_unpoison_shadow+0x33/0x50 [ 2126.900414] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2126.900991] v9fs_mount+0x79/0x8f0 [ 2126.901408] ? v9fs_write_inode+0x60/0x60 [ 2126.901878] legacy_get_tree+0x105/0x220 [ 2126.902337] vfs_get_tree+0x8e/0x300 [ 2126.902760] path_mount+0x14ab/0x2200 [ 2126.903195] ? strncpy_from_user+0x9e/0x470 [ 2126.903687] ? finish_automount+0xa90/0xa90 [ 2126.904180] ? getname_flags.part.0+0x1dd/0x4f0 [ 2126.904709] ? _copy_from_user+0xfb/0x1b0 [ 2126.905186] __x64_sys_mount+0x282/0x300 [ 2126.905659] ? copy_mnt_ns+0xa00/0xa00 [ 2126.906104] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2126.906695] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2126.907279] do_syscall_64+0x33/0x40 [ 2126.907700] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2126.908282] RIP: 0033:0x7f4689135b19 [ 2126.908707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2126.910788] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2126.911647] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2126.912451] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2126.913264] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2126.914065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2126.914868] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:03:19 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:19 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) lstat(&(0x7f0000000000)='./file1\x00', &(0x7f0000000240)) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) name_to_handle_at(r1, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)=@FILEID_BTRFS_WITH_PARENT_ROOT={0x28, 0x4e, {0x5, 0x1, 0x20, 0x401, 0x5, 0x9}}, &(0x7f0000000200), 0x1400) getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@private1, @in6=@private2}}, {{@in6=@remote}, 0x0, @in=@broadcast}}, &(0x7f0000000040)=0xe8) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)) [ 2127.053951] 9pnet: Insufficient options for proto=fd 04:03:32 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2fe, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:32 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 55) 04:03:32 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) openat(r0, &(0x7f0000000040)='./file1\x00', 0x80000, 0x110) r1 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x80, &(0x7f00000017c0), 0x1203}, 0x0, 0x8abb4d2a8b028460}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x0, 0x0}, 0x80000001) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x4000, 0x0) pipe2$9p(&(0x7f0000000180), 0x4800) syz_io_uring_submit(0x0, r3, &(0x7f00000001c0)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x4}, 0x80000000) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',dnoV', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,nodevmap,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c66736d616769633d1978303030303030303030303030303030362c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) openat(0xffffffffffffffff, &(0x7f0000000000)='./file1\x00', 0x22040, 0x100) 04:03:32 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) (fail_nth: 41) 04:03:32 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x80108907, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:03:32 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:32 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:32 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xa, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2140.172184] 9pnet: Insufficient options for proto=fd [ 2140.191813] FAULT_INJECTION: forcing a failure. [ 2140.191813] name failslab, interval 1, probability 0, space 0, times 0 [ 2140.193462] CPU: 1 PID: 45330 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2140.194412] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2140.195570] Call Trace: [ 2140.195941] dump_stack+0x107/0x167 [ 2140.196450] should_fail.cold+0x5/0xa [ 2140.196981] ? __kmem_cache_create+0x10e/0x520 [ 2140.197624] should_failslab+0x5/0x20 [ 2140.198152] kmem_cache_alloc_node+0x55/0x330 [ 2140.198772] __kmem_cache_create+0x10e/0x520 [ 2140.199396] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2140.200083] p9_client_create+0xc6a/0x1230 [ 2140.200678] ? p9_client_flush+0x430/0x430 [ 2140.201259] ? trace_hardirqs_on+0x5b/0x180 [ 2140.201880] ? lockdep_init_map_type+0x2c7/0x780 [ 2140.202532] ? __raw_spin_lock_init+0x36/0x110 [ 2140.203169] v9fs_session_init+0x1dd/0x1680 [ 2140.203765] ? lock_release+0x680/0x680 [ 2140.204321] ? kmem_cache_alloc_trace+0x151/0x320 [ 2140.204993] ? v9fs_show_options+0x690/0x690 [ 2140.205621] ? trace_hardirqs_on+0x5b/0x180 [ 2140.206219] ? kasan_unpoison_shadow+0x33/0x50 [ 2140.206844] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2140.207551] v9fs_mount+0x79/0x8f0 [ 2140.208046] ? v9fs_write_inode+0x60/0x60 [ 2140.208619] legacy_get_tree+0x105/0x220 [ 2140.209193] vfs_get_tree+0x8e/0x300 [ 2140.209713] path_mount+0x14ab/0x2200 [ 2140.210245] ? strncpy_from_user+0x9e/0x470 [ 2140.210838] ? finish_automount+0xa90/0xa90 [ 2140.211431] ? getname_flags.part.0+0x1dd/0x4f0 [ 2140.212075] ? _copy_from_user+0xfb/0x1b0 [ 2140.212664] __x64_sys_mount+0x282/0x300 [ 2140.213225] ? copy_mnt_ns+0xa00/0xa00 [ 2140.213780] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2140.214517] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2140.215233] do_syscall_64+0x33/0x40 [ 2140.215749] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2140.216465] RIP: 0033:0x7f4689135b19 [ 2140.216975] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2140.219539] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2140.220595] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2140.221584] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2140.222567] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2140.223547] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2140.224533] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2140.225615] kmem_cache_create(9p-fcall-cache-387) failed with error -22 [ 2140.226555] CPU: 1 PID: 45330 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2140.227511] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2140.228651] Call Trace: [ 2140.229014] dump_stack+0x107/0x167 [ 2140.229533] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2140.230260] p9_client_create+0xc6a/0x1230 [ 2140.230849] ? p9_client_flush+0x430/0x430 [ 2140.231446] ? trace_hardirqs_on+0x5b/0x180 [ 2140.232039] ? lockdep_init_map_type+0x2c7/0x780 [ 2140.232692] ? __raw_spin_lock_init+0x36/0x110 [ 2140.233329] v9fs_session_init+0x1dd/0x1680 [ 2140.233942] ? lock_release+0x680/0x680 [ 2140.234504] ? kmem_cache_alloc_trace+0x151/0x320 [ 2140.235170] ? v9fs_show_options+0x690/0x690 [ 2140.235779] ? trace_hardirqs_on+0x5b/0x180 [ 2140.236382] ? kasan_unpoison_shadow+0x33/0x50 [ 2140.237011] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2140.237728] v9fs_mount+0x79/0x8f0 [ 2140.238221] ? v9fs_write_inode+0x60/0x60 [ 2140.238798] legacy_get_tree+0x105/0x220 [ 2140.239357] vfs_get_tree+0x8e/0x300 [ 2140.239875] path_mount+0x14ab/0x2200 [ 2140.240402] ? strncpy_from_user+0x9e/0x470 [ 2140.240996] ? finish_automount+0xa90/0xa90 [ 2140.241598] ? getname_flags.part.0+0x1dd/0x4f0 [ 2140.242239] ? _copy_from_user+0xfb/0x1b0 [ 2140.242816] __x64_sys_mount+0x282/0x300 [ 2140.243381] ? copy_mnt_ns+0xa00/0xa00 [ 2140.243912] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2140.244645] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2140.245362] do_syscall_64+0x33/0x40 [ 2140.245875] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2140.246584] RIP: 0033:0x7f4689135b19 [ 2140.247098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2140.249654] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2140.250718] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2140.251713] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2140.252703] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2140.253685] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2140.254679] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:03:33 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb2ff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:33 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:03:33 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 56) 04:03:33 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="7472616e733d6664147266646e673d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:03:33 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2140.491577] FAULT_INJECTION: forcing a failure. [ 2140.491577] name failslab, interval 1, probability 0, space 0, times 0 [ 2140.493513] CPU: 1 PID: 45778 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2140.494713] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2140.496116] Call Trace: [ 2140.496524] dump_stack+0x107/0x167 [ 2140.497138] should_fail.cold+0x5/0xa [ 2140.497788] ? create_object.isra.0+0x3a/0xa30 [ 2140.498563] should_failslab+0x5/0x20 [ 2140.499199] kmem_cache_alloc+0x5b/0x310 [ 2140.499884] create_object.isra.0+0x3a/0xa30 [ 2140.500622] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2140.501486] kmem_cache_alloc+0x159/0x310 [ 2140.502208] kmem_cache_create_usercopy+0x190/0x2f0 [ 2140.503057] p9_client_create+0xc6a/0x1230 [ 2140.503781] ? p9_client_flush+0x430/0x430 [ 2140.504500] ? trace_hardirqs_on+0x5b/0x180 [ 2140.505222] ? lockdep_init_map_type+0x2c7/0x780 [ 2140.506025] ? __raw_spin_lock_init+0x36/0x110 [ 2140.506806] v9fs_session_init+0x1dd/0x1680 [ 2140.507537] ? lock_release+0x680/0x680 [ 2140.508215] ? kmem_cache_alloc_trace+0x151/0x320 [ 2140.509020] ? v9fs_show_options+0x690/0x690 [ 2140.509809] ? trace_hardirqs_on+0x5b/0x180 [ 2140.510542] ? kasan_unpoison_shadow+0x33/0x50 [ 2140.511305] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2140.512154] v9fs_mount+0x79/0x8f0 [ 2140.512753] ? v9fs_write_inode+0x60/0x60 [ 2140.513467] legacy_get_tree+0x105/0x220 [ 2140.514149] vfs_get_tree+0x8e/0x300 [ 2140.514782] path_mount+0x14ab/0x2200 [ 2140.515431] ? strncpy_from_user+0x9e/0x470 [ 2140.516161] ? finish_automount+0xa90/0xa90 [ 2140.516886] ? getname_flags.part.0+0x1dd/0x4f0 [ 2140.517674] ? _copy_from_user+0xfb/0x1b0 [ 2140.518383] __x64_sys_mount+0x282/0x300 [ 2140.519075] ? copy_mnt_ns+0xa00/0xa00 [ 2140.519728] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2140.520616] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2140.521500] do_syscall_64+0x33/0x40 [ 2140.522133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2140.523001] RIP: 0033:0x7f4689135b19 [ 2140.523622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2140.526720] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2140.528009] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2140.529199] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2140.530405] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2140.531595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2140.532791] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2140.550304] 9pnet: Could not find request transport: fdrfdng=0xffffffffffffffff 04:03:47 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:47 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xb, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:03:47 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:03:47 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8e9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:47 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb300, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:47 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 57) 04:03:47 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:47 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0xc0045878, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2155.177036] 9pnet: Insufficient options for proto=fd [ 2155.226261] FAULT_INJECTION: forcing a failure. [ 2155.226261] name failslab, interval 1, probability 0, space 0, times 0 [ 2155.228883] CPU: 0 PID: 46167 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2155.230354] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2155.232129] Call Trace: [ 2155.232698] dump_stack+0x107/0x167 [ 2155.233481] should_fail.cold+0x5/0xa [ 2155.234312] ? create_object.isra.0+0x3a/0xa30 [ 2155.235287] should_failslab+0x5/0x20 [ 2155.236107] kmem_cache_alloc+0x5b/0x310 [ 2155.236984] create_object.isra.0+0x3a/0xa30 [ 2155.237945] kmemleak_alloc_percpu+0xa0/0x100 [ 2155.238914] pcpu_alloc+0x4e2/0x1240 [ 2155.239730] __kmem_cache_create+0x35a/0x520 [ 2155.240682] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2155.241730] p9_client_create+0xc6a/0x1230 [ 2155.242637] ? p9_client_flush+0x430/0x430 [ 2155.243538] ? trace_hardirqs_on+0x5b/0x180 [ 2155.244467] ? lockdep_init_map_type+0x2c7/0x780 [ 2155.245486] ? __raw_spin_lock_init+0x36/0x110 [ 2155.246473] v9fs_session_init+0x1dd/0x1680 [ 2155.247385] ? lock_release+0x680/0x680 [ 2155.248245] ? kmem_cache_alloc_trace+0x151/0x320 [ 2155.249268] ? v9fs_show_options+0x690/0x690 [ 2155.250225] ? trace_hardirqs_on+0x5b/0x180 [ 2155.251117] ? kasan_unpoison_shadow+0x33/0x50 [ 2155.252090] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2155.253164] v9fs_mount+0x79/0x8f0 [ 2155.253930] ? v9fs_write_inode+0x60/0x60 [ 2155.254800] legacy_get_tree+0x105/0x220 [ 2155.255662] vfs_get_tree+0x8e/0x300 [ 2155.256459] path_mount+0x14ab/0x2200 [ 2155.257267] ? strncpy_from_user+0x9e/0x470 [ 2155.258183] ? finish_automount+0xa90/0xa90 [ 2155.259096] ? getname_flags.part.0+0x1dd/0x4f0 [ 2155.260074] ? _copy_from_user+0xfb/0x1b0 [ 2155.260959] __x64_sys_mount+0x282/0x300 [ 2155.261828] ? copy_mnt_ns+0xa00/0xa00 [ 2155.262660] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2155.263770] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2155.264851] do_syscall_64+0x33/0x40 [ 2155.265650] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2155.266742] RIP: 0033:0x7f4689135b19 [ 2155.267533] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2155.271438] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2155.273045] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2155.274571] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2155.276082] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2155.277611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2155.279120] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:03:48 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ea, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:03:48 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="74726170fc2fec15923d", @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=r0, @ANYBLOB=',\x00']) 04:03:48 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:03:48 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0xc0045878, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:03:48 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb301, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:01 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd3b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:01 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000000), 0x18000, 0x0) syz_io_uring_setup(0x1a95, &(0x7f0000000140)={0x0, 0x7c1, 0x4, 0x1, 0x361, 0x0, r0}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000040)=0x0, &(0x7f00000001c0)) syz_io_uring_submit(r2, 0x0, &(0x7f0000000240)=@IORING_OP_OPENAT={0x12, 0x4, 0x0, r0, 0x0, &(0x7f0000000200)='./file1\x00', 0x80, 0x8000, 0x23456}, 0x3) clone3(&(0x7f00000008c0)={0x4000100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r1}}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:01 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x10, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:01 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0xc0189436, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:01 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8eb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:01 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x2000, 0x0, 0x0, 0x0) 04:04:01 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 58) 04:04:01 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2169.242683] 9pnet: Insufficient options for proto=fd [ 2169.283467] FAULT_INJECTION: forcing a failure. [ 2169.283467] name failslab, interval 1, probability 0, space 0, times 0 [ 2169.286042] CPU: 0 PID: 47118 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2169.287507] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2169.289256] Call Trace: [ 2169.289834] dump_stack+0x107/0x167 [ 2169.290601] should_fail.cold+0x5/0xa [ 2169.291401] ? create_object.isra.0+0x3a/0xa30 [ 2169.292358] should_failslab+0x5/0x20 [ 2169.293172] kmem_cache_alloc+0x5b/0x310 [ 2169.294042] ? mark_held_locks+0x9e/0xe0 [ 2169.294907] create_object.isra.0+0x3a/0xa30 [ 2169.295850] kmemleak_alloc_percpu+0xa0/0x100 [ 2169.296802] pcpu_alloc+0x4e2/0x1240 [ 2169.297606] __kmem_cache_create+0x35a/0x520 [ 2169.298550] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2169.299607] p9_client_create+0xc6a/0x1230 [ 2169.300505] ? p9_client_flush+0x430/0x430 [ 2169.301400] ? trace_hardirqs_on+0x5b/0x180 [ 2169.302318] ? lockdep_init_map_type+0x2c7/0x780 [ 2169.303325] ? __raw_spin_lock_init+0x36/0x110 04:04:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd4b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2169.304296] v9fs_session_init+0x1dd/0x1680 [ 2169.305349] ? lock_release+0x680/0x680 [ 2169.306216] ? kmem_cache_alloc_trace+0x151/0x320 [ 2169.307237] ? v9fs_show_options+0x690/0x690 [ 2169.308175] ? trace_hardirqs_on+0x5b/0x180 [ 2169.309091] ? kasan_unpoison_shadow+0x33/0x50 [ 2169.310058] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2169.311130] v9fs_mount+0x79/0x8f0 [ 2169.311880] ? v9fs_write_inode+0x60/0x60 [ 2169.312751] legacy_get_tree+0x105/0x220 [ 2169.313603] vfs_get_tree+0x8e/0x300 [ 2169.314407] path_mount+0x14ab/0x2200 [ 2169.315216] ? strncpy_from_user+0x9e/0x470 [ 2169.316115] ? finish_automount+0xa90/0xa90 [ 2169.317031] ? getname_flags.part.0+0x1dd/0x4f0 [ 2169.318011] ? _copy_from_user+0xfb/0x1b0 [ 2169.318895] __x64_sys_mount+0x282/0x300 [ 2169.319739] ? copy_mnt_ns+0xa00/0xa00 [ 2169.320565] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2169.321677] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2169.322769] do_syscall_64+0x33/0x40 [ 2169.323550] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2169.324616] RIP: 0033:0x7f4689135b19 [ 2169.325409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2169.329213] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2169.330826] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2169.332335] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2169.333847] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2169.335351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2169.336843] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:04:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0xc020660b, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:02 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) r3 = dup3(r0, r1, 0x0) ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, &(0x7f0000000940)={{r3}, "45cb4bfdc3a9e35529c5e0611f6e899d736e93784f7e2605a237b9ca33444d143c20cc201d5d158a4229d0c6eee52fe8230c759a8205729110cab583b4e343e4a75857737f60a67392acd04df7eed97e40ec106ebf98d958653f8a7e0a7b1c77354fec3e7c202ce72e8c4fc3b2906b17450eefc3045c21d99c85f0088efb871d3a1dd73d92f0194f8d0db3fd939334bc7d7bf050cd069db7ea2f2c77b7f495c72ce64d99c23e10c5c721fd834414c4df3fa53462293990c964c110751c04b6303317065d4269615564d8913d401b1d8557a938b4368c146eb8c7b5ec2aed9cf3d0f2f1c4f3797b36a5fa126dd899597de37a3a6c87e987d44af25f2d06a99d2365f5710904238fa33d767564d73125e6f793e9a140c98ef6e69c91d72dd4a6a98a05529a02c21105bdaa317f658b14ca7133c80663fc224beb96b512d960541b76b56cd1e670e439d6cbec717eb72b118555e0011274448622870de2dc1ce3911f096aeb434cdf632e71e8084401507b911e27e9b4885a65994ec4e08d5a0937511f53e79438a100602f117a80c430cae806fbe0804cea5fe76d030b24d4e937fd5abb455aee25d019c5f948c8aea067c630377a18542def6f597e60b87dd02b494ea17a9fff46b225220fef8b9991c1fb56060150d8315f63768886a2b2dcfe937a8936073049fb5cbcab69dffee9c804929f5e616fdae1b4fac40ad26e372db60d5c3d0ef4867b293fe3a60fc0a4a112212a51c2cc31fb9b52baa695cea3451e9eacec635a5ab95b0a4f9c04f3784efb57ab4c248ef890b841486fe79471b4e2461780375bbee9c744474f40410bb28e202e6a4e36b080b03c5d79c9fe7c70dcd152a4abf6c96d4c02e92d5066b95600b381ba6a6a52829ae73c1b4d91158d9c5d3f4546c9129c8f6914b2c5bd422d43c6b9d5ec06cab1cb15b2c55ec3a8d8233f7a7a4027c07d0cb8bafbf9fe522a230ec87add33468a0fa44303c3e426d5b7b36fb39b453b5c7cbf1d30f02495163a3811a6d7c0d9e338152a9deb12b7ccdfd39498f26927bf6c16741b19d66e597983ca573da5e7332a8934625e74c615af522b619d7135a203b17e091e964e77d2ea6f85769fbeeb3d3ab400abc5f0d8b8197f6cba242196d42d8ffbc2b254faef5753e27977c9128110f6798aa1e74940ec1c9fc59fc49e8bcbaf21084112552f1db39f6abe2f09dc26714df8de6471a8ff2a328ddedaeef725a034aaefe57404c672936d39ecaf0adeda1601f70f435c524e847c7b6f0f2dcb66a1a7615c87c16464a3416915fd33447bee1319d9b9e2af98a045d040a17db787317d89d42d2d03418dee85ade204199a9717dc8f71338dfa0cc7bd9675fbf8ad87041460b7f4df9d243bf6aad5ab409fab8afa5be6358d1fa6de79c139124990aa621cdd9fd2dab314e5dcc90f2c702199ef030d6cb435c82446627501f824d1fc11fedc8c46e6cc44b5cb61a4fb82123786efc297c574650f85bd51e40d4c2940993d86ec2ebf1acf44ec83840d5cb431ad9eb1e774798d5a12c27325cf2d7ad5787369ebdbdf4b7e0ea081799850d5828f3f6ec9638b5bc293f13a5948c0cd810d9c7f7793d250edffbfd97640b1cc36034e350312b0b3d5eec8f347ba597ade0a79450b9b089e7212750c2851763a4e3619163fcdd8e59cfeff53dc417a93bc2f1ecc68da111ae7d6f651f0dddb315130fafab0fe80a7ec83b8f3fae5ee47ebfdd1339024b5476476193f315d3713fa1919a1fc153424e4ee4e92393ec0f36569cd279eadef620bada92b8c4fc50fee6e0af400de4c55f43ba65ad6c7e76b1b97412d307b7dafa6578dec85a53c2795e137d49440b69a6889f127dd6418b2035b1c05fcd0d71a3dd05ea089f938ea1453500965c0c2580d396cabf09b8177cd081cf82a6b3fd0ca00faf59eae0390d84a3e89193d0741e8ef4442842a1759f418deb740b3d210d16151dd7793fdc17846fe743890133e0b112055ada4d0ac8ee95749245a66932c4db7da7458b1d20480f1c285f7b8a76311d71397f30097428f486e455c8177505a2e093002b3c78b9b949074670443a8c6b1e448167d10dc40156efe76701415256f68fdd9bf0448e20d1590e27239c3e0e6296dfcc3d8bb5b75a1626179d8654e034cc67ebaae067e42870a4e468fa8dcee4aa844d6f68d784238220420da4479e9895ff0617e83f727b361be75897763ed02e77d53c32ca941eec973dddad65e34c6d21e04c43dfeb7023b8aef7ef8b69197b3d38ae34c3030f0db4073d73eea037cd860bc1b67d11688ac5f3363162c76fceec28000a1d626cbcfff094bf7b450e83d063d4ee0e4db757db419e2968fb235eac4bd3d5ab6cdeaa3f8abe283f895a5620958025a2c9a3ebe9de8c1a6eec0dda9a2d2874b78eadc9e654336b6049250ace7c9822682fd11d2d0b7430b41958851f1cf35d5271a0b2347b8f143679f2725f9e2b4132a751881af2a4603dd18b72256539e0fc22818b19881e44c39ec0e7ae337120ed471b46f3b4615d765a1e08e411177dd254bab611b682e669f2ddf27837527268772f336a3ac0c5dfc6ce46e4d374d7b552bb8d81606d90090a31e5f1f914ddd464b3e04fd97c2c824f16e059312692d0b2556af2aecfb2ca2e21ee778e27851572531cf28956813e444d944bfccd7b3a9ff47032a0fdabba319fba22aea15e1d8abbb0c859972d5e9db2e4d56b941aafcead84655ce57b2f42f3c2f23afd290abbf33aa6650b81cf0a48540e481260b7624c4a9fd6db3c1a1e45f8bad32abd189010319a5a72c26fa46177bc341be9b043a3ec5a5e189a45d1e0c1c4eb2487bd49c539b3685c40363bc4dccf5a6719d6a739a72e7435693bab88d0fd329581e0085ae106a3fe5f6234c84027b7a7aa25743b711f0b39770056ed2e342099c1272b5bf12665f10f4178376f5a59351683bf5716aa7b7c132cc6469bd2d52802f896abb9a4b4fcab9e6ba101b23f84ca952e7ad9f7dd5fd10cc71b8ecc04118e7709230a4f6ba95d81aec8a62bd6e70f0948f4735ef02d9e1fc6da3caa53e50cfdb5c600579b4863ea9a50179f5ee16be23c7742eea606fd009afae4d511bf63f61ff256236d3c70e448ce310b906fb03c19c9b731e3d8fa31f6c7de5fd00e9f721ffd124dd6084df379dd3220badd382f855d10223f19ee077e3841db91222a3777ab7f2df877719579309d1d98c0dfe49bf404b471909bd98091f5624f8009e37a831375ba8e9455497622fe25b74d008dd231454a0f5e98874f96cccfea1fda0691588c933bed8058ec0c3b377dfc42d7dd906cb58a277933fa870d859a77bdd54772194eebb9f4b8487c011cb614258a11b541c309b03a6f534f3533506201b0756e9e693ad63b2acfff9fd381f3d331bf44b0c24203406f9130ed7e595f76388c5eae1fc60d54ee1dbf001f2b9a5fb9335760b53b417e1c704200b42cb5d0a61cb72c6ac2894c278b5415fba480165b7af504f32ff69f062735bf332575228f26bc308875073e7f9b03cb2d4b392f66803fb33b81c27f9333ffd0d218eac2db361569c96c687bca630dbd7fabc1f8e4fc10cc1363a6c4893c32c80ab1db8be7c6aa69cff35fa611d4904d84a0377c3fc522fa50e6a8b29b4230f618d2cfdd20bf6c9bb80c7f0309fefbdad8b9aa638de2fba6a53d71cf712aa0e75fcf3b3608019108c905b0634e00b9e1649f611ef78c75e64eb817557d8935be969ea62c706b285930126bf4f2af8b06eced85e63d218469c7e03b2d1848f41039a4b91f3f32e5aaa1d1838b87ceeb9a1294dd1ecd4f26da2a32e2d3ab89e09438122430fb72e80c6d60c9bd1f2e3281858eb1e44b8014948c4bcf4057a64768278a2b894955ba50ae40a1a567ac431ca6323ebe26f285ac6e2694de18ac3567a02a48eef576e7cb0baf6c5cdfaad34ec23e0b273a2e24bb60c67d0376af382f6ce391e1eb3b1f7e089447ef82ba37d327caede5459ef89e42ba25567de034604c24224769420308f29eea228fdd62fbc350f2552a30e1aba59613ed3b4bda8cfd02f1220efd10e42e16c2eaf01e3839b82fa3c72a0cc6029964ef40f5437309617e72eba21af22074e30d60db90876b65e3af33feb1a062689ebae334897c4af0fcb78c7795ae1795b560941914843b9e25e780fcdfafab24d95ac7761ecc71248a42b2564f5875b5d4279b1c278afd5a4c47be52b0b4ab062d9b39006e6375e1f7806269aa1e8dcf5276ea1057462aea2b6d5d388e068c92b1911136a889c16605a8673a7590a5626b8b72fbd7bc54934a79f2124cd7acf64d2d88cd21ab877b881ea143e14a8f7dfa12948edac533c3ed09fd5cd040029e0f235e06c8796af8acfd6d1c01df810359f8a4f181bb51bb754398d7a9054e8ab51e7d568fae3504be13cd9b4faabb081e11de4038f94a28cefbd61e2fc92447c4eb4c2722d642eb83bb9b8dc4769605f91af125958107b9a8faa2a0d50553071d95a8a30c96a03e35c0cff36b4d687ed791b4e2205455049b50356f634c43551774e1beba0be3fac96bff928dd878a0e54c98d83000310095a94a3edc25a72ddd29a52451d6219bf068b8197b19f4cd62129de88b75405367edcd93ee13d66dfa8f8f3314777fcf933a9c902e28b85e263d28d02232ac56431475b6615fbae8553f26fcec6be466c77b7564fa49350dcffa3ca70fa331062d7c5a215875c6cb4d4a6a3ac632fcbdff7643431730fe534fa48afa59d52f9d375b145f91ae4da79828015126f96b7bf454490fcf6400fdf701ee1839ce70730fd54debbffb1b717511888d8868662dcaa0e7113d9dd1b89fa47e066ef60e1dd969012a8662b9402b5f88e15a05cd2bdbe063f4b3de07f1e140257605f859f1209aeaf0d506f30e82c4dcf0bcbd5157f5bd6f3280577a6a180274fff6f3c413ae8085fc688071dd803631dc4b3971af83714b5530fcaa8a3b3df535bbbd4c053b346779c9dd72838855572754d6664d0ae465634205a99bde8e98a3b74005a5a724277c3fc95d91b8eda347ac936736a9057ab50ee7058f0fe05b5e87d9c630ae75ce2619a55f629908faab1a758538969fd6043fe6452942375ac180e12d181b5cbec159a3c3aff450eb23841b4b2545ae9599f04710a9231b23d90d7b9cb5f5f67685e76c6a5e1b7fdf0fc3b139f881b1193f364f79058419906342bc2c4327b80dc751402bd0ebedbb368fd9feab1b3675030a07660338d0410aacbbc1327f74c80cf9f268cd005e96a5244b0d1804fe263a9b801f0110611505fa06e61053dbdb8f0ba4af3f456439a7d649ef47cf3a0e5a72fe867ae8815bd76d52e31aaa2622106a93f3c82fd3e101cc5beb81c60b27c2c7225c5a253d37877ba9daf19d4053c8af955ac110c04d52bf9b3adf0196b6b544a87a42de41b5e347dda3fcdfe33446eaa614e2b8a514ad24a975b6a9669f49301e62c17526e186106ad8ed166423c41816543fa8d16a6f38f0a0c052b7ecdcfa0201f9ed1d210d6630719e49bb5506f9bb2f65e85a080044f1e254316b6b70df1c7a2a485826eea2f4c76764dbd271b50d1ab64ffe5466963f6a2bc97afb14f85f936b8576e8051baf7726063f9616b147bf0e3b4a2177f40837c596b87487610af05fdeee66c06394be0cfd52e9e625a7019422a8fe9d7e5024a0c13aed091cdd6d3ee3c36a98ade457b8b0d06494bd2c3eb1ca7172a5ed2a8ecf0b0e2ad5fe6285d5084559e6fa265d1c1cb0fc0cd9ba30ef2ef23df434dd0"}) 04:04:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd5b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x4000, 0x0, 0x0, 0x0) 04:04:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ec, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2169.476712] 9pnet: Insufficient options for proto=fd 04:04:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x80, 0x3f}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000cbce6fd40000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd00000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000a5032a1115259465da6d000000000000000000000000000000000007db2f000601fa0000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404493bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1036c0ded42dbe11fdb0c3c1802e4a52f7e2e9785c8e5b247a14d7c4dce4791d423a38876dbc7e37bbf4ec4689ffac74db8c95fc81e48d65ce674f65b4b291385255ad1f7c3941b5508a382c94834a130b3983e061a91f8f88777f9b630ebac2f73ef71818c083c9406e81b3ea900dfa0cae73a1e7ea94db32b5ee92658e809e170fe8ce0e3f38e1b31845af258de69c2dc79af44be1645f939132634ccc5d7e2d21941e30503451002340624cdc57b0da8f48da46cda71f39a6d9769004bf44a772eb87ce00882c198068fe5d26a78c20df6000000000000", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd6b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ed, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x48, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e153ffac42ac", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:02 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r0 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) getpeername$unix(r1, &(0x7f0000000140), &(0x7f0000000040)=0x6e) r2 = eventfd(0x8) fcntl$setown(r2, 0x8, r0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x84e080, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB='=\x00\x00\x00\x00\x00\x00', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:04:02 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 59) 04:04:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb4f8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd7b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ee, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2169.835056] FAULT_INJECTION: forcing a failure. [ 2169.835056] name failslab, interval 1, probability 0, space 0, times 0 [ 2169.836360] CPU: 1 PID: 48312 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2169.837100] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2169.838035] Call Trace: [ 2169.838335] dump_stack+0x107/0x167 [ 2169.838728] should_fail.cold+0x5/0xa [ 2169.839140] ? create_object.isra.0+0x3a/0xa30 [ 2169.839631] should_failslab+0x5/0x20 [ 2169.840042] kmem_cache_alloc+0x5b/0x310 [ 2169.840481] ? mark_held_locks+0x9e/0xe0 [ 2169.840919] create_object.isra.0+0x3a/0xa30 [ 2169.841398] kmemleak_alloc_percpu+0xa0/0x100 [ 2169.841891] pcpu_alloc+0x4e2/0x1240 [ 2169.842303] __kmem_cache_create+0x35a/0x520 [ 2169.842786] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2169.843326] p9_client_create+0xc6a/0x1230 [ 2169.843790] ? p9_client_flush+0x430/0x430 [ 2169.844245] ? trace_hardirqs_on+0x5b/0x180 [ 2169.844708] ? lockdep_init_map_type+0x2c7/0x780 [ 2169.845217] ? __raw_spin_lock_init+0x36/0x110 [ 2169.845721] v9fs_session_init+0x1dd/0x1680 [ 2169.846183] ? lock_release+0x680/0x680 [ 2169.846616] ? kmem_cache_alloc_trace+0x151/0x320 [ 2169.847131] ? v9fs_show_options+0x690/0x690 [ 2169.847611] ? trace_hardirqs_on+0x5b/0x180 [ 2169.848075] ? kasan_unpoison_shadow+0x33/0x50 [ 2169.848574] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2169.849163] v9fs_mount+0x79/0x8f0 [ 2169.849581] ? v9fs_write_inode+0x60/0x60 [ 2169.850037] legacy_get_tree+0x105/0x220 [ 2169.850475] vfs_get_tree+0x8e/0x300 [ 2169.850875] path_mount+0x14ab/0x2200 [ 2169.851286] ? strncpy_from_user+0x9e/0x470 [ 2169.851750] ? finish_automount+0xa90/0xa90 [ 2169.852214] ? getname_flags.part.0+0x1dd/0x4f0 [ 2169.852717] ? _copy_from_user+0xfb/0x1b0 [ 2169.853166] __x64_sys_mount+0x282/0x300 [ 2169.853601] ? copy_mnt_ns+0xa00/0xa00 [ 2169.854029] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2169.854592] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2169.855182] do_syscall_64+0x33/0x40 [ 2169.855589] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2169.856177] RIP: 0033:0x7f4689135b19 [ 2169.856579] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2169.858692] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2169.859510] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2169.860274] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2169.861037] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2169.861811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2169.862634] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:04:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:16 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e500000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000002000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000009000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f002601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb04558734140a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:16 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x400000, 0x0, 0x0, 0x0) 04:04:16 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 60) 04:04:16 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x4c, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:16 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ef, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:16 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd8b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:16 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c66736d616769633d3078303030303030303030303030303030342c666fce75eefd3d", @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:04:16 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb549, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2183.732045] 9pnet: Insufficient options for proto=fd [ 2183.777405] FAULT_INJECTION: forcing a failure. [ 2183.777405] name failslab, interval 1, probability 0, space 0, times 0 [ 2183.778810] CPU: 1 PID: 48924 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2183.779648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2183.780644] Call Trace: [ 2183.780974] dump_stack+0x107/0x167 [ 2183.781415] should_fail.cold+0x5/0xa [ 2183.781892] ? create_object.isra.0+0x3a/0xa30 [ 2183.782446] should_failslab+0x5/0x20 [ 2183.782908] kmem_cache_alloc+0x5b/0x310 [ 2183.783392] create_object.isra.0+0x3a/0xa30 [ 2183.783920] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2183.784524] __kmalloc_track_caller+0x177/0x370 [ 2183.785080] ? kstrdup_const+0x53/0x80 [ 2183.785525] kstrdup+0x36/0x70 [ 2183.785928] kstrdup_const+0x53/0x80 [ 2183.786371] kvasprintf_const+0x10c/0x1a0 [ 2183.786867] kobject_set_name_vargs+0x56/0x150 [ 2183.787406] kobject_init_and_add+0xc9/0x160 [ 2183.787929] ? kobject_create_and_add+0xb0/0xb0 [ 2183.788499] ? wait_for_completion_io+0x270/0x270 [ 2183.789070] ? kernfs_name_hash+0xe7/0x110 [ 2183.789552] ? kernfs_find_ns+0x256/0x380 [ 2183.790070] sysfs_slab_add+0x172/0x200 [ 2183.790553] __kmem_cache_create+0x3db/0x520 [ 2183.791085] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2183.791681] p9_client_create+0xc6a/0x1230 [ 2183.792184] ? p9_client_flush+0x430/0x430 [ 2183.792687] ? trace_hardirqs_on+0x5b/0x180 [ 2183.793196] ? lockdep_init_map_type+0x2c7/0x780 [ 2183.793755] ? __raw_spin_lock_init+0x36/0x110 [ 2183.794317] v9fs_session_init+0x1dd/0x1680 [ 2183.794831] ? lock_release+0x680/0x680 [ 2183.795310] ? kmem_cache_alloc_trace+0x151/0x320 [ 2183.795889] ? v9fs_show_options+0x690/0x690 [ 2183.796435] ? trace_hardirqs_on+0x5b/0x180 [ 2183.796963] ? kasan_unpoison_shadow+0x33/0x50 [ 2183.797500] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2183.798122] v9fs_mount+0x79/0x8f0 [ 2183.798547] ? v9fs_write_inode+0x60/0x60 [ 2183.799031] legacy_get_tree+0x105/0x220 [ 2183.799521] vfs_get_tree+0x8e/0x300 [ 2183.799973] path_mount+0x14ab/0x2200 [ 2183.800439] ? strncpy_from_user+0x9e/0x470 [ 2183.800955] ? finish_automount+0xa90/0xa90 [ 2183.801478] ? getname_flags.part.0+0x1dd/0x4f0 [ 2183.802042] ? _copy_from_user+0xfb/0x1b0 [ 2183.802542] __x64_sys_mount+0x282/0x300 [ 2183.803019] ? copy_mnt_ns+0xa00/0xa00 [ 2183.803468] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2183.804095] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2183.804702] do_syscall_64+0x33/0x40 [ 2183.805143] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2183.805749] RIP: 0033:0x7f4689135b19 [ 2183.806199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2183.808383] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2183.809287] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2183.810086] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2183.810931] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2183.811730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2183.812580] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:04:16 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:16 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x68, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:16 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:16 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd9b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2184.018064] 9pnet: Insufficient options for proto=fd 04:04:29 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 61) 04:04:29 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f1, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:29 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54a, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:29 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:29 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x20000000, 0x0, 0x0, 0x0) 04:04:29 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x6c, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:29 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) finit_module(r0, &(0x7f0000000180)='-{}^/\x00', 0x3) futimesat(r1, &(0x7f0000000040)='./file1\x00', &(0x7f0000000140)={{0x77359400}}) 04:04:29 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdab2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2197.168015] FAULT_INJECTION: forcing a failure. [ 2197.168015] name failslab, interval 1, probability 0, space 0, times 0 [ 2197.170607] CPU: 0 PID: 49916 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2197.172079] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2197.173837] Call Trace: [ 2197.174415] dump_stack+0x107/0x167 [ 2197.175188] should_fail.cold+0x5/0xa [ 2197.175997] should_failslab+0x5/0x20 [ 2197.176806] __kmalloc_track_caller+0x79/0x370 [ 2197.177763] ? kstrdup_const+0x53/0x80 [ 2197.178598] kstrdup+0x36/0x70 [ 2197.179273] kstrdup_const+0x53/0x80 [ 2197.180069] __kernfs_new_node+0x9d/0x860 [ 2197.180923] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2197.181937] ? lock_acquire+0x197/0x470 [ 2197.182794] ? perf_trace_lock+0xac/0x490 [ 2197.183679] ? __lockdep_reset_lock+0x180/0x180 [ 2197.184658] kernfs_new_node+0x18d/0x250 [ 2197.185522] kernfs_create_dir_ns+0x49/0x160 [ 2197.186467] sysfs_create_dir_ns+0x127/0x290 [ 2197.187398] ? sysfs_create_mount_point+0xb0/0xb0 [ 2197.188415] ? rwlock_bug.part.0+0x90/0x90 [ 2197.189313] ? do_raw_spin_unlock+0x4f/0x220 [ 2197.190234] kobject_add_internal+0x25e/0xa30 [ 2197.191193] kobject_init_and_add+0x101/0x160 [ 2197.192117] ? kobject_create_and_add+0xb0/0xb0 [ 2197.193104] ? wait_for_completion_io+0x270/0x270 [ 2197.194113] ? kernfs_name_hash+0xe7/0x110 [ 2197.195010] ? kernfs_find_ns+0x256/0x380 [ 2197.195873] sysfs_slab_add+0x172/0x200 [ 2197.196712] __kmem_cache_create+0x3db/0x520 [ 2197.197649] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2197.198722] p9_client_create+0xc6a/0x1230 [ 2197.199599] ? p9_client_flush+0x430/0x430 [ 2197.200471] ? trace_hardirqs_on+0x5b/0x180 [ 2197.201360] ? lockdep_init_map_type+0x2c7/0x780 [ 2197.202340] ? __raw_spin_lock_init+0x36/0x110 [ 2197.203313] v9fs_session_init+0x1dd/0x1680 [ 2197.204196] ? lock_release+0x680/0x680 [ 2197.205052] ? kmem_cache_alloc_trace+0x151/0x320 [ 2197.206056] ? v9fs_show_options+0x690/0x690 [ 2197.207007] ? trace_hardirqs_on+0x5b/0x180 [ 2197.207903] ? kasan_unpoison_shadow+0x33/0x50 [ 2197.208865] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2197.209903] v9fs_mount+0x79/0x8f0 [ 2197.210666] ? v9fs_write_inode+0x60/0x60 [ 2197.211521] legacy_get_tree+0x105/0x220 [ 2197.212383] vfs_get_tree+0x8e/0x300 [ 2197.213143] path_mount+0x14ab/0x2200 [ 2197.213954] ? strncpy_from_user+0x9e/0x470 [ 2197.214848] ? finish_automount+0xa90/0xa90 [ 2197.215728] ? getname_flags.part.0+0x1dd/0x4f0 [ 2197.216679] ? _copy_from_user+0xfb/0x1b0 [ 2197.217542] __x64_sys_mount+0x282/0x300 [ 2197.218384] ? copy_mnt_ns+0xa00/0xa00 [ 2197.219187] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2197.220268] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2197.221355] do_syscall_64+0x33/0x40 [ 2197.222133] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2197.223213] RIP: 0033:0x7f4689135b19 [ 2197.223991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2197.227862] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2197.229412] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2197.230889] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2197.232335] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2197.233790] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2197.235260] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2197.236821] kobject_add_internal failed for 9p-fcall-cache-398 (error: -12 parent: slab) [ 2197.238607] kmem_cache_create(9p-fcall-cache-398) failed with error -12 [ 2197.240029] CPU: 0 PID: 49916 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2197.241459] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2197.243172] Call Trace: [ 2197.243714] dump_stack+0x107/0x167 [ 2197.244485] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2197.245563] p9_client_create+0xc6a/0x1230 [ 2197.246464] ? p9_client_flush+0x430/0x430 [ 2197.247329] ? trace_hardirqs_on+0x5b/0x180 [ 2197.248211] ? lockdep_init_map_type+0x2c7/0x780 [ 2197.249184] ? __raw_spin_lock_init+0x36/0x110 [ 2197.250171] v9fs_session_init+0x1dd/0x1680 [ 2197.251078] ? lock_release+0x680/0x680 [ 2197.251934] ? kmem_cache_alloc_trace+0x151/0x320 [ 2197.252942] ? v9fs_show_options+0x690/0x690 [ 2197.253881] ? trace_hardirqs_on+0x5b/0x180 [ 2197.254775] ? kasan_unpoison_shadow+0x33/0x50 [ 2197.255755] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2197.256801] v9fs_mount+0x79/0x8f0 [ 2197.257565] ? v9fs_write_inode+0x60/0x60 [ 2197.258433] legacy_get_tree+0x105/0x220 [ 2197.259300] vfs_get_tree+0x8e/0x300 [ 2197.260066] path_mount+0x14ab/0x2200 [ 2197.260877] ? strncpy_from_user+0x9e/0x470 [ 2197.261773] ? finish_automount+0xa90/0xa90 [ 2197.262707] ? getname_flags.part.0+0x1dd/0x4f0 [ 2197.263672] ? _copy_from_user+0xfb/0x1b0 [ 2197.264564] __x64_sys_mount+0x282/0x300 [ 2197.265397] ? copy_mnt_ns+0xa00/0xa00 [ 2197.266233] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2197.267322] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2197.268419] do_syscall_64+0x33/0x40 [ 2197.269203] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2197.270294] RIP: 0033:0x7f4689135b19 [ 2197.271084] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2197.275046] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2197.276740] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2197.278292] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2197.279821] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2197.281343] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2197.282893] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:04:30 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:30 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdbb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:30 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x2000, 0x0, 0x0) 04:04:30 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) faccessat2(r0, &(0x7f0000000000)='./file1\x00', 0x94, 0x1100) ioctl$NS_GET_OWNER_UID(r1, 0xb704, &(0x7f0000000080)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@euid_lt={'euid<', r2}}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2197.346536] 9pnet: Insufficient options for proto=fd [ 2210.526617] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:04:51 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x74, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:51 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x4000, 0x0, 0x0) 04:04:51 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x4, 0x20010, r0, 0x877fd000) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:51 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f3, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:51 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54b, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:51 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x20000000}, 0x0, 0x0, 0x3, 0x7, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x8002, 0xa0, 0x7, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000304f0000000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef370000000000000000000000000000000000000000000000000000079b2f000601000000009e967bd0c080de46daeda5a8be7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e17b7c243ad254bb4a9c10916b801aaacb12dc4a915b93ed7a473938ec668ee9343eb3351a43799e2363a7c30cc84edd59bf9b2f3825041d91318041a11e299033994096e6d7bc08f2290002381797cf", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:51 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 62) 04:04:51 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdcb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2218.601054] 9pnet: Insufficient options for proto=fd [ 2218.633673] FAULT_INJECTION: forcing a failure. [ 2218.633673] name failslab, interval 1, probability 0, space 0, times 0 [ 2218.635082] CPU: 1 PID: 50812 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2218.635823] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2218.636769] Call Trace: [ 2218.637082] dump_stack+0x107/0x167 [ 2218.637501] should_fail.cold+0x5/0xa [ 2218.637938] ? create_object.isra.0+0x3a/0xa30 [ 2218.638475] should_failslab+0x5/0x20 [ 2218.638913] kmem_cache_alloc+0x5b/0x310 [ 2218.639383] create_object.isra.0+0x3a/0xa30 [ 2218.639891] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2218.640445] __kmalloc_track_caller+0x177/0x370 [ 2218.640970] ? kstrdup_const+0x53/0x80 [ 2218.641398] kstrdup+0x36/0x70 [ 2218.641770] kstrdup_const+0x53/0x80 [ 2218.642178] __kernfs_new_node+0x9d/0x860 [ 2218.642670] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2218.643188] ? lock_acquire+0x197/0x470 [ 2218.643641] ? perf_trace_lock+0xac/0x490 [ 2218.644124] ? __lockdep_reset_lock+0x180/0x180 [ 2218.644657] kernfs_new_node+0x18d/0x250 [ 2218.645105] kernfs_create_dir_ns+0x49/0x160 [ 2218.645615] sysfs_create_dir_ns+0x127/0x290 [ 2218.646093] ? sysfs_create_mount_point+0xb0/0xb0 [ 2218.646655] ? rwlock_bug.part.0+0x90/0x90 [ 2218.647122] ? do_raw_spin_unlock+0x4f/0x220 [ 2218.647634] kobject_add_internal+0x25e/0xa30 [ 2218.648152] kobject_init_and_add+0x101/0x160 [ 2218.648665] ? kobject_create_and_add+0xb0/0xb0 [ 2218.649200] ? wait_for_completion_io+0x270/0x270 [ 2218.649718] ? kernfs_name_hash+0xe7/0x110 [ 2218.650212] ? kernfs_find_ns+0x256/0x380 [ 2218.650697] sysfs_slab_add+0x172/0x200 [ 2218.651132] __kmem_cache_create+0x3db/0x520 [ 2218.651643] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2218.652220] p9_client_create+0xc6a/0x1230 [ 2218.652706] ? p9_client_flush+0x430/0x430 [ 2218.653191] ? trace_hardirqs_on+0x5b/0x180 [ 2218.653684] ? lockdep_init_map_type+0x2c7/0x780 [ 2218.654208] ? __raw_spin_lock_init+0x36/0x110 [ 2218.654743] v9fs_session_init+0x1dd/0x1680 [ 2218.655238] ? lock_release+0x680/0x680 [ 2218.655675] ? kmem_cache_alloc_trace+0x151/0x320 [ 2218.656230] ? v9fs_show_options+0x690/0x690 [ 2218.656738] ? trace_hardirqs_on+0x5b/0x180 [ 2218.657238] ? kasan_unpoison_shadow+0x33/0x50 [ 2218.657762] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2218.658348] v9fs_mount+0x79/0x8f0 [ 2218.658758] ? v9fs_write_inode+0x60/0x60 [ 2218.659232] legacy_get_tree+0x105/0x220 [ 2218.659706] vfs_get_tree+0x8e/0x300 [ 2218.660134] path_mount+0x14ab/0x2200 [ 2218.660550] ? strncpy_from_user+0x9e/0x470 [ 2218.661044] ? finish_automount+0xa90/0xa90 [ 2218.661542] ? getname_flags.part.0+0x1dd/0x4f0 [ 2218.662074] ? _copy_from_user+0xfb/0x1b0 [ 2218.662531] __x64_sys_mount+0x282/0x300 [ 2218.662990] ? copy_mnt_ns+0xa00/0xa00 [ 2218.663440] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2218.664036] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2218.664596] do_syscall_64+0x33/0x40 [ 2218.665023] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2218.665611] RIP: 0033:0x7f4689135b19 [ 2218.666015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2218.668133] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2218.668999] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2218.669822] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2218.670649] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2218.671469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2218.672287] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:04:51 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x400000, 0x0, 0x0) 04:04:51 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x7a, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:51 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xddb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:51 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590deef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000fb4ac607eeb1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1b1c2ad757e5fb411d96291278a3aed989baab0450fa5a4764987ff69249233706b1a3c4f9ecd0be0dff54a162bdb9505b3afca3bfb7417db4b6b66e261e19974674156d47eea3ac3041f743037049d59b208400fa28cfd3d5eb23a900dd7042ea020bfc5cb64aa8be036a6d9fea65e1026a468f0d5bc6f4749409f6e0585154810a4e19cbd66e2bf3b7d174a7a051c8258c5d473835b28e6539d61c332a5427a48fb0afa23b390ab12a7ed8cec084d6dfe9881ac4b9c4f37", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:04:51 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6d6d61702c63616368653d667363616368652c64656275673d3078303030303030303030303030303932342c6e6f6465766d61702c76657273696f6e3d3970323030302e4c2c736d61636b66737472616e736d7574653d095d8d90ccda610e2c666f776e65723e", @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB="014ccea19af9ffffffffffff00"]) 04:04:51 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x20000000, 0x0, 0x0) 04:04:51 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2218.864108] 9pnet: Insufficient options for proto=fd 04:04:51 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x300, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:04:51 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:04:51 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54d, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:04:51 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYRESHEX=r1, @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r0, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:04:51 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 63) [ 2219.147130] FAULT_INJECTION: forcing a failure. [ 2219.147130] name failslab, interval 1, probability 0, space 0, times 0 [ 2219.148522] CPU: 1 PID: 52006 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2219.149398] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2219.150452] Call Trace: [ 2219.150790] dump_stack+0x107/0x167 [ 2219.151245] should_fail.cold+0x5/0xa [ 2219.151720] ? __kernfs_new_node+0xd4/0x860 [ 2219.152264] should_failslab+0x5/0x20 [ 2219.152741] kmem_cache_alloc+0x5b/0x310 [ 2219.153251] __kernfs_new_node+0xd4/0x860 [ 2219.153772] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2219.154381] ? lock_acquire+0x197/0x470 [ 2219.154877] ? perf_trace_lock+0xac/0x490 [ 2219.155397] ? __lockdep_reset_lock+0x180/0x180 [ 2219.155977] kernfs_new_node+0x18d/0x250 [ 2219.156496] kernfs_create_dir_ns+0x49/0x160 [ 2219.157051] sysfs_create_dir_ns+0x127/0x290 [ 2219.157600] ? sysfs_create_mount_point+0xb0/0xb0 [ 2219.158209] ? rwlock_bug.part.0+0x90/0x90 [ 2219.158742] ? do_raw_spin_unlock+0x4f/0x220 [ 2219.159300] kobject_add_internal+0x25e/0xa30 [ 2219.159867] kobject_init_and_add+0x101/0x160 [ 2219.160429] ? kobject_create_and_add+0xb0/0xb0 [ 2219.161013] ? wait_for_completion_io+0x270/0x270 [ 2219.161608] ? kernfs_name_hash+0xe7/0x110 [ 2219.162079] ? kernfs_find_ns+0x256/0x380 [ 2219.162609] sysfs_slab_add+0x172/0x200 [ 2219.163093] __kmem_cache_create+0x3db/0x520 [ 2219.163642] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2219.164267] p9_client_create+0xc6a/0x1230 [ 2219.164802] ? p9_client_flush+0x430/0x430 [ 2219.165331] ? trace_hardirqs_on+0x5b/0x180 [ 2219.165873] ? lockdep_init_map_type+0x2c7/0x780 [ 2219.166481] ? __raw_spin_lock_init+0x36/0x110 [ 2219.167059] v9fs_session_init+0x1dd/0x1680 [ 2219.167586] ? lock_release+0x680/0x680 [ 2219.168042] ? kmem_cache_alloc_trace+0x151/0x320 [ 2219.168633] ? v9fs_show_options+0x690/0x690 [ 2219.169128] ? trace_hardirqs_on+0x5b/0x180 [ 2219.169663] ? kasan_unpoison_shadow+0x33/0x50 [ 2219.170231] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2219.170863] v9fs_mount+0x79/0x8f0 [ 2219.171300] ? v9fs_write_inode+0x60/0x60 [ 2219.171814] legacy_get_tree+0x105/0x220 [ 2219.172318] vfs_get_tree+0x8e/0x300 [ 2219.172773] path_mount+0x14ab/0x2200 [ 2219.173236] ? strncpy_from_user+0x9e/0x470 [ 2219.173767] ? finish_automount+0xa90/0xa90 [ 2219.174310] ? getname_flags.part.0+0x1dd/0x4f0 [ 2219.174880] ? _copy_from_user+0xfb/0x1b0 [ 2219.175392] __x64_sys_mount+0x282/0x300 [ 2219.175889] ? copy_mnt_ns+0xa00/0xa00 [ 2219.176334] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2219.176983] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2219.177631] do_syscall_64+0x33/0x40 [ 2219.178097] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2219.178752] RIP: 0033:0x7f4689135b19 [ 2219.179217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2219.181507] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2219.182468] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2219.183255] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2219.184143] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2219.184934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2219.185827] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2219.186798] kobject_add_internal failed for 9p-fcall-cache-401 (error: -12 parent: slab) [ 2219.187878] kmem_cache_create(9p-fcall-cache-401) failed with error -12 [ 2219.188742] CPU: 1 PID: 52006 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2219.189604] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2219.190531] Call Trace: [ 2219.190860] dump_stack+0x107/0x167 [ 2219.191319] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2219.191980] p9_client_create+0xc6a/0x1230 [ 2219.192510] ? p9_client_flush+0x430/0x430 [ 2219.193039] ? trace_hardirqs_on+0x5b/0x180 [ 2219.193573] ? lockdep_init_map_type+0x2c7/0x780 [ 2219.194171] ? __raw_spin_lock_init+0x36/0x110 [ 2219.194762] v9fs_session_init+0x1dd/0x1680 [ 2219.195299] ? lock_release+0x680/0x680 [ 2219.195797] ? kmem_cache_alloc_trace+0x151/0x320 [ 2219.196401] ? v9fs_show_options+0x690/0x690 [ 2219.196947] ? trace_hardirqs_on+0x5b/0x180 [ 2219.197484] ? kasan_unpoison_shadow+0x33/0x50 [ 2219.198052] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2219.198692] v9fs_mount+0x79/0x8f0 [ 2219.199134] ? v9fs_write_inode+0x60/0x60 [ 2219.199649] legacy_get_tree+0x105/0x220 [ 2219.200154] vfs_get_tree+0x8e/0x300 [ 2219.200619] path_mount+0x14ab/0x2200 [ 2219.201102] ? strncpy_from_user+0x9e/0x470 [ 2219.201649] ? finish_automount+0xa90/0xa90 [ 2219.202184] ? getname_flags.part.0+0x1dd/0x4f0 [ 2219.202773] ? _copy_from_user+0xfb/0x1b0 [ 2219.203296] __x64_sys_mount+0x282/0x300 [ 2219.203799] ? copy_mnt_ns+0xa00/0xa00 [ 2219.204289] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2219.204945] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2219.205587] do_syscall_64+0x33/0x40 [ 2219.206067] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2219.206717] RIP: 0033:0x7f4689135b19 [ 2219.207180] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2219.209462] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2219.210417] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2219.211206] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2219.212102] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2219.212889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2219.213780] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2232.769624] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:05:15 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 64) 04:05:15 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdeb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:15 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) perf_event_open(&(0x7f00000006c0)={0x2, 0x80, 0x5, 0x40, 0x8, 0x7, 0x0, 0x1ff, 0x2050, 0x9, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x4, @perf_bp={&(0x7f0000000540)}, 0x8, 0x0, 0x8000, 0x0, 0xff, 0x7, 0x5, 0x0, 0x0, 0x0, 0x80}, 0x0, 0xa, r0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) sendto(r1, &(0x7f0000000140)="bc50429114e9e8cedea3ec176882fcbbe9089a3a86be60e3d0841a5db7ad5ee6c5e77f2af324c8dfbe00e7ad4b5e2decf2578763a159f1c55a57de8b9dd79520f25b81", 0x43, 0x40080c0, &(0x7f00000001c0)=@generic={0x25, "1da852f3b1b13822a8e9056287c3862564d3ed04a42f2b0cf2b2b5de800bcdcd7d26f84357416c0885b359a4410f6bf8980d8b9eaef0820a379b9477c50883451620b8dfa859d8cf9bb1ece13bc88c2c88d90b28bbc8e1cf4a139635366ceef1a9c944bf77128e4573800c95cb70c3d0ba2f04153ad429743c77165d8393"}, 0x80) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x725b03, 0x3) ioctl$INCFS_IOC_CREATE_FILE(r2, 0xc058671e, &(0x7f00000004c0)={{'\x00', 0x1}, {0x29d8}, 0x0, 0x0, 0x0, &(0x7f0000000040)='./file1\x00', &(0x7f0000000240)='./file1\x00', &(0x7f0000000280)="2d5010ba02fc25257245ebffb342aa0e6701b112b8c247d92c7fce11a3f3adc023c18780a48cd9231e6aed261b410176c2ddc7312e11292309d5e9135254ff49ffc1ab11bdb7c42015fbca62d0da26fc18e5da39447c4d1cd358223ea4f7e639639de2063e9d6db1197e85150b9a6e879b5e2902a4fc9d89e0956662daa76f460664771505cccdfb08f6de280fc9c7514524b6d1299452bf4008c0d4cbdc213c4d8369355144f4373ca271c287c821af0965663885aca50ce1397a3a48e90e8edd1ea99352f6e3837ec302d3bfbbb3dcd6ae43dee9079373bf3ebbc8b22cb9aa14c9d7a09826", 0xe6, 0x0, &(0x7f0000000380)={0x2, 0x112, {0x0, 0xc, 0xc8, "a196e126b4d66518d0eb0e42f5d379e70995c194d035d05d54047af029cbc3d1a289d4904045a10924b52eaae419f04f7c82cca98f0ced7a85398518d65e9a55dff4f7017d6024a9feb52eec68d09f3cc75d3aafc5575e72697daecacbd275833a9ea73fe0f0ab54790706b129e4b331af7e13148167d7f42d85e7565a178322757b00961b4b40ed0385eddc0da34ef5c99b5534e7bd56ee975425ed81ee582735fe4ed1a43b0c35f7274ff6de12a44ccb5f2c7acf93d8549dafc25689176a4a3167563bf80a256d", 0x3d, "11df8f962274bfebca980fc8edfc0bd209e0ce3d1e6973f5014193fc299e20c460aa760659142cc3388f2f5384ee55002b804bdc69b93437f145a8419d"}, 0x1b, "6b7f655d819ed0a07132931395112ea5fd74e84e1d8f42c8d9e0d4"}, 0x139}) 04:05:15 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x500, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:05:15 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0xff, 0x0, 0x0, 0x5, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x469, 0x20}, 0x0, 0x0, 0x3, 0x7, 0x7fffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x1) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0xfffffffd, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:05:15 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54e, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:15 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x1000000000000, 0x0, 0x0) 04:05:15 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f5, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2242.921834] 9pnet: Insufficient options for proto=fd 04:05:15 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f109000000040000000000000000000000000000000000000000000000000000000000000000000080000000007157cfd80700001e4a266666edaae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167fe2304423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e100"/573, @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2243.023488] FAULT_INJECTION: forcing a failure. [ 2243.023488] name failslab, interval 1, probability 0, space 0, times 0 [ 2243.024857] CPU: 1 PID: 52034 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2243.025676] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2243.026671] Call Trace: [ 2243.026994] dump_stack+0x107/0x167 [ 2243.027416] should_fail.cold+0x5/0xa [ 2243.027848] ? __kernfs_new_node+0xd4/0x860 [ 2243.028337] should_failslab+0x5/0x20 [ 2243.028771] kmem_cache_alloc+0x5b/0x310 [ 2243.029252] __kernfs_new_node+0xd4/0x860 [ 2243.029738] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2243.030302] ? lock_acquire+0x197/0x470 [ 2243.030799] ? perf_trace_lock+0xac/0x490 [ 2243.031289] ? __lockdep_reset_lock+0x180/0x180 [ 2243.031831] kernfs_new_node+0x18d/0x250 [ 2243.032314] kernfs_create_dir_ns+0x49/0x160 [ 2243.032834] sysfs_create_dir_ns+0x127/0x290 [ 2243.033360] ? sysfs_create_mount_point+0xb0/0xb0 [ 2243.033925] ? rwlock_bug.part.0+0x90/0x90 [ 2243.034414] ? do_raw_spin_unlock+0x4f/0x220 [ 2243.034959] kobject_add_internal+0x25e/0xa30 [ 2243.035490] kobject_init_and_add+0x101/0x160 [ 2243.036008] ? kobject_create_and_add+0xb0/0xb0 [ 2243.036554] ? wait_for_completion_io+0x270/0x270 [ 2243.037095] ? kernfs_name_hash+0xe7/0x110 [ 2243.037580] ? kernfs_find_ns+0x256/0x380 [ 2243.038056] sysfs_slab_add+0x172/0x200 [ 2243.038536] __kmem_cache_create+0x3db/0x520 [ 2243.039053] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2243.039633] p9_client_create+0xc6a/0x1230 [ 2243.040121] ? p9_client_flush+0x430/0x430 [ 2243.040605] ? trace_hardirqs_on+0x5b/0x180 [ 2243.041099] ? lockdep_init_map_type+0x2c7/0x780 [ 2243.041635] ? __raw_spin_lock_init+0x36/0x110 [ 2243.042170] v9fs_session_init+0x1dd/0x1680 [ 2243.042711] ? lock_release+0x680/0x680 [ 2243.043179] ? kmem_cache_alloc_trace+0x151/0x320 [ 2243.043749] ? v9fs_show_options+0x690/0x690 [ 2243.044260] ? trace_hardirqs_on+0x5b/0x180 [ 2243.044768] ? kasan_unpoison_shadow+0x33/0x50 [ 2243.045312] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2243.045905] v9fs_mount+0x79/0x8f0 [ 2243.046325] ? v9fs_write_inode+0x60/0x60 [ 2243.046840] legacy_get_tree+0x105/0x220 [ 2243.047303] vfs_get_tree+0x8e/0x300 [ 2243.047741] path_mount+0x14ab/0x2200 [ 2243.048192] ? strncpy_from_user+0x9e/0x470 [ 2243.048702] ? finish_automount+0xa90/0xa90 [ 2243.049206] ? getname_flags.part.0+0x1dd/0x4f0 [ 2243.049752] ? _copy_from_user+0xfb/0x1b0 [ 2243.050239] __x64_sys_mount+0x282/0x300 [ 2243.050738] ? copy_mnt_ns+0xa00/0xa00 [ 2243.051206] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2243.051832] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2243.052445] do_syscall_64+0x33/0x40 [ 2243.052873] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2243.053479] RIP: 0033:0x7f4689135b19 [ 2243.053923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2243.056105] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2243.056961] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2243.057787] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2243.058659] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2243.059506] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2243.060362] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2243.061450] kobject_add_internal failed for 9p-fcall-cache-403 (error: -12 parent: slab) [ 2243.062448] kmem_cache_create(9p-fcall-cache-403) failed with error -12 [ 2243.063307] CPU: 1 PID: 52034 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2243.064116] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2243.065105] Call Trace: [ 2243.065419] dump_stack+0x107/0x167 [ 2243.065863] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2243.066509] p9_client_create+0xc6a/0x1230 [ 2243.067022] ? p9_client_flush+0x430/0x430 [ 2243.067526] ? trace_hardirqs_on+0x5b/0x180 [ 2243.068033] ? lockdep_init_map_type+0x2c7/0x780 [ 2243.068576] ? __raw_spin_lock_init+0x36/0x110 [ 2243.069125] v9fs_session_init+0x1dd/0x1680 [ 2243.069639] ? lock_release+0x680/0x680 [ 2243.070120] ? kmem_cache_alloc_trace+0x151/0x320 [ 2243.070700] ? v9fs_show_options+0x690/0x690 [ 2243.071206] ? trace_hardirqs_on+0x5b/0x180 [ 2243.071718] ? kasan_unpoison_shadow+0x33/0x50 [ 2243.072253] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2243.072823] v9fs_mount+0x79/0x8f0 [ 2243.073247] ? v9fs_write_inode+0x60/0x60 [ 2243.073740] legacy_get_tree+0x105/0x220 [ 2243.074218] vfs_get_tree+0x8e/0x300 [ 2243.074680] path_mount+0x14ab/0x2200 [ 2243.075114] ? strncpy_from_user+0x9e/0x470 [ 2243.075629] ? finish_automount+0xa90/0xa90 [ 2243.076141] ? getname_flags.part.0+0x1dd/0x4f0 [ 2243.076701] ? _copy_from_user+0xfb/0x1b0 [ 2243.077199] __x64_sys_mount+0x282/0x300 [ 2243.077675] ? copy_mnt_ns+0xa00/0xa00 [ 2243.078126] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2243.078741] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2243.079330] do_syscall_64+0x33/0x40 [ 2243.079751] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2243.080324] RIP: 0033:0x7f4689135b19 [ 2243.080744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2243.082913] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2243.083788] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2243.084611] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2243.085428] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2243.086250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2243.087080] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:05:15 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb54f, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:15 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdfb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:15 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f6, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:05:15 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) openat(r0, &(0x7f0000000040)='./file1\x00', 0x90000, 0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@cache_fscache}], [{@measure}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:15 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000949c5b3de1f1b83c064969988d00000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:05:15 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x600, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2243.250925] 9pnet: Insufficient options for proto=fd [ 2256.831122] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:05:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f7, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:05:39 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x40000000000000, 0x0, 0x0) 04:05:39 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x700, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:05:39 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe0b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb550, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:39 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(r0, &(0x7f0000000000)='./file1\x00', 0x250000, 0x30) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {0x24}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) fstat(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r3) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x100080, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,uid<', @ANYRESDEC=r2, @ANYBLOB=',fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=r3, @ANYBLOB=',fsname=.,audit,\x00']) r4 = syz_mount_image$nfs(&(0x7f0000000040), &(0x7f00000001c0)='./file1\x00', 0x4, 0x5, &(0x7f0000000500)=[{&(0x7f0000000200)="f282c02d11a240d3a29954994a8d89b49108a8a3674cab9fe6cab486f6c6b5e75bd9ea305b6ed673f445922fb0a102a6caa2f30ceea793d6ab2ddb6ae2421b0d8940a15220a656d4a3975095eeedaecde00e961a21c20fddc9aea9461b2feb2a3d2ca2c9c4db08548071caf8060224cbc0259646743fb05ba7f7e9a3c949e8affc2e0f65367ac63aa8090c3f422cdc6b85e7df1775b644f0b46fc4e567350ab154deb5f894453d67484134e49ed9e1a07cb241c22aba7206128dd3137a0605a19c7bf252bbbb9896f2d6899ce52cfbe150ff4e62c1d683841ea80d6a", 0xdc, 0x2fff7fa9}, {&(0x7f0000000300)="a2079d0785ad9b5814ca45e7fba5814795bcba2ec065cae6feeb49ef86ad994f08a941fbbc7ca67dc2abb183ad54bebf28792c58e655cb0af6dd9ed17c009d", 0x3f, 0x5}, {&(0x7f0000000340)="02c22e2628bf65a930a655dc656dcfa53c544e0939d6ad4ae4914c8e786674548a39ef852ec40dd9e2b1f5a8fdbb596ad4a2c30ad1f5ff310418a067750aa0e2253a57a801970715f29bf3a6a584f180379b65819be4ef740436027b8d9d49e9b564da952c6d9a6cffdb7b6a9a11dfd1a9e6ad9966cee839582a133bd6d5e3f8f71e1cc4646f7c253a8406", 0x8b, 0x2}, {&(0x7f0000000940)="50aa2f41e5f7f055eff3a949ef51f719fd011681224de6e1f446749079b4d1c5488be2157cfba8ea8454999150287d471701f7e0ef80b0876e13197fd4d56f25383751ebdc4f8f5b204423ac850905bb314b7d68b01e856becfe279a763576ceb98aae346a1d12f3feec6b338fc30b64dd479064ffc62477295a155f09a455a273fcd2c7af4a6451963474a5f3a99f89c78738a585bf7c96ef0965f832915b672c71455cd5b01ab6538efd9705e7f38834cbb3755d4cdda4fe6b1cfb0067970d95309332f375eb66903939d4349382dd650775a7d39708dbe22f57f7808b04c2ed1a367e8d40c2d37e13ba30ffcc8077c6bb3080efab4835f4c2e51cf113e3215b49662e33572e8e0578c022dd9552be93764076b625a74cfce7dd4c123839a7152c117bb89c132089fe53b4d3a5913c4b2f6afa8b3340999ff3197ff886332e9cf6b7f07435be18d0b047fe1daeb710a1eb79131697c1966dae1836268b0fa658ac3dcf236bb61b5ec388c47fa331581fb8d911f640a19612a6f9d5fe6ac82a005e52eb498606c77fc6629b0ca4fc696cb9e3cd6c3192f90d5162350abe8f9e751076be521e0f843f31052274d80f1d12ddf4f3b0946f432f80e7e3ecd0f2ea65d29d2f75fa0c2dd6cc6d51860329c533bef0f9db231b4142f5a6087971e7d0e79ede23f2b72955695b96cb4b0ac5f4471cde445870f2b77c7cce149ad36f438198b130b2f4c3e99d69cc85fe164e3aca5de06e4326f32135aafcb1a21530b7402f5a30ebbb5caac889842636c89c133c419aace7b7778f8b241032857d8b3ed6b1fe5233e35e53d475c9fd77f0a54ff301653315afb9c50dfa87da2b118008bad02c5f0a06ecb18a16f707881ea50ca86e2e601d094cab62d353017851697ae401cd550c9e2b25ebac384afd7bb1df2bf83f426cf90e75db984637717cca35a1bda5c01dfc8cb33e31fde73f107ac1eaf27826dcd78afb8367cb7c58eaa7c8a8c1125f10c3876e2f9ab476a7f835cf31f6369df69a713688ec2b76f5dca69dc10585a0444074b275b79b9ab119faae581f4463e26f4e185ecf53c85da771f1658d78b4f5732646467913d3fb8e5ba30f340d0e7c8f98c154b964ccec9523e36b5d8fd4e32f8d845a6e7e314425f296bfb6d62dc8f4963fda1f8104b23b8a8a2e73c027edaa8bf6a245550fff05f452fa0632eefe7c195215b992ba105b1101995a2f998b433ebe3dcd1d65707dcf147efb47e384b253e99867630a3fc1c5ba39baeae6fc312ad6aab58727a70a8eb5a94efc59894d37ca19042b31d131aa4ed5e2e8b4772a11de25239764e5288c6b201ad1bb57de92fa61566824734eb7d26d27c29c9193f3e9be0c2b4b1f8a43c68181d3089fb1599914296fb2e06f22352d84e28024fc62f0fdea88381bf2451257a5d3f2d1d6398203d8eca65841b870bfcedd9782f1f48d4a64f2c8a06dc584cf5a80294864b655c62d5d00a4ed79c175ad64830989bd6f8ec20bead0165b57a25b566bf7ff70cf790176f7a32bf6da359ed9c9e5f149009b70eacc0f772fd1a60db81897df6207727059efe36e4976eaab37e4e2c166b7bbe23f90d15e95db5e7ac873c07e6573693a7fbf7aa1351043d92c329ee15d1b731d8e99d2dcd502fcd366d29d74c0b5fbbae80ca433486566a8a1303ce7a00c40e302a32176819e4f3b16fe6331f01fd9adfdc3756631473c4d79dcc2448f1c11585df043185b5f419b88dfa6de3e56bc120ea49d890427c84fd7dfa7cad745464d746d2e924f4e2e6dc74e7932723d894322f9b5e527e7d0fd65f0ee5d8a78b401c02cb6d302a26238f5ba6f0ded78f515e04ab348356d46e1b990ecd0d2e6f07ba304f8d9bcabb7ac4a5a1e7bbf455cb93900c676b41c5d27fc9aab6cb1e687149b28119dda4ef97901bc39330aa8cfee3848748069955e1fc1ad8cbe25a8818643557e3e1158abf7bab3747b83ba701faf2c26f5420138ed4eaca24d03c0e2e76bc3e46d37f5c61907f4263521373af52240d45c670476bcfb537c296a62fb50cae7129985436c9996a0ac5639b6c6d29d12fe32771af97fd5a241a1f02decf6126e40457aaf428330fe8e162e288474629db208d3941a2c818410d0b4e90c4339b5af2b3eae76c5a8602cde95f04a717e459ed9e0243016213e798b11986020a8072142514701a2b9bdcf8158ebce1c25337a6da670ca25d4874d63f6ab84216000d4f60eb6ee19ea5942466ae710602e84741b0eea30992c6e57806cbd30e4f254f20c890cc23019cd71e5eeb5be74bbf469c90e991dd71184ad2dc1540cc1b7d9b5390538efdf490a124313ebd6de86e743f7ff86050f7bc43c31eb117d7b0a7f43814ce45d8e5845ab121d7cc259df0eefdb476c93a0e3ece67035bca725c131b8032e0e112ed59332de30ddd3543fad555b0f6fefa37e7861130df49806636e71940ed594c2f29620a71559676cb68d0f7655bd886fb6cedfeb31a245120e357a880bcf6781fe1ff8d086afa4f450dee8f791a55618f5e447cdebd5d34c159fbb207730604715857069abeb455ee31d6e52898d947a7e7b015f9d69432c0c684cd5cde70b52047a658cb9b2be92c6fd89d91dd705c5f99124198cb03584ce5c16c3693d57f7e8a6a1c9bef50053dda73a19f35a092821072bfb5da3b67ea071c76c6b70d1129180919ba5b669ed0c6a21eba64c1aa97035dae52a04677ae37fc100a2b733506a993ffc7748cbb67cd0f6f89ea90c592804b15df9a4915d81f0acc92941e6955c1c1ff11905abe06e36b222998d2dd2db62515887b26316aabeec67b3ba67aa56f2f4e4ce7d1448338963b49547c3e26e94e32368f740d3309bfa466b1cd78f63dd0300236b976753e291e18c818c62d47b49633381ff6edc62776d3bfd3eecb8a23a8084b2a7715f13d2333a70b035e95727609797e158cc2462e802cc11c4780c922f8722dda6c9bf711f69e7148dd7144b1a75c5f5f7477529c787939dae26266fb90ad621b3ca6d35f7e89a5479356132b3611e16a95affe98c61f5fcc2e5f08883e62bbfdbb21adf6ddc3695a69adfe387462ad7caede06030a295650403b27c44cc3a6595fe589bcfead2515fbfc11aabb9a72dbd0b6edd800461da262799e9a012b7184c52ebbaba634718f7190a4ae04526c762b9236fb75a886c77ddeda565445d91eafeedb5eceeb9cae26e9324e0f64bf91ec7760ab099f3d51c271aa701a02a5020e21f7642b3ffbcbb7c4a4e39bcca9159990be6c0ef9daf62f6075a7a4006d53f1b31bd86dd2aa0bc6519b548751db80ae0d1a7e009ce32a3cb0afe3cb9ff0497e5dc9bb8a68b3bc89358f8c3d1cd35ebdb43477defd16812add0e5d1c91aba46d5306dba6dddab92926df35b8fdd233652858dad2848e169ffa5cbdd9ea77dfac6c952731af66f7a3ee74f26ed2a57cc44feefac55e8889a21006b9d3904bc9dc877ba7e08a85b5f9527cc08f401bf33f2151c040d42c93905608bd8a1bafa0a654588d1da0d89fb2d52954643c836b9be1a57252b355aaa78aaa6ef97af13d3ccda0f16047532ddadb7d2cf69abd7756abfed58a32109357cad909b28c10176efbe6ea959a64cfe20d878a0a63288d2118fe99f839a9419d79b3b673e67aaff8f4b2d7f4d1d708bc4475fe12ca41d80fe0899714145d4f7af59fe83c68965eb9444863d27ccb0a137af2e6634fad33432e02206d47d1b9fa597591b2f683588ce6d25d3fe7b333d8ef6331852c98896a84c9ea8b7abca6434cdee770d374f834a25b9c71dd87ecbc0260663757fff4a1f29b1543f2bbbe887d017d749cad1218bb61e589469765fae6c1ae1622ffc0413f13f4112a556818505e1d6df16b589a1280d059f61bbff9b3713edf7b763550a4ed2eac6d6d06febb6d67b7103a4e9d39d88345cc1dbf4895b31ec196f7a01b42d0ab1ab6a7a359029fb9f09cf40d6cd068fd82af580c9f796584942557f0ce4cd3e730a33cc739809788a58bf7fdabdcb4a4de79b92ad24217c808d05ca6322fe038808ba944d796aaca33fbd8e1b6db3f4872b0c28428bd33af4cfbfa82d629ff41f30fde9d7bbdfb1cf90841bb653a922d606913897e9f4d015e6c0c2cf94b52e1471aede2945e871741f2809a4c866d37bd258682f7dea156395c5422f54f105c295507b4ad5bf63c0627917e526bae157e07af44e407f93e9a57eb6ad65d3330d2afd7c2330943ee4fb1d76d23480acac1fbd37e9ef786070b4024d080f2ed5354e81cabba56715b29575b22a1e5dc1ece036510e573bddc3a6c9cfe9e7c249dd1ce55bfcf4f5f86bf1d60d42786eab125907c9105d5c32f0a1c90233ebea0b9c1af42e8629826ff9043d60e4526d9e1980942ff9c62d4fbc538f783df415f1758241460a57ca111430a1d9973e321407fe3b9741054c39164e1632f9db5b0b97a83441a4ef1b6e62b6d03697ecd1484ec57cfc09b0347f570118562c453d49a5719aab1033245b0e7d90bf511ac1357b31e13aa371a4c99d183ca807ac61d715c0a75018897c6ddbedfab1d673da2f2d8f45f1b3f9032597bb36ad4ac549c1b6d5fb1999e6999ac252db06851b8aa632895e3b0a1a63ac90ae84b31e1ed3286357e9226cb6ddf06ea70385972dc8f6f30ecc4c8ae1acca8a3194bfd153d0b201179b1ed8de6e13268e77ea5b9f051bde4792440a690fd65b9beeda2034b7b0bdb7af884e153e3311065652a45bf8efaafdd6f4c9be3d7066b167936b33245765ef51031bb09da9c1bff8784bda7d494d375e35cf6689b72b83aaa28dc448e3c0717871286a01ec43e58fed00ff6b33368c29fd383b4864b1b835dd1a642a44528291f0951329bed81680f314f78f8a30410347d032b0a5e81447f4e24f1e4a3e36c52fb40d1d48085ba75816bba1e80221e8e9dbebc4703c9b9528147568fa5f2b781dad92aad3b61cd6ec00f3e71fc7480d92038db6af808314aa9a3b499e18e1678880f28bd7cbb9b8297b84f24efbbcc019a056cc408534ea33da89338a8b4389162249446c2d03497ae58c3527927c0bea5f577257b8a44524502ed31345dbc4b6759ea7f3d27911c00fa0e064cf7bef9877c776aee713545f61d2302e3d2bc8919a31d3f005db6391b1c8f510389b405f5b568d614f8b8ee1600e245a6632925a2ac45ff5a90290ed1bfc705a3dc73a88ce859cf18d0ce8c2d8ea0a084d2bbbaf27bbaa4269ef181930880243c5e7b18bb7c363e512678ebee829e8050d71870d9f9b43c4d689edde321463254979ce0734004734971f8da13371c7389037638dd9f65a26260dd12c14e5beb6c0dc2882cde11202d4cf7302313e3c8d9162f31ec527e9c52d114265c45c70c4d0f91b0bf925bc29f00862bfd6dd5c070fa20cd8a31cc4a82e80e5c0a7b5b86119d1353d10266fdc2763b0933f2e4debfc8d95a5d1f9f235a994abca3fdad5059ca316cfd1d84b38a2562c30dfe2c943bcb99e5b4f54b7e556eb99eb8c2ac8243c0978527246fb5d229a9b35e5817af628d4ba193ec96ab4efc675ea80662a02a2f8779dc4399bbb9198dcb021d3ac2e12ed4f899e0cb8adf8e45e8c1ed1d9b5052420856e652b11f3d082834c54e0683316ebcc3c546c24a40adfda986573363c6ba6577429526f47802c7ba37af82397c1eaf67135ec8a1a270c8da09fa4fdc5b9359bc8225b0cde5cebec913e2a113852cdbd95f6a0ea1855c288fac1c86cce94a9c45075cdd2da750625b4e3a7aefa9629cf19176dc5849760787b77c55f28f88b", 0x1000, 0x100}, {&(0x7f0000000400)="360faf178c92efe3d0bbf926f9fe4fb187274e15330a1f993387a973b8be3e46068879ede6042b97c25db017f15a7fa8b5d131c4007cd33eb11c953d19401f7374bfb55467c6209a9cb7b328616b1480c11aa90c7234bf1a70b121235935ebc51854796fde67afec3b6b2d6d34a358ec5101377baa0186c75015baa0c14c43c05f4fff16e0ceb5bab6425531ed5762334c4265190374764623cab5bcaf33ec3fe8bdc0d968cfc6d11cd31efc71d86d477714d535ebd24ab97b0e267a9602e9e578aba7f22981695d567364c4fbf7751b759482eff8e9de8481f8dcb352a713abb1e2c6d5dd56a2495f943aa35cc754383a1808f028c89d5dd0", 0xf9, 0xfffffffffffffffc}], 0x250028, &(0x7f0000000740)=ANY=[@ANYBLOB="3970002c5e2c2b212c2f2342e8233a5be8c533bc1f5ff58f082c7e5d2c3a6c8a407b8c5a37d0eb38733b20592025212c3970002c7375626a5f726f6c653d2f26232c7375626a5f72cb888c47b5c7388eedbe8daa478d7ea56f6c653d3970002c6f"]) unlinkat(r4, &(0x7f0000000700)='./file1\x00', 0x200) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000006c0)=0x80000) 04:05:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 65) 04:05:39 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1d3bcb27ba3791416c2a670a18db646000000000000000000", @ANYRESDEC=r0], 0x190) r7 = dup(0xffffffffffffffff) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) [ 2266.970368] FAULT_INJECTION: forcing a failure. [ 2266.970368] name failslab, interval 1, probability 0, space 0, times 0 [ 2266.971756] CPU: 1 PID: 53073 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2266.972536] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2266.973473] Call Trace: [ 2266.973779] dump_stack+0x107/0x167 [ 2266.974194] should_fail.cold+0x5/0xa [ 2266.974632] ? __kernfs_new_node+0xd4/0x860 [ 2266.975127] should_failslab+0x5/0x20 [ 2266.975568] kmem_cache_alloc+0x5b/0x310 [ 2266.976031] __kernfs_new_node+0xd4/0x860 [ 2266.976505] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2266.977047] ? lock_acquire+0x197/0x470 [ 2266.977503] ? perf_trace_lock+0xac/0x490 [ 2266.977977] ? __lockdep_reset_lock+0x180/0x180 [ 2266.978508] kernfs_new_node+0x18d/0x250 [ 2266.978989] kernfs_create_dir_ns+0x49/0x160 [ 2266.979486] sysfs_create_dir_ns+0x127/0x290 [ 2266.979981] ? sysfs_create_mount_point+0xb0/0xb0 [ 2266.980524] ? rwlock_bug.part.0+0x90/0x90 [ 2266.981003] ? do_raw_spin_unlock+0x4f/0x220 [ 2266.981505] kobject_add_internal+0x25e/0xa30 [ 2266.982016] kobject_init_and_add+0x101/0x160 [ 2266.982528] ? kobject_create_and_add+0xb0/0xb0 [ 2266.983065] ? wait_for_completion_io+0x270/0x270 [ 2266.983606] ? kernfs_name_hash+0xe7/0x110 [ 2266.984085] ? kernfs_find_ns+0x256/0x380 [ 2266.984562] sysfs_slab_add+0x172/0x200 [ 2266.985015] __kmem_cache_create+0x3db/0x520 [ 2266.985520] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2266.986088] p9_client_create+0xc6a/0x1230 [ 2266.986571] ? p9_client_flush+0x430/0x430 [ 2266.987062] ? trace_hardirqs_on+0x5b/0x180 [ 2266.987553] ? lockdep_init_map_type+0x2c7/0x780 [ 2266.988090] ? __raw_spin_lock_init+0x36/0x110 [ 2266.988613] v9fs_session_init+0x1dd/0x1680 [ 2266.989102] ? lock_release+0x680/0x680 [ 2266.989556] ? kmem_cache_alloc_trace+0x151/0x320 [ 2266.990101] ? v9fs_show_options+0x690/0x690 [ 2266.990605] ? trace_hardirqs_on+0x5b/0x180 [ 2266.991111] ? kasan_unpoison_shadow+0x33/0x50 [ 2266.991633] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2266.992206] v9fs_mount+0x79/0x8f0 [ 2266.992613] ? v9fs_write_inode+0x60/0x60 [ 2266.993076] legacy_get_tree+0x105/0x220 [ 2266.993539] vfs_get_tree+0x8e/0x300 [ 2266.993959] path_mount+0x14ab/0x2200 [ 2266.994391] ? strncpy_from_user+0x9e/0x470 [ 2266.994890] ? finish_automount+0xa90/0xa90 [ 2266.995380] ? getname_flags.part.0+0x1dd/0x4f0 [ 2266.995910] ? _copy_from_user+0xfb/0x1b0 [ 2266.996390] __x64_sys_mount+0x282/0x300 [ 2266.996848] ? copy_mnt_ns+0xa00/0xa00 [ 2266.997286] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2266.997882] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2266.998466] do_syscall_64+0x33/0x40 [ 2266.998895] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2266.999476] RIP: 0033:0x7f4689135b19 [ 2266.999898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2267.001971] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2267.002839] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2267.003640] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2267.004444] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2267.005244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2267.006046] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2267.006962] kobject_add_internal failed for 9p-fcall-cache-406 (error: -12 parent: slab) [ 2267.007934] kmem_cache_create(9p-fcall-cache-406) failed with error -12 [ 2267.008715] CPU: 1 PID: 53073 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2267.009496] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2267.010430] Call Trace: [ 2267.010729] dump_stack+0x107/0x167 [ 2267.011155] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2267.011755] p9_client_create+0xc6a/0x1230 [ 2267.012237] ? p9_client_flush+0x430/0x430 [ 2267.012722] ? trace_hardirqs_on+0x5b/0x180 [ 2267.013209] ? lockdep_init_map_type+0x2c7/0x780 [ 2267.013741] ? __raw_spin_lock_init+0x36/0x110 [ 2267.014269] v9fs_session_init+0x1dd/0x1680 [ 2267.014770] ? lock_release+0x680/0x680 [ 2267.015235] ? kmem_cache_alloc_trace+0x151/0x320 [ 2267.015787] ? v9fs_show_options+0x690/0x690 [ 2267.016294] ? trace_hardirqs_on+0x5b/0x180 [ 2267.016783] ? kasan_unpoison_shadow+0x33/0x50 [ 2267.017304] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2267.017887] v9fs_mount+0x79/0x8f0 [ 2267.018298] ? v9fs_write_inode+0x60/0x60 [ 2267.018780] legacy_get_tree+0x105/0x220 [ 2267.019242] vfs_get_tree+0x8e/0x300 [ 2267.019664] path_mount+0x14ab/0x2200 [ 2267.020096] ? strncpy_from_user+0x9e/0x470 [ 2267.020590] ? finish_automount+0xa90/0xa90 [ 2267.021080] ? getname_flags.part.0+0x1dd/0x4f0 [ 2267.021607] ? _copy_from_user+0xfb/0x1b0 [ 2267.022085] __x64_sys_mount+0x282/0x300 [ 2267.022546] ? copy_mnt_ns+0xa00/0xa00 [ 2267.023003] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2267.023598] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2267.024187] do_syscall_64+0x33/0x40 [ 2267.024613] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2267.025193] RIP: 0033:0x7f4689135b19 [ 2267.025620] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2267.027709] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2267.028569] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2267.029376] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2267.030182] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2267.030994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2267.031801] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:05:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb551, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:05:39 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe1b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2281.219957] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) [ 2289.132952] FAULT_INJECTION: forcing a failure. [ 2289.132952] name failslab, interval 1, probability 0, space 0, times 0 [ 2289.134314] CPU: 1 PID: 53811 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2289.135113] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2289.136054] Call Trace: [ 2289.136367] dump_stack+0x107/0x167 [ 2289.136792] should_fail.cold+0x5/0xa [ 2289.137242] ? create_object.isra.0+0x3a/0xa30 [ 2289.137769] should_failslab+0x5/0x20 [ 2289.138215] kmem_cache_alloc+0x5b/0x310 [ 2289.138687] create_object.isra.0+0x3a/0xa30 [ 2289.139207] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2289.139788] kmem_cache_alloc+0x159/0x310 [ 2289.140270] __kernfs_new_node+0xd4/0x860 [ 2289.140750] ? lock_acquire+0x197/0x470 [ 2289.141209] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2289.141752] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2289.142361] ? kernfs_add_one+0x124/0x4d0 [ 2289.142838] ? kernfs_create_dir_ns+0x10b/0x160 [ 2289.143383] kernfs_new_node+0x18d/0x250 [ 2289.143852] __kernfs_create_file+0x51/0x350 [ 2289.144356] sysfs_add_file_mode_ns+0x221/0x560 [ 2289.144897] internal_create_group+0x324/0xb30 [ 2289.145423] ? sysfs_remove_group+0x170/0x170 [ 2289.145928] ? kernfs_name_hash+0xe7/0x110 [ 2289.146413] ? kernfs_find_ns+0x256/0x380 [ 2289.146894] sysfs_slab_add+0x188/0x200 [ 2289.147355] __kmem_cache_create+0x3db/0x520 [ 2289.147861] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2289.148438] p9_client_create+0xc6a/0x1230 [ 2289.148926] ? p9_client_flush+0x430/0x430 [ 2289.149409] ? trace_hardirqs_on+0x5b/0x180 [ 2289.149899] ? lockdep_init_map_type+0x2c7/0x780 [ 2289.150447] ? __raw_spin_lock_init+0x36/0x110 [ 2289.150973] v9fs_session_init+0x1dd/0x1680 [ 2289.151480] ? lock_release+0x680/0x680 [ 2289.151940] ? kmem_cache_alloc_trace+0x151/0x320 [ 2289.152492] ? v9fs_show_options+0x690/0x690 [ 2289.152998] ? trace_hardirqs_on+0x5b/0x180 [ 2289.153493] ? kasan_unpoison_shadow+0x33/0x50 [ 2289.154009] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2289.154590] v9fs_mount+0x79/0x8f0 [ 2289.155002] ? v9fs_write_inode+0x60/0x60 [ 2289.155474] legacy_get_tree+0x105/0x220 [ 2289.156199] vfs_get_tree+0x8e/0x300 [ 2289.156660] path_mount+0x14ab/0x2200 [ 2289.157272] ? strncpy_from_user+0x9e/0x470 [ 2289.157798] ? finish_automount+0xa90/0xa90 [ 2289.158290] ? getname_flags.part.0+0x1dd/0x4f0 [ 2289.158820] ? _copy_from_user+0xfb/0x1b0 [ 2289.159311] __x64_sys_mount+0x282/0x300 [ 2289.159774] ? copy_mnt_ns+0xa00/0xa00 [ 2289.160222] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2289.160825] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2289.161425] do_syscall_64+0x33/0x40 [ 2289.161851] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2289.162438] RIP: 0033:0x7f4689135b19 [ 2289.162861] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2289.164955] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2289.165820] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2289.166626] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2289.167448] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2289.168257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2289.169069] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:01 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x2000000000000000, 0x0, 0x0) 04:06:01 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x0, 0xa0, 0x0, 0x5, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x890c, &(0x7f0000000080)={@local, 0x35, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) socket$inet6_udplite(0xa, 0x2, 0x88) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x5) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000076000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bd940c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r7 = dup(0xffffffffffffffff) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) 04:06:01 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe2b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:01 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x900, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:06:01 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0xa, 0xd010, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x4e23, 0x4, @mcast2, 0xbdd}}, 0x80, &(0x7f00000017c0)}, 0x0, 0x8abb4d2a8b028460}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x0, 0x0}, 0x80000001) r6 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x882c2, 0x0) openat(r6, &(0x7f0000000180)='./file1\x00', 0x182, 0x80) r7 = openat$sr(0xffffffffffffff9c, &(0x7f00000035c0), 0xe8b02, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, r7, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3, 0x0, r7}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r8, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, r6, 0x0, &(0x7f0000000540)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b92caaa9764c7c7e075a13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf951842a8ad7c6dfb6292bde68a6473999a7e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x9b, 0x24008001, 0x0, {0x0, r9}}, 0x8) [ 2289.227110] scsi_io_completion_action: 8 callbacks suppressed [ 2289.227165] sr 1:0:0:0: [sr0] tag#0 FAILED Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE cmd_age=0s [ 2289.230603] sr 1:0:0:0: [sr0] tag#0 Sense Key : Not Ready [current] [ 2289.232057] sr 1:0:0:0: [sr0] tag#0 Add. Sense: Medium not present [ 2289.233474] sr 1:0:0:0: [sr0] tag#0 CDB: Read(10) 28 00 00 00 00 00 00 00 40 00 [ 2289.235089] print_req_error: 374 callbacks suppressed [ 2289.235109] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 27 prio class 0 [ 2289.241529] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.242200] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.243386] buffer_io_error: 2854 callbacks suppressed [ 2289.243393] Buffer I/O error on dev sr0, logical block 0, async page read [ 2289.244913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.245558] blk_update_request: I/O error, dev sr0, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.247257] Buffer I/O error on dev sr0, logical block 1, async page read [ 2289.248497] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.249114] blk_update_request: I/O error, dev sr0, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.250387] Buffer I/O error on dev sr0, logical block 2, async page read [ 2289.251302] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.251916] blk_update_request: I/O error, dev sr0, sector 3 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.253099] Buffer I/O error on dev sr0, logical block 3, async page read [ 2289.254018] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.254667] blk_update_request: I/O error, dev sr0, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.255896] Buffer I/O error on dev sr0, logical block 4, async page read [ 2289.256791] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.257433] blk_update_request: I/O error, dev sr0, sector 5 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.258596] Buffer I/O error on dev sr0, logical block 5, async page read [ 2289.259500] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.260119] blk_update_request: I/O error, dev sr0, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.261278] Buffer I/O error on dev sr0, logical block 6, async page read [ 2289.262162] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.262806] blk_update_request: I/O error, dev sr0, sector 7 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.263970] Buffer I/O error on dev sr0, logical block 7, async page read [ 2289.265005] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.266244] blk_update_request: I/O error, dev sr0, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 2289.268393] Buffer I/O error on dev sr0, logical block 0, async page read syz_io_uring_submit(r0, r3, &(0x7f0000000500)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@nfc_llcp={0x27, 0x0, 0x2, 0x2, 0x4, 0x4, "42cf6bfd228bfe60ba50a884d9f4a77a8b50a55b33aecbeda21464dc81a27f06fab966b5cdc61e0602742da2cbcd1f22826bae193b457e8ef9b6df9c8aee49", 0x8}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000140)="16e4005e6de12a72a25a9bc0938f1d1c832cbe084c9c22d001a14050e425694dde4d3dda8f7f3e5e22522adf38a5017a8f6107e1144460cadb8fca06dc8b0bcce104de7426d19868876f3eb3ab4c0141cf45669f9b8277b3cfd478d6b05b6b3a3e2452f8f0b99051fbe6181c886fdfb96213f9844f514d05462609459c85470c938dc1f1ce84d72bae5f8772f1d64e719dbd0491948067dbce42fbd439081299bbf4e21291b508e18ea5d606be5a885a3e9cfe4a140555dec33ba86360326599b1f9", 0xc2}, {&(0x7f00000003c0)="ab28e259b2b545665914c1726a278597c66e134baaeff2ad7c24d244e38df3b4741315955673e2a8e30e881af9d6580932923be76cd0f9be7f4ed499fce2ba22654f190d8826a07e083aeca409a31f1f4e3e45b36778", 0x56}, {&(0x7f0000000440)="4067fad9c404296fb0a95b4a8d62a5b9f0fe5192ff62a38351f90c903509e1e55d357662b7556743205460168cc6f4c4dc0d32528c036cab52cd8f0bdc50ce8b71ab66b6c1fd5afd8bad3a", 0x4b}], 0x3, &(0x7f0000001f40)=ANY=[@ANYBLOB="e00000000000000000000000faffffffdc775c5bf8d3ce2e175972a7581288d4e3283b962712c73ec0704412af14c2e69bccd5400cecdb9ad7a6dca9611a344a9c0be8cb2c22d3155843d4f700ae93a90c9bc8e26a8317f7e340a7a06a2477f05976688e5aeb291e6147f900bd25501d1dfd1a2a6a711c84cacdb5fba71aa4218539b9d2fc277fdb501e0da1026fdcef09220ff2c2670d1ce20fe08008a20c8d10510a62928860aa0f65d72bc2b76534bb172f1424003958e2707efe4a99ab9ee3a1e6164498bb5fa5447b7b430a2429165e2810ab69a72e1da11c5f1e850000b0000000000000000b010000070000003cd10151008c0a17afbefbf4c3d19787f3f232b0fae5961ef4282acc6fe0eca8f5d824be0d9a7dcd8d4e7a91eee762f9a6663537adb16b12f02ea13b939dd548bd786054bb9c7352af72f34272b31d9320c44fb83880ac2a6d0a0b89eb59ed1d691d0c7b45e492e8197183be7b888e0e547d96cde7ba3fe4a4f3b3e56bd962d159f7392bf0bc727c37807fbd2bdf3236b1ee08eacf41fc7bcc7d858c00000000101000000000000001000000030000008180f0c7348d0b0539189644002033b878be7daff915b11cef675a7e0d2b940df8ea504bfa6ec3c4edf95b099e82816de0488e6dcd757a7d14fbca4d9803951008bee98e91d9c3c1bc8da388d26f30b71e3abf6dd20bb98f772f4816777569511761d66ce3419434e7af3538b4bc7365db242438e49b72cb0b832cfc9551d04824dcd15ba1d4e5ba2153a3ce9c29e87d4a2629d7dcdd36a7d8614a396598da3002651f8164aa1c79fb0abe202fb5bbffbcc7b2c5ffb936378f2bc673515324e4d27ab978e65c5877cb998320de0ad6426f3f225a7b46b72850a606b09cc7fa9c881c5b004facb83908792acc9e923e799055a47216a7c0f21ef3a6f600b7ff92289848a2bd9279f8db9734fe313362c4721e8bd89361b0df1b925c6b3c01cfc661845946926399c813d3a7011f77500cfe5260b9d95559ece24e41550a5ba7d18bfd45a99837e69602dfc880483f1e3a328df8a3618d00439c0dabb129d4de0ca7275cce5f9472c6ab593f2997801875de27b3e0ce75caf4def6140c647774d99a973b544c099bac24eef4aafadfeb7ce7087eb872e56da019c6981f4ae0340ca7618451e88846ded5f5026798841d011f027867571943f71537dcc0712f42c6166b86adbac38acebe821df8234b38bb02c6a2e445563d441fc072a8deeca45310fc8e9dec692e1a22f70d3ce7497966af794afc3ce34a8d81c5f28b205a2eb1cb3fc898b4895ade863fb7f5ae3938abbc95a3542ba9eb661545b540797618f5ac8b900f970fe93eee6f10f23824bc0eab06780d2bfd3dfc9a6ccbe12d1034c28835d2e06805358c22943d4940da9da44d587aca35b478a62423669ac8d8689fbb22552c306c933a5c3352acd15c8d56cb24d756e411b0622e06d84c542c8d105f2f72ad4f9239b7ee3a00b28ee5e55421280408c9c787b0a7ef3b8cad90eff33ad1970f9136a6292ebd4f6a8e7a97524666cf575da117be0e1d0c7add02d53462f56e5ba9eb4d2aa74b70917de5951eea3ba36b492d8f9652ea7fb24af4945d97d42244b92a105e98c38e0ed2c669ef7a39d46a7b2311067b6c3072d4c27a7ccbcefaafa7595c459840e52141dc59eb797e05c851ebc0ea094cb20948d31e0b25760e8ab08320b6009965944a50b98734cfe60b554e373ae4f51fadba33c0442a0607c7b9e3364676c4386a736b89c4182da7e98728f8547fc98a3e013f6cc53d95fa385daead533d582198ce2b9cdbbe47fbe88ee04caecdb99e8eaea023efdb246b69b97edac436d508f8c4a5388c62c0e94c03a97e1c062f8f0a0e36b7715266d19d40b05d898f707084cccbca22813374f89c917a4336da6e783f6c873f7aa3342febcf68c2184d47a4faf577b45c15d63dd073df2c21bb58d408f1be30b5268ff074e5d9b3844694799135707b65158c952926cb2a2530e2d8ee06d31051ff8bbcf2c201e6fc7ed4c9f7f1c39a7f443651c9eb51717d7501575183a27057ff2cbf8bdcb97f6c2645d654818e21d1c85a53e0edc8407772414380efa4c984c36dd27584695931f13107f6349a70bd750343aa0371b80b685059c5a21d5504e0c55c73e2067e9337be39783aea295be0ea26e14815c298f3999b0ee62049664e5692f7771e3b1ddeabd7b26aafcef553329666f77a743002b63509f868c1c135a051513836a1b14379cfe5abdb04c9cd310752b85682adf60b395c356b8544d660a4652fccd776898740d5ccc3526451f919409b3196c8f19a9bd08805d7e4cfc326cf0a2bce66216ee7baee46df58b92e59b7fb9581a3bfd342098129ab4cfc241dccd04ff9e8749a7053865819772056e85e0a800f0409f9b1cbcd26268fed9fe03d1715f8bded067e3ce7a18dabfb6a75ed1a730b69ebd990cae8de26f5f40c137ef14c60030581130aeade1e02582de8f5868ae5c6616406c971b1663eb725ab9d06490af9f18991351f8e96d409a8174734cc10cb4640070d9645109f6a6a9aaa01ff165cfd87e4ecc86e55184d5aace12fb103303c8b660b73aedad5fc1bec7a9d3df039696c2aa193bd80ef691e287a498db56a3b817b0e5171189ac3058fb6ff0c94dbcf8ed964f9102acc3fbfee85b1dd9990141735e0f8bb9e77cfbab3971a5f686bd0ea5e4109146898ce1bc7cf4e2732fdf62c7c1d715f99462a576f09158525f113449f0ed3a4abdec1f5c1af461386d456eddadcdac5d3bdab4f41b7c6cc985c4badf3a64282833c662b70531c4336b415c20f6ffa1756b33aebdf5ac6cef752fe656bc63b64443b818a3639491b7291e5de701adefb301e8d1520aaf66d87639a2a5bf78d0b30aa7509ee96ee78c67ffa48db14d78fe59500c934f400b33937111c95889cb717d8fabe4a88724176889d4108d39091f318851fd0304a88e3f56244829aa6e36c4fd840c5efeb55495989c232ccbfe9c160b5c5920a81c820ed2975f9b6f97acdf884eae7d7ccc2a587746b9dc08442767923d2b666a3ecfb773cecca9f90c6b1f2a96521ab118f906a2206f357a9cad69d381f6d0005f0d87577c51128f97628677832a9276097321cfc4ca0d47a59e8813e655af17b1d8a0f5b96c2a6a02c2a25b6c590dde95d958af6e77e7cac1a6652ff8cfb7b7febaa5722fc7cfdb6da7010e294a3dbf04771b725416eedf0e6b141609f5607894303e62c5532f672f872507476732a2b0672905d4cf5291eb39b1e4a554605abe735b3867884c2b5653ae00075b64f670b1d2410a1e77e67c2ac0ce50d3c3cd5d3447c09b14cf3b2af944b456e1556bb304f4459680df34b0c22247484ddcc38f64e3be31af7515a55bdca09cc0cc6d79194662d308290fb0a1a37631f94e8d7e21ea30f5957652ed95bc4d4cfb3e517a71d3702a2f73e4e6a9bad0d95dfbee902c8f9d74ca8871429b93fbc619ab78dbb5b14f7f3d462991111ec6d07e8a834f47301aad6b19ae4a42528412ceb0cce15ae9e279177ba623ea4f9df695caa3d52c966745529879115b2356ec75c4aa2b1e9a0839e19ee5c4f209a67519eb860153985fbc54f42919bc57236214f9c1b10185ad306320cbc46b51ea0b62d39f7c463be3e51f338aba1ef0249baa96349e29b4b7695e87fd90c1975cce0d07d1e5e5d1c897b6822e2abfe2e961b47865747642a5b7acb2aeee2cd226066180cc44293e96fb5609aff7cb7982d631bcb45ff754983be2fcfe140ebbd943ec10d7910c8a583c3b91e4713e314f5ada8062a4d6abce5182de7f722f1e1e4a400fe6efb9c7f7c843d9d21bbba74eed385cb13325b52bb09196770d58a6e044e6b1b7faea88489f1a9cedd670a95d654dfb46bd97ce76d489635dd5b1e48faf7928ff9c98dea8bf230078014314d5f01156e3acebceb6d67add25267b3eb54dcc7623a7b27606694c6126485b698cd1179fe50933135d29c9ac99b791d03d89012cabaa52073f196add239e66b6ce4309417978d4e5aa6bccd9f5212f3ef8e4436294ef43abd47f2939f59491cfb0a6fbbc0c58f16835df868580894ec5ecdec22d1c95b2d917f8d713e2261334298d391441236d2f13565de7e4e9a9a01ed7469c6b27bb3fbc20880e4341b21ec334b8d28199734d8476a4120e1f41fc82231e97dda6fca746e310bdf968b6d374ff9fbbc2ebd3ff6e8897889aa44df2ef8cb9fbec1626d3f6cb35a73bd2da0943b111442ac1414d6b50c81a4d9f79e6db56a3db696897d8b41c4adc50f3820f218aeddaa361601908c82307f721cc23ee33fbffe7102c8933715efc1fc0ca6704cef93541d958f1f533bf760247571249fb5baaef3c394dc0c83367e6ec1a25e30c39de1e06844470468501011dee04bd640dbd26a60f3c2afcf445eb5054762b6eb8ed8db3794bd5b61e1f0ef79e4844da8281cd6fe151248ac3bf9f3cd0623801c893de1e1b60197b19a2e85d880d3f8c60d880876f51142289e8a1f3d9ce3bc97d7b2a94dc62991aa875af14d91edcc04c9ab8777b3be54af8c23ccdf22b5e46ab841c43e9925ef395cfac264adce9e6805bffec2a7afab4824770562dc0d921397e4bd37abf1fd9b833bb4a8eb35d2fc1e8e5275b998996e2bc8b7bc0c941b5d716704014562a36eaba5e70119049619ac4ca5d2967e15ca20513a2c90b011690ad330cd54839c507d5f97867babbeb80a1302c61a1910fc0ad4c72e0b47787e6a25886fab0224a3b914da8c0a9d56c35296ab6e52cf393570d124422c3f4cebaf15a0264b612a5ca297c568f09c3e7e4dc9540398fb5221734575a612b195c7a679af0734e8aee276d77310d1dfb493e744e30255a7974584d414f04464048ddda41656d09bce10c8f19c132d2b28f2c026a6e30b0d1b254ae1a30e499b5d88c48e3b9dfa10b7bc0795b7b83ef0a2073b819df2d019b360787f5cf6a645a22fac18f6d1b3dd148ac673129f64ca81fbda496070336dfa7e80b757d5951f8060253725874d0102da8e0cbcd7852ec604db4bd7ce76b394af4e4230553869fd91d5da0ae5c97e078e53cb961a5b897bb127cc369e0cc137f7c43a8d381bb6bcd3fbb727179dcf2691a1e3cc669bc1b2b53501af05faecc6d269c84cfa7f234b346e89acadfedf5269b5e2ede6810f7e0ce9211768ba8377191e9ea36cd83c8bd2d26a5fe322eb374a8298bbe6cab1675075993d44e4406be561e598156e02a25175c8ad274a5a10e85595b2f53c1aa5df5f48050a19806b126e7ef6e375e316b6cb9b5e3ba1666efc15395a8792964386a49b8d51af42bdf2b6fb63bedcbf0d2c451d6353f467ca4d8efd58dcc99f0bb0b8b48febe2f506b215e5b0ae82206159ad84972699c41882d87205e8c261234a0cacaed946a2b08efe5bebdf8c6a987e46a08a70f465edf1a910a6dd24d7d10351d49cb19474c62c05582d7227ed9d1296e504e290095dba3378e3786dedb3da624e2ce1af363e515a58a0d8fab61e231d3903f4679e5a727751c966fe153cf880135b422b14a972bbef0f7e96927989df1aee6cec56d4f479b5251f1797f495e5d53179fd32e8411f49c6c72e4230d175fd08e84609e325f93c72a2b2c5c5f5e7213600f6838f80b97ad7de34880555f4006e506b43dc0daa34e7e67fb461637f1f9ff637f388e2428adf6c39285eeaff53a3c1395e2534c9290b349d9052f570281fb9fb8cad4e22a3ee9c40ce2ce955ce0b5f86b005cfa4b1f9dddaaa13227f5467a233b5ea62637b804f8320e9e8d8474aa8eafd5eb823b6132ad02f71d400e4935a89a7c6667105074d23c7067e1c47a6508fa9ff8c9f17f7913da8e8785cf65637508a87de728a4d7997ee4ed81288d57ae2b211cd5e172f2607c0bbf96ef40879a8fc4da8b5a8a602cffca712d28af925c033a2fc3e520a6a071244a05615b8fb2e244e992f06ed40d6d36bef4c0dedce4923c48924ebaf6288e1f865d2240203d50cdb4ded4636f1c5fef9337e94ce35df48ed4463a76158eeb394ef760c6928d4e25dfbab4ea1c0230a8634cede03c1e26e3e0a7afe71aa1ea078d3833d978702a5438619623f7a3640e1c8be1e4f69130b7503e4d5982ab7e5ad8c315ad824dff1c3744d9a946ec1f161dfbede900809a2b2ff9cbe0313e6c7a78d836699faeba7f015b38775efe9dd5cb6f1643887c254f55464c9e1d1ec2e77bf33ab328946955c147250c679b29e0296fcf41cf0fc680c6050787310dabb385a85c1611c1c934010284af6bc90a03e029af965fcdf96edf6b95b85cbd9a1fff8e76f3c8e998760a7546cc43157a524da865af749058cde8112137e5b2e88000000000000000f010000080000001ee2c5c4a918a704159fd5196aa2307e539eb7ac350702f67a47dad6fa4a89bba9347226f7eb673c74096579557fa9d7d6b0d16db85718a06c0a005800f4caaf5d5441c6a0ec4f71eed08c26dd90e6ca3dc28c04f23ffc35c8e9f51e45eda38b2f7dbbb3cdb3bd3aa18ca0ab4468bcff6ea934811400000040000000000000003a0000002b4bffff3d3c44b1a6e12627d25910dcb93ebfbb127f3cd3cdde111d33146fa317f75266229f1818cd8e3e0bb9394b0000000000a8000000000000000c0100000500000050a6e6cb70dcd0c7f731c4a311a1d0694b1a7a4b64c63c74c7ec02743ee62d53eea3a5fd5efcc0a8a992e01f1c3f8dc0cb379913ffbf4bfd02da401d81d0dc9147d38d6a510c5f8c164a7c62c15613f2d14f1755d33512ebcb6ad4a17309a74fc267efd934fb44b97c32af15c90440ff972eec86f9fb3edc2e0a2f08928ac260a779ce4207dc9e12438cc308ec79f8cea224b853d448040010010000000000000301000004000000ea6c33b783f97ecaf03930b35cb82afd8edbe8efd6df14a28048acb1adf6c98026c5b7ab0300000000000000bf021eb6363a9cfff3fc264addb41735e478ad2a779d97f61c7e39f252610591eb2e7b313e897287ec8f7d1d084ca54a276763ebabfdc0b29a5adaef9284a57e607a6ca0f258e6672edfe4adbed85226773bca55f30a8fffeb3b2c5ea449b866a31eb5154398fa6128dd9195d70a9f53c87217066194ae855086c5b0a0dcd61975eccc8eb0e0edbac97f7067d282d6e882b8300e6490277e1d2ccf7c6b0114c4bd5379a8d63b6c6fa32f5955e6938f8110921e32a7fc3941cf991e8e94db65c07034d32f0a8eec820b6533584f541a5bfa40cd3b920000000000b00000000000000017010000010000000daebcf686fa541a2c3e322c69c0d16e302f85cde7b3778d33b3748749851c61fcd7000abcbcb616274b4929fe9b687c2a034cbdbf15622418031281e598f141ba9d12994fa3e8c20a563e1142da5a82217079ef8829ee86097469d4cab9f043a05c30db43ed32ead3abcba7aa6b69e71c6ffd13e765a4db35426933774e70e4591d20f26f7f334c9f0d2466cfc4cebea74eac9a78169777c052000000000000000100000000000007010000fdffffffd72e91d32b5052c59474f17e28e976615fc17d0d3d72747c51c98b9176a22c759378b8ec044a89b0f5eeba92f3bc7ee0e7bd68c05d46d556b4e253382aa2733d4ee78af90c0632328d542763c24a74f0b0da6b7ec9dff29eaa5cb4a77244bd30fce85a583ae5eb806c0c4886d8189097fa04fb69eea621059dbb1628ad6134e2b0b7b88ccbe1610d43805b3e2be12f124e467876cec5176c0577078e6e8f10c5ac8e5af3bb27cad5bae0f5e4081ff74e93b6bc520641aa44f95e5300eb61b21f3b86a7b1070244bcb98fcf5743dd7888f49b28b353d2905f5528b4dcc18ea66b0a25a7faeb78a4d077426d0aa3fad509af5cb1228cc07e310114fb083f44fb0e963ac29060672f3c421d8d0ac832ba94315025d447"], 0x15d0}, 0x0, 0x1, 0x0, {0x0, r9}}, 0x5) r10 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x85040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX=r10, @ANYBLOB="2c63616368653d6d6d61702c6d73697a653d3078303030303030303030303030303032302c64656275673d3078303030303030303030303030303932342c6e6f6465766d61702c76657273696f6e3d3970323030302e4c2c736d61636b2aff0866737472616e736d7574653d6e6f6465766d61702c666f776e65723e", @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB="786e536ca5d0a1f7b73db26a6e86834707167eb7427f21e46c7d607b882c8896fc72aaf600a06502677d16c4aa4b5ca75993dab8640cbd6fc2ba313d03"]) 04:06:01 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb552, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:01 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:01 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 66) 04:06:01 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x1, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x406, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2289.279247] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.280707] Buffer I/O error on dev sr0, logical block 1, async page read [ 2289.282648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.284316] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.285931] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.287568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.289122] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.290698] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.292301] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.292995] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.294298] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.294974] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.295719] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.296417] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.297133] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.297823] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.298614] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.299316] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.300030] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.300722] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.301449] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.302112] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.302838] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.303547] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.304328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.304996] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.305727] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.306422] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.307160] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.311341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.312018] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.312853] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.313733] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.315400] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.316956] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.318485] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.320210] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.321824] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.323473] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.325048] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.326778] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.328407] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.329946] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.331523] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.333113] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.334691] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.336283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.337833] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.339387] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.340111] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.340835] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.341559] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.342234] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.342946] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.343673] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.346265] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.347003] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.348037] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.348743] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.349649] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.350353] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.351042] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.352000] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.352712] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.353655] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.355652] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.358645] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.360365] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.361942] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.363699] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.367462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.369123] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.370791] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.372018] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.372721] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.373410] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.374079] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.374771] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.375477] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.376150] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.377029] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.380396] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.382008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.383824] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.385913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.391453] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.393180] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.394831] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.396605] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.398367] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.400008] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.401757] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.403565] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.405216] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.406884] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.408967] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.410904] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.411836] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.412558] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.413509] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.414186] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.414936] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.415898] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.416647] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.417482] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.418209] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.418908] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.419718] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.420422] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.421145] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.421863] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.422607] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.423530] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.436645] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.437423] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.438096] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.438799] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.439509] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.440185] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.440911] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.441682] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.444307] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.444978] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.445685] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.446408] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.447086] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.447788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.448546] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.449291] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.449961] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.450679] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.451393] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.452068] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.452816] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.453568] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.454285] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.454971] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.455699] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.456420] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.457098] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.457799] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.458529] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.459212] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.459913] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.460688] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.461388] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.463626] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.464354] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.465025] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.465806] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.469731] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.470444] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.471130] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.471836] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0xffffffff00000000, 0x0, 0x0) [ 2289.474501] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.475197] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.475952] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.476651] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.477341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.478018] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.478767] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.479810] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.480533] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.481198] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.481907] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.482626] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.483369] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.484050] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.484838] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.485533] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.486204] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.486927] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.487649] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.488379] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.489052] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.489750] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.490511] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.492928] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.493639] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.494376] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.495059] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.495833] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.497042] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.497771] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.500346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.501014] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.501713] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.502407] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.503086] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.503773] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.504472] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.505141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.505877] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.506571] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.507276] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.507949] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.508642] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.509341] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.510050] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.510752] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.511471] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.512140] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.512835] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.513560] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.514224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.514930] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.515707] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.516407] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.517117] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.517963] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.518679] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.519405] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.520079] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.520781] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.521751] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.522459] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.523181] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb553, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2289.526510] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.529327] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.530001] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.530764] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.531521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.532221] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.533409] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.534126] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.534828] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.535566] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.536266] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.536935] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.537812] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.538520] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.539199] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.539955] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.540660] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.541383] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.542055] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.542758] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.543502] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.544172] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.544873] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.545630] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.546342] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.547036] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.547751] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.548446] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.549118] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.549832] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.550537] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.551316] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.551995] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.552698] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.553421] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.554091] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.554797] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.555542] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.556215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.556968] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.557694] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.558400] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.559085] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.559808] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.560512] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.561193] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.561919] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.562662] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8f9, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:02 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 67) 04:06:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe3b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2289.564794] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.577153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.578683] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.582598] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.584201] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.585759] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.587602] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.592700] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.597646] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.599542] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.602853] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.604578] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.607460] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.610720] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.612497] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.614141] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.615962] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.620448] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.621791] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.628784] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.630164] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.631758] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xa00, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2289.633750] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.635777] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.637616] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.639437] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.641455] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.644091] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.647494] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.652538] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.654173] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea004e020000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0e8b7a95a7c33448f9ab9e6e320faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000002000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e52b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd10000", @ANYRESDEC=r0], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) [ 2289.657209] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.658564] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.667845] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.668942] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.669658] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.670446] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.671219] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.671951] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.672725] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.673555] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.674375] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.675219] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.676027] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.676788] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.677494] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.678196] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.679115] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.679847] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.680648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.681462] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.684334] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.685012] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.686659] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.687369] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.688069] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.688924] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.689807] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.690536] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.691346] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.692067] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.692761] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.693486] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.694164] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.694992] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.695726] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.696443] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.697223] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.698202] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.698907] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.699839] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.700675] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.701653] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.702403] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.703330] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.704009] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.704737] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.705521] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.706370] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.707063] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.707849] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.708598] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.711538] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.712225] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.713061] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.713763] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.714781] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.715503] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.716224] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.717020] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.717857] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.718648] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.719500] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.725024] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.726669] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.728211] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.730522] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.732328] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.733978] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.735525] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.737486] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.739046] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.740594] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.742063] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.743396] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.744830] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.746460] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.752651] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.756614] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.757467] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.758800] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.760063] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.761560] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.762575] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.763826] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.765062] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.765879] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.766849] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.767859] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.768594] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.771942] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.772695] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.773519] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.774514] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.775283] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.776000] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.777011] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.778086] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.778832] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.779655] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.780779] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.781981] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.782950] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.783687] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.784417] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.785381] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.786097] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.787966] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.788918] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.789738] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.790481] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.791492] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.792811] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.793608] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.795028] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.795951] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.797515] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.798617] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.799356] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.800074] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.801215] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.802170] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.802927] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.804256] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.805393] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.806368] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.807065] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.808431] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.809294] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.810119] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.811153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.812153] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8fa, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2289.827307] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.829435] sr 1:0:0:0: [sr0] tag#0 unaligned transfer [ 2289.831083] sr 1:0:0:0: [sr0] tag#0 unaligned transfer 04:06:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000) 04:06:02 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCADDDLCI(r0, 0x8980, &(0x7f0000000040)={'dummy0\x00', 0x7f}) write$P9_RFSYNC(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x33, 0x2}, 0x7) syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@loose}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2289.915007] FAULT_INJECTION: forcing a failure. [ 2289.915007] name failslab, interval 1, probability 0, space 0, times 0 [ 2289.916403] CPU: 1 PID: 54391 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2289.917189] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2289.918136] Call Trace: [ 2289.918447] dump_stack+0x107/0x167 [ 2289.918866] should_fail.cold+0x5/0xa [ 2289.919317] ? __kernfs_new_node+0xd4/0x860 [ 2289.919812] should_failslab+0x5/0x20 [ 2289.920247] kmem_cache_alloc+0x5b/0x310 [ 2289.920711] __kernfs_new_node+0xd4/0x860 [ 2289.921191] ? lock_acquire+0x197/0x470 [ 2289.921644] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2289.922179] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2289.922782] ? kernfs_add_one+0x124/0x4d0 [ 2289.923271] ? kernfs_create_dir_ns+0x10b/0x160 [ 2289.923807] kernfs_new_node+0x18d/0x250 [ 2289.924277] __kernfs_create_file+0x51/0x350 [ 2289.924785] sysfs_add_file_mode_ns+0x221/0x560 [ 2289.925322] internal_create_group+0x324/0xb30 [ 2289.925850] ? sysfs_remove_group+0x170/0x170 [ 2289.926360] ? kernfs_name_hash+0xe7/0x110 [ 2289.926845] ? kernfs_find_ns+0x256/0x380 [ 2289.927337] sysfs_slab_add+0x188/0x200 [ 2289.927792] __kmem_cache_create+0x3db/0x520 [ 2289.928305] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2289.928879] p9_client_create+0xc6a/0x1230 [ 2289.929367] ? p9_client_flush+0x430/0x430 [ 2289.929878] ? trace_hardirqs_on+0x5b/0x180 [ 2289.930373] ? lockdep_init_map_type+0x2c7/0x780 [ 2289.930915] ? __raw_spin_lock_init+0x36/0x110 [ 2289.931448] v9fs_session_init+0x1dd/0x1680 [ 2289.931941] ? lock_release+0x680/0x680 [ 2289.932403] ? kmem_cache_alloc_trace+0x151/0x320 [ 2289.932953] ? v9fs_show_options+0x690/0x690 [ 2289.933463] ? trace_hardirqs_on+0x5b/0x180 [ 2289.933960] ? kasan_unpoison_shadow+0x33/0x50 [ 2289.934479] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2289.935066] v9fs_mount+0x79/0x8f0 [ 2289.935474] ? v9fs_write_inode+0x60/0x60 [ 2289.935949] legacy_get_tree+0x105/0x220 [ 2289.936416] vfs_get_tree+0x8e/0x300 [ 2289.936842] path_mount+0x14ab/0x2200 [ 2289.937285] ? strncpy_from_user+0x9e/0x470 [ 2289.937775] ? finish_automount+0xa90/0xa90 [ 2289.938268] ? getname_flags.part.0+0x1dd/0x4f0 [ 2289.938807] ? _copy_from_user+0xfb/0x1b0 [ 2289.939294] __x64_sys_mount+0x282/0x300 [ 2289.939756] ? copy_mnt_ns+0xa00/0xa00 [ 2289.940203] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2289.940806] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2289.941394] do_syscall_64+0x33/0x40 [ 2289.941822] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2289.942410] RIP: 0033:0x7f4689135b19 [ 2289.942837] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2289.944950] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2289.945821] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2289.946643] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2289.947460] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2289.948275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2289.949090] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:02 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000f03800000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff000000000000000000000000000000000000000000000000000000bb00000000000000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f109000000040000000000000000e8ff000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef370000000000008be3e65290e934aa00000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd300c523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e12301370bda96d16e1670143094a0566dd62af5f97cafa4a67e56fcfe4dfa8e05e6cffc423e455bdbfae067e50cd3fa344b922c8500b8f26f46da42e5e97365ade8050a229f7a73ecaf741bd72c494cb7700a55e8359cda8d254dcfd60579848d46c53b10623f6da35374e87064855b00a978b95685405ce9731ecaae1c3b1e5166d6a1275f40264285bda6a326f4e241ceeeae56d8c2e8106f120073f4d457d814d0630253697df0461ec66447c775bc37eab737cb99565ea546bbaf13d2bc25b0937ca610fa3c520bfd1edb1eddb4ffb773f2ab4dca65a063eac56b6803161220957afba264a5935a34", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb554, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2289.983470] kmem_cache_create(9p-fcall-cache-410) failed with error -12 [ 2289.984318] CPU: 1 PID: 54391 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2289.985111] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2289.986054] Call Trace: [ 2289.986361] dump_stack+0x107/0x167 [ 2289.986782] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2289.987392] p9_client_create+0xc6a/0x1230 [ 2289.987880] ? p9_client_flush+0x430/0x430 [ 2289.988372] ? trace_hardirqs_on+0x5b/0x180 [ 2289.988870] ? lockdep_init_map_type+0x2c7/0x780 [ 2289.989417] ? __raw_spin_lock_init+0x36/0x110 [ 2289.989949] v9fs_session_init+0x1dd/0x1680 [ 2289.990441] ? lock_release+0x680/0x680 [ 2289.990907] ? kmem_cache_alloc_trace+0x151/0x320 [ 2289.991464] ? v9fs_show_options+0x690/0x690 [ 2289.991974] ? trace_hardirqs_on+0x5b/0x180 [ 2289.992474] ? kasan_unpoison_shadow+0x33/0x50 [ 2289.992992] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2289.993577] v9fs_mount+0x79/0x8f0 [ 2289.993989] ? v9fs_write_inode+0x60/0x60 [ 2289.994466] legacy_get_tree+0x105/0x220 [ 2289.994935] vfs_get_tree+0x8e/0x300 [ 2289.995372] path_mount+0x14ab/0x2200 [ 2289.995811] ? strncpy_from_user+0x9e/0x470 [ 2289.996303] ? finish_automount+0xa90/0xa90 [ 2289.996799] ? getname_flags.part.0+0x1dd/0x4f0 [ 2289.997336] ? _copy_from_user+0xfb/0x1b0 [ 2289.997814] __x64_sys_mount+0x282/0x300 [ 2289.998281] ? copy_mnt_ns+0xa00/0xa00 [ 2289.998728] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2289.999339] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2289.999929] do_syscall_64+0x33/0x40 [ 2290.000357] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2290.000949] RIP: 0033:0x7f4689135b19 [ 2290.001379] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2290.003480] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2290.004353] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2290.005168] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2290.005986] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2290.006798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2290.007622] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2303.419938] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:06:24 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb555, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:24 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe4b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:24 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xb00, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:06:24 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = syz_io_uring_setup(0x3875, &(0x7f00000001c0)={0x0, 0xdd1f}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x80, &(0x7f00000017c0), 0x1203}, 0x0, 0x8abb4d2a8b028460}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(0xffffffffffffffff, 0x6609) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0xc, 0x13, 0xffffffffffffffff, 0x0) r5 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x5, 0x0, @fd, 0x0, 0x0, 0x0, 0x0, 0x1, {0x0, r5}}, 0x80000001) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x400}) write$binfmt_elf64(r6, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r6, 0x6609) syz_io_uring_submit(0x0, r2, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000000000)={0x8}, r6}, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:24 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x4000) 04:06:24 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8fb, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:24 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x3, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x800002, 0x7, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r3 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r3, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) r5 = dup(r4) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r5, 0x890c, &(0x7f0000000080)={@local, 0x78, r7}) ioctl$sock_inet6_SIOCDIFADDR(r2, 0x8916, &(0x7f0000000000)={@private0={0xfc, 0x0, '\x00', 0x4}, 0x0, r7}) r8 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r5, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000001a500b72ef6fe8cf333e00000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff000000000000000000000000000000000000000000000000fcc7000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1000000000000000000008ffa163fb8ccd41ca1477acb043d0d55", @ANYRESDEC=r0], 0x190) r9 = dup(r8) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r9, 0x8936, &(0x7f0000000080)={@local, 0x78, r11}) ioctl$sock_inet6_SIOCDIFADDR(r9, 0x8916, &(0x7f0000000000)={@remote, 0x0, r11}) 04:06:24 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 68) [ 2311.921096] FAULT_INJECTION: forcing a failure. [ 2311.921096] name failslab, interval 1, probability 0, space 0, times 0 [ 2311.923566] CPU: 1 PID: 55102 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2311.925057] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2311.926807] Call Trace: [ 2311.927378] dump_stack+0x107/0x167 [ 2311.928153] should_fail.cold+0x5/0xa [ 2311.928960] ? create_object.isra.0+0x3a/0xa30 [ 2311.929936] should_failslab+0x5/0x20 [ 2311.930741] kmem_cache_alloc+0x5b/0x310 [ 2311.931639] create_object.isra.0+0x3a/0xa30 [ 2311.932565] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2311.933651] kmem_cache_alloc+0x159/0x310 [ 2311.934526] __kernfs_new_node+0xd4/0x860 [ 2311.935421] ? lock_acquire+0x197/0x470 [ 2311.936272] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2311.937262] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2311.938382] ? kernfs_add_one+0x124/0x4d0 [ 2311.939272] ? kernfs_create_dir_ns+0x10b/0x160 [ 2311.940278] kernfs_new_node+0x18d/0x250 [ 2311.941150] __kernfs_create_file+0x51/0x350 [ 2311.942080] sysfs_add_file_mode_ns+0x221/0x560 [ 2311.943081] internal_create_group+0x324/0xb30 [ 2311.944073] ? sysfs_remove_group+0x170/0x170 [ 2311.945017] ? kernfs_name_hash+0xe7/0x110 [ 2311.945913] ? kernfs_find_ns+0x256/0x380 [ 2311.946805] sysfs_slab_add+0x188/0x200 [ 2311.947672] __kmem_cache_create+0x3db/0x520 [ 2311.948611] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2311.949673] p9_client_create+0xc6a/0x1230 [ 2311.950588] ? p9_client_flush+0x430/0x430 [ 2311.951502] ? trace_hardirqs_on+0x5b/0x180 [ 2311.952437] ? lockdep_init_map_type+0x2c7/0x780 [ 2311.953441] ? __raw_spin_lock_init+0x36/0x110 [ 2311.954424] v9fs_session_init+0x1dd/0x1680 [ 2311.955342] ? lock_release+0x680/0x680 [ 2311.956208] ? kmem_cache_alloc_trace+0x151/0x320 [ 2311.957279] ? v9fs_show_options+0x690/0x690 [ 2311.958239] ? trace_hardirqs_on+0x5b/0x180 [ 2311.959159] ? kasan_unpoison_shadow+0x33/0x50 [ 2311.960148] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2311.961235] v9fs_mount+0x79/0x8f0 [ 2311.962003] ? v9fs_write_inode+0x60/0x60 [ 2311.962879] legacy_get_tree+0x105/0x220 [ 2311.963770] vfs_get_tree+0x8e/0x300 [ 2311.964556] path_mount+0x14ab/0x2200 [ 2311.965394] ? strncpy_from_user+0x9e/0x470 [ 2311.966360] ? finish_automount+0xa90/0xa90 [ 2311.967288] ? getname_flags.part.0+0x1dd/0x4f0 [ 2311.968276] ? _copy_from_user+0xfb/0x1b0 [ 2311.969185] __x64_sys_mount+0x282/0x300 [ 2311.970047] ? copy_mnt_ns+0xa00/0xa00 [ 2311.970884] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2311.972004] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2311.973107] do_syscall_64+0x33/0x40 [ 2311.973898] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2311.975013] RIP: 0033:0x7f4689135b19 [ 2311.975833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2311.979759] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2311.981386] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2311.982896] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2311.984396] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2311.985903] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2311.987424] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2312.018343] 9pnet: Insufficient options for proto=fd 04:06:24 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 69) 04:06:24 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0xc}, 0x0, 0x81, 0x3, 0x7, 0x80000, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xb, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd988, 0x0, 0x1, 0x0, 0x7, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000400)=ANY=[@ANYBLOB="05000000000000000a004e2300000001000000000000000000000000000000003bf867d707b04381809fdb987cf7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000800000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff00000000000000000000000000000000000000000000000000000000006cd32ec0dd903bf700000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57c030000000000000066592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff3b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd16547209f1ee4220e7e27d4d759e6117a4212dc3900d0e1ded9bd8f71f82b9ddb1b05c8d13f7f28d435a1fc546f360f0cf2ad804bd055ee41062b7d75", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:24 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe5b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:24 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb556, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:24 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8fc, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2312.243683] FAULT_INJECTION: forcing a failure. [ 2312.243683] name failslab, interval 1, probability 0, space 0, times 0 [ 2312.246140] CPU: 1 PID: 55578 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2312.247609] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2312.249357] Call Trace: [ 2312.249923] dump_stack+0x107/0x167 [ 2312.250695] should_fail.cold+0x5/0xa [ 2312.251504] ? __kernfs_new_node+0xd4/0x860 [ 2312.252412] should_failslab+0x5/0x20 [ 2312.253214] kmem_cache_alloc+0x5b/0x310 [ 2312.254078] __kernfs_new_node+0xd4/0x860 [ 2312.254957] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2312.255974] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2312.256998] ? wait_for_completion_io+0x270/0x270 [ 2312.258013] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2312.259132] kernfs_new_node+0x18d/0x250 [ 2312.260007] __kernfs_create_file+0x51/0x350 [ 2312.260939] sysfs_add_file_mode_ns+0x221/0x560 [ 2312.261934] internal_create_group+0x324/0xb30 [ 2312.262918] ? sysfs_remove_group+0x170/0x170 [ 2312.263872] ? kernfs_name_hash+0xe7/0x110 [ 2312.264767] ? kernfs_find_ns+0x256/0x380 [ 2312.265677] sysfs_slab_add+0x188/0x200 [ 2312.266537] __kmem_cache_create+0x3db/0x520 [ 2312.267482] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2312.268540] p9_client_create+0xc6a/0x1230 [ 2312.269459] ? p9_client_flush+0x430/0x430 [ 2312.270358] ? trace_hardirqs_on+0x5b/0x180 [ 2312.271276] ? lockdep_init_map_type+0x2c7/0x780 [ 2312.272279] ? __raw_spin_lock_init+0x36/0x110 [ 2312.273249] v9fs_session_init+0x1dd/0x1680 [ 2312.274155] ? lock_release+0x680/0x680 [ 2312.274998] ? kmem_cache_alloc_trace+0x151/0x320 [ 2312.276024] ? v9fs_show_options+0x690/0x690 [ 2312.276962] ? trace_hardirqs_on+0x5b/0x180 [ 2312.277888] ? kasan_unpoison_shadow+0x33/0x50 [ 2312.278851] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2312.279935] v9fs_mount+0x79/0x8f0 [ 2312.280687] ? v9fs_write_inode+0x60/0x60 [ 2312.281559] legacy_get_tree+0x105/0x220 [ 2312.282417] vfs_get_tree+0x8e/0x300 [ 2312.283197] path_mount+0x14ab/0x2200 [ 2312.284013] ? strncpy_from_user+0x9e/0x470 [ 2312.284921] ? finish_automount+0xa90/0xa90 [ 2312.285838] ? getname_flags.part.0+0x1dd/0x4f0 [ 2312.286820] ? _copy_from_user+0xfb/0x1b0 [ 2312.287719] __x64_sys_mount+0x282/0x300 [ 2312.288582] ? copy_mnt_ns+0xa00/0xa00 [ 2312.289405] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2312.290518] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2312.291614] do_syscall_64+0x33/0x40 [ 2312.292390] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2312.293467] RIP: 0033:0x7f4689135b19 [ 2312.294252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2312.298140] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2312.299798] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2312.301295] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2312.302805] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2312.304317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2312.305831] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:25 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) open(&(0x7f0000000000)='./file1\x00', 0x8080, 0x10) 04:06:25 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x1020, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2312.457991] 9pnet: Insufficient options for proto=fd 04:06:25 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe6b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:25 executing program 4: syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) r1 = perf_event_open(&(0x7f0000001d80)={0x5, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000062d1e452d4d593b7c0a54700000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e24000000fffc020000000000000000000000000001030000ffff0000000000000002000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d7", @ANYRESDEC=r1], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:25 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8fd, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:25 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd8b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2312.629128] kmem_cache_create(9p-fcall-cache-413) failed with error -12 [ 2312.630808] CPU: 1 PID: 55578 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2312.632278] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2312.634035] Call Trace: [ 2312.634594] dump_stack+0x107/0x167 [ 2312.635378] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2312.636507] p9_client_create+0xc6a/0x1230 [ 2312.637418] ? p9_client_flush+0x430/0x430 [ 2312.638319] ? trace_hardirqs_on+0x5b/0x180 [ 2312.639251] ? lockdep_init_map_type+0x2c7/0x780 [ 2312.640262] ? __raw_spin_lock_init+0x36/0x110 [ 2312.641242] v9fs_session_init+0x1dd/0x1680 [ 2312.642162] ? lock_release+0x680/0x680 [ 2312.643013] ? kmem_cache_alloc_trace+0x151/0x320 [ 2312.644043] ? v9fs_show_options+0x690/0x690 [ 2312.644991] ? trace_hardirqs_on+0x5b/0x180 [ 2312.645912] ? kasan_unpoison_shadow+0x33/0x50 [ 2312.646875] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2312.647959] v9fs_mount+0x79/0x8f0 [ 2312.648710] ? v9fs_write_inode+0x60/0x60 [ 2312.649599] legacy_get_tree+0x105/0x220 [ 2312.650468] vfs_get_tree+0x8e/0x300 [ 2312.651270] path_mount+0x14ab/0x2200 [ 2312.652083] ? strncpy_from_user+0x9e/0x470 [ 2312.652991] ? finish_automount+0xa90/0xa90 [ 2312.653907] ? getname_flags.part.0+0x1dd/0x4f0 [ 2312.654896] ? _copy_from_user+0xfb/0x1b0 [ 2312.655802] __x64_sys_mount+0x282/0x300 [ 2312.656659] ? copy_mnt_ns+0xa00/0xa00 [ 2312.657484] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2312.658592] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2312.659702] do_syscall_64+0x33/0x40 [ 2312.660491] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2312.661588] RIP: 0033:0x7f4689135b19 [ 2312.662377] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2312.666284] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2312.667898] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2312.669414] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2312.670918] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2312.672421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2312.673917] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:25 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:06:25 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x400000) 04:06:25 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) shmctl$IPC_RMID(r0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2c77ef2aaee992d3899c", @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESOCT, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:06:25 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe7b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:25 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x1, 0x1, 0x0, 0x3f}, 0x0, 0xf7fffffffffff7ff, 0xffffffffffffffff, 0x18) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000eecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2312.829833] 9pnet: Insufficient options for proto=fd 04:06:39 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 70) 04:06:39 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat(r0, &(0x7f0000000040)='./file1\x00', 0x430400, 0x1ec) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c66736e616d653d2e2c666f776e65723ea36230ee26627dacf659e6d3b7b8eca66f7defd871b611b7adbab63b9d14c85f456633f440950d9e008bbde2b80abc0ffbe1c9473b8cb2fdaac6c9fab9f39ec3ea5c7f8ee4d279add42bdebb19ec64b6acb634f0b1209b6023e4dda744fa0de42bd026fc533610bc3a2e9c276c3f83bed13c275897a533d79e2cd4468d73ac2bca22f898c9b44168e845c57daa8e7c1963e8e91ca2e2fa72b132ec3851e98d1829dbb5b0731d29762d5173562ac0137e95bf2e9410c75521914709cdfb614ec6c813d8c941bb2070c7fe47e326db3a3d205e4da1d11d4271888fc8fe2444eab893cd568c90186403516107b949dd9ec3d29a36dff1a01f4c469c0c1b2f3783a6cb6b300b2a2343cce8529a02931710a990385b9a89491eebecb486ddea7f9fc6074fdd50c12ed3769a29413d70f83999ea003caa19c3e4998cfb16210b1412485e7bdb886733bb07e65ccd3cf20ea736ff859e128b9e0a", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) open(&(0x7f0000000000)='./file1\x00', 0x701800, 0x4) 04:06:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xd9b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:39 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe8b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8fe, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:39 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4}, 0x0, 0x2, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@rand_addr=' \x01\x00', 0xd985, 0x3, 0x1, 0x8, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:39 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2010, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:06:39 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x20000000) [ 2327.027987] 9pnet: Insufficient options for proto=fd [ 2327.032399] FAULT_INJECTION: forcing a failure. [ 2327.032399] name failslab, interval 1, probability 0, space 0, times 0 [ 2327.033932] CPU: 1 PID: 56780 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2327.034845] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2327.035972] Call Trace: [ 2327.036326] dump_stack+0x107/0x167 [ 2327.036813] should_fail.cold+0x5/0xa [ 2327.037327] ? create_object.isra.0+0x3a/0xa30 [ 2327.037938] should_failslab+0x5/0x20 [ 2327.038455] kmem_cache_alloc+0x5b/0x310 [ 2327.038987] ? __lockdep_reset_lock+0x180/0x180 [ 2327.039615] create_object.isra.0+0x3a/0xa30 [ 2327.040185] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2327.040855] kmem_cache_alloc+0x159/0x310 [ 2327.041401] __kernfs_new_node+0xd4/0x860 [ 2327.041940] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2327.042560] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2327.043183] ? wait_for_completion_io+0x270/0x270 [ 2327.043833] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2327.044525] kernfs_new_node+0x18d/0x250 [ 2327.045053] __kernfs_create_file+0x51/0x350 [ 2327.045634] sysfs_add_file_mode_ns+0x221/0x560 [ 2327.046247] internal_create_group+0x324/0xb30 [ 2327.046845] ? sysfs_remove_group+0x170/0x170 [ 2327.047430] ? kernfs_name_hash+0xe7/0x110 [ 2327.047987] ? kernfs_find_ns+0x256/0x380 [ 2327.048546] sysfs_slab_add+0x188/0x200 [ 2327.049070] __kmem_cache_create+0x3db/0x520 [ 2327.049652] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2327.050300] p9_client_create+0xc6a/0x1230 [ 2327.050854] ? p9_client_flush+0x430/0x430 [ 2327.051411] ? trace_hardirqs_on+0x5b/0x180 [ 2327.051971] ? lockdep_init_map_type+0x2c7/0x780 [ 2327.052583] ? __raw_spin_lock_init+0x36/0x110 [ 2327.053179] v9fs_session_init+0x1dd/0x1680 [ 2327.053756] ? lock_release+0x680/0x680 [ 2327.054291] ? kmem_cache_alloc_trace+0x151/0x320 [ 2327.054919] ? v9fs_show_options+0x690/0x690 [ 2327.055535] ? trace_hardirqs_on+0x5b/0x180 [ 2327.056099] ? kasan_unpoison_shadow+0x33/0x50 [ 2327.056696] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2327.057382] v9fs_mount+0x79/0x8f0 [ 2327.057851] ? v9fs_write_inode+0x60/0x60 [ 2327.058385] legacy_get_tree+0x105/0x220 [ 2327.058907] vfs_get_tree+0x8e/0x300 [ 2327.059387] path_mount+0x14ab/0x2200 [ 2327.059892] ? strncpy_from_user+0x9e/0x470 [ 2327.060452] ? finish_automount+0xa90/0xa90 [ 2327.061003] ? getname_flags.part.0+0x1dd/0x4f0 [ 2327.061610] ? _copy_from_user+0xfb/0x1b0 [ 2327.062153] __x64_sys_mount+0x282/0x300 [ 2327.062669] ? copy_mnt_ns+0xa00/0xa00 [ 2327.063176] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2327.063855] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2327.064528] do_syscall_64+0x33/0x40 [ 2327.065005] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2327.065682] RIP: 0033:0x7f4689135b19 [ 2327.066155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2327.068526] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2327.069512] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2327.070427] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2327.071358] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2327.072281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2327.073207] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:39 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb8ff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:39 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdab4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:39 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x8400, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff00000000000000000000000000000060940000005624000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000004000000000001030000ffff0000000000000000000000000000000000000000f1ff000000000000000000000000000000000000000000000000000000000000000004000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d259e6117a4212dc3900d0e135bcf0c5100c2dc20c98567af55bebaad7263a758ef10000", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb900, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:06:40 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe9b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:55 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 71) 04:06:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x1000000000000) 04:06:55 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeab2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:55 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x1df82ff145363ba5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x4}, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYRES32=r6, @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:06:55 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/srcutree', 0x101000, 0xa0) sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, 0x3f7, 0x200, 0x70bd25, 0x25dfdbfc, {0x7, 0x7, './file1', './file1'}, ["", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4040800}, 0x44801) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:55 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x4800, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:06:55 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdbb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:06:55 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb901, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2342.705725] FAULT_INJECTION: forcing a failure. [ 2342.705725] name failslab, interval 1, probability 0, space 0, times 0 [ 2342.707309] CPU: 0 PID: 57755 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2342.708241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2342.709346] Call Trace: [ 2342.709713] dump_stack+0x107/0x167 [ 2342.710205] should_fail.cold+0x5/0xa [ 2342.710714] ? __kernfs_new_node+0xd4/0x860 [ 2342.711288] should_failslab+0x5/0x20 [ 2342.711801] kmem_cache_alloc+0x5b/0x310 [ 2342.712357] __kernfs_new_node+0xd4/0x860 [ 2342.712920] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2342.713553] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2342.714203] ? wait_for_completion_io+0x270/0x270 [ 2342.714848] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2342.715548] kernfs_new_node+0x18d/0x250 [ 2342.716095] __kernfs_create_file+0x51/0x350 [ 2342.716698] sysfs_add_file_mode_ns+0x221/0x560 [ 2342.717331] internal_create_group+0x324/0xb30 [ 2342.717952] ? sysfs_remove_group+0x170/0x170 [ 2342.718549] ? kernfs_name_hash+0xe7/0x110 [ 2342.719124] ? kernfs_find_ns+0x256/0x380 [ 2342.719703] sysfs_slab_add+0x188/0x200 [ 2342.720245] __kmem_cache_create+0x3db/0x520 [ 2342.720840] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2342.721500] p9_client_create+0xc6a/0x1230 [ 2342.722068] ? p9_client_flush+0x430/0x430 [ 2342.722633] ? trace_hardirqs_on+0x5b/0x180 [ 2342.723206] ? lockdep_init_map_type+0x2c7/0x780 [ 2342.723843] ? __raw_spin_lock_init+0x36/0x110 [ 2342.724457] v9fs_session_init+0x1dd/0x1680 [ 2342.725030] ? lock_release+0x680/0x680 [ 2342.725571] ? kmem_cache_alloc_trace+0x151/0x320 [ 2342.726209] ? v9fs_show_options+0x690/0x690 [ 2342.726802] ? trace_hardirqs_on+0x5b/0x180 [ 2342.727376] ? kasan_unpoison_shadow+0x33/0x50 [ 2342.727995] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2342.728667] v9fs_mount+0x79/0x8f0 [ 2342.729144] ? v9fs_write_inode+0x60/0x60 [ 2342.729712] legacy_get_tree+0x105/0x220 [ 2342.730255] vfs_get_tree+0x8e/0x300 [ 2342.730753] path_mount+0x14ab/0x2200 [ 2342.731256] ? strncpy_from_user+0x9e/0x470 [ 2342.731836] ? finish_automount+0xa90/0xa90 [ 2342.732407] ? getname_flags.part.0+0x1dd/0x4f0 [ 2342.733019] ? _copy_from_user+0xfb/0x1b0 [ 2342.733576] __x64_sys_mount+0x282/0x300 [ 2342.734108] ? copy_mnt_ns+0xa00/0xa00 [ 2342.734621] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2342.735308] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2342.735999] do_syscall_64+0x33/0x40 [ 2342.736499] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2342.737172] RIP: 0033:0x7f4689135b19 [ 2342.737666] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2342.740112] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2342.741139] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2342.742071] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2342.743019] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2342.743974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2342.744911] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2342.753276] 9pnet: Insufficient options for proto=fd [ 2342.754268] kmem_cache_create(9p-fcall-cache-415) failed with error -12 [ 2342.755204] CPU: 0 PID: 57755 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2342.756120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2342.757199] Call Trace: [ 2342.757554] dump_stack+0x107/0x167 [ 2342.758038] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2342.758737] p9_client_create+0xc6a/0x1230 [ 2342.759292] ? p9_client_flush+0x430/0x430 [ 2342.759853] ? trace_hardirqs_on+0x5b/0x180 [ 2342.760418] ? lockdep_init_map_type+0x2c7/0x780 [ 2342.761040] ? __raw_spin_lock_init+0x36/0x110 [ 2342.761637] v9fs_session_init+0x1dd/0x1680 [ 2342.762199] ? lock_release+0x680/0x680 [ 2342.762719] ? kmem_cache_alloc_trace+0x151/0x320 [ 2342.763350] ? v9fs_show_options+0x690/0x690 [ 2342.763931] ? trace_hardirqs_on+0x5b/0x180 [ 2342.764487] ? kasan_unpoison_shadow+0x33/0x50 [ 2342.765079] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2342.765743] v9fs_mount+0x79/0x8f0 [ 2342.766203] ? v9fs_write_inode+0x60/0x60 [ 2342.766757] legacy_get_tree+0x105/0x220 [ 2342.767287] vfs_get_tree+0x8e/0x300 [ 2342.767779] path_mount+0x14ab/0x2200 [ 2342.768278] ? strncpy_from_user+0x9e/0x470 [ 2342.768836] ? finish_automount+0xa90/0xa90 [ 2342.769396] ? getname_flags.part.0+0x1dd/0x4f0 [ 2342.769999] ? _copy_from_user+0xfb/0x1b0 [ 2342.770550] __x64_sys_mount+0x282/0x300 [ 2342.771074] ? copy_mnt_ns+0xa00/0xa00 [ 2342.771591] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2342.772270] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2342.772942] do_syscall_64+0x33/0x40 [ 2342.773432] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2342.774096] RIP: 0033:0x7f4689135b19 [ 2342.774574] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2342.776982] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2342.777982] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2342.778906] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2342.779823] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2342.780750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2342.781673] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:06:55 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 72) [ 2342.876214] FAULT_INJECTION: forcing a failure. [ 2342.876214] name failslab, interval 1, probability 0, space 0, times 0 [ 2342.877693] CPU: 0 PID: 57991 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2342.878547] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2342.879585] Call Trace: [ 2342.879927] dump_stack+0x107/0x167 [ 2342.880381] should_fail.cold+0x5/0xa [ 2342.880859] ? __kernfs_new_node+0xd4/0x860 [ 2342.881390] should_failslab+0x5/0x20 [ 2342.881861] kmem_cache_alloc+0x5b/0x310 [ 2342.882368] __kernfs_new_node+0xd4/0x860 [ 2342.882896] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2342.883491] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2342.884099] ? wait_for_completion_io+0x270/0x270 [ 2342.884697] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2342.885347] kernfs_new_node+0x18d/0x250 [ 2342.885851] __kernfs_create_file+0x51/0x350 [ 2342.886394] sysfs_add_file_mode_ns+0x221/0x560 [ 2342.886985] internal_create_group+0x324/0xb30 [ 2342.887557] ? sysfs_remove_group+0x170/0x170 [ 2342.888156] ? kernfs_name_hash+0xe7/0x110 [ 2342.888675] ? kernfs_find_ns+0x256/0x380 [ 2342.889197] sysfs_slab_add+0x188/0x200 [ 2342.889685] __kmem_cache_create+0x3db/0x520 [ 2342.890229] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2342.890844] p9_client_create+0xc6a/0x1230 [ 2342.891368] ? p9_client_flush+0x430/0x430 [ 2342.891894] ? trace_hardirqs_on+0x5b/0x180 [ 2342.892427] ? lockdep_init_map_type+0x2c7/0x780 [ 2342.893021] ? __raw_spin_lock_init+0x36/0x110 [ 2342.893587] v9fs_session_init+0x1dd/0x1680 [ 2342.894116] ? lock_release+0x680/0x680 [ 2342.894617] ? kmem_cache_alloc_trace+0x151/0x320 [ 2342.895215] ? v9fs_show_options+0x690/0x690 [ 2342.895772] ? trace_hardirqs_on+0x5b/0x180 [ 2342.896300] ? kasan_unpoison_shadow+0x33/0x50 [ 2342.896861] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2342.897490] v9fs_mount+0x79/0x8f0 [ 2342.897929] ? v9fs_write_inode+0x60/0x60 [ 2342.898437] legacy_get_tree+0x105/0x220 [ 2342.898939] vfs_get_tree+0x8e/0x300 [ 2342.899396] path_mount+0x14ab/0x2200 [ 2342.899876] ? strncpy_from_user+0x9e/0x470 [ 2342.900405] ? finish_automount+0xa90/0xa90 [ 2342.900932] ? getname_flags.part.0+0x1dd/0x4f0 [ 2342.901495] ? _copy_from_user+0xfb/0x1b0 [ 2342.902006] __x64_sys_mount+0x282/0x300 [ 2342.902516] ? copy_mnt_ns+0xa00/0xa00 [ 2342.903001] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2342.903647] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2342.904293] do_syscall_64+0x33/0x40 [ 2342.904748] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2342.905370] RIP: 0033:0x7f4689135b19 [ 2342.905829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2342.908071] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2342.909003] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2342.909869] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2342.910743] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2342.911630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2342.912492] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2342.935449] kmem_cache_create(9p-fcall-cache-417) failed with error -12 [ 2342.936315] CPU: 0 PID: 57991 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2342.937140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2342.938134] Call Trace: [ 2342.938451] dump_stack+0x107/0x167 [ 2342.938892] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2342.939526] p9_client_create+0xc6a/0x1230 [ 2342.940043] ? p9_client_flush+0x430/0x430 [ 2342.940555] ? trace_hardirqs_on+0x5b/0x180 [ 2342.941075] ? lockdep_init_map_type+0x2c7/0x780 [ 2342.941645] ? __raw_spin_lock_init+0x36/0x110 [ 2342.942195] v9fs_session_init+0x1dd/0x1680 [ 2342.942719] ? lock_release+0x680/0x680 [ 2342.943199] ? kmem_cache_alloc_trace+0x151/0x320 [ 2342.943793] ? v9fs_show_options+0x690/0x690 [ 2342.944326] ? trace_hardirqs_on+0x5b/0x180 [ 2342.944846] ? kasan_unpoison_shadow+0x33/0x50 [ 2342.945393] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2342.946002] v9fs_mount+0x79/0x8f0 [ 2342.946431] ? v9fs_write_inode+0x60/0x60 [ 2342.946926] legacy_get_tree+0x105/0x220 [ 2342.947411] vfs_get_tree+0x8e/0x300 [ 2342.947864] path_mount+0x14ab/0x2200 [ 2342.948317] ? strncpy_from_user+0x9e/0x470 [ 2342.948831] ? finish_automount+0xa90/0xa90 [ 2342.949345] ? getname_flags.part.0+0x1dd/0x4f0 [ 2342.949899] ? _copy_from_user+0xfb/0x1b0 [ 2342.950398] __x64_sys_mount+0x282/0x300 [ 2342.950879] ? copy_mnt_ns+0xa00/0xa00 [ 2342.951349] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2342.951980] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2342.952610] do_syscall_64+0x33/0x40 [ 2342.953056] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2342.953673] RIP: 0033:0x7f4689135b19 [ 2342.954124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2342.956330] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2342.957235] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2342.958080] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2342.958927] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2342.959776] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2342.960625] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2356.830637] kmemleak: 2 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:07:17 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x40000000000000) 04:07:17 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff000000000000e8aec77100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000010000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400f9ff00000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e146a11171f628a000f993eb0de6b4e522774816107c0dde9ecd6610dd89908f27dc03308471a33f3840c99ca201e7135e13a3a84d50c3a6d4708d3716fc0d44951efe86d7f6ca5a14", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:07:17 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x4c00, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:17 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 73) 04:07:17 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdcb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:17 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xebb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:17 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb902, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:17 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) fspick(r0, &(0x7f0000000040)='./file0\x00', 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@subj_user={'subj_user', 0x3d, 'rfdno'}}]}}) [ 2365.272069] 9pnet: Insufficient options for proto=fd [ 2365.283842] FAULT_INJECTION: forcing a failure. [ 2365.283842] name failslab, interval 1, probability 0, space 0, times 0 [ 2365.286220] CPU: 1 PID: 58302 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2365.287672] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2365.289420] Call Trace: [ 2365.289976] dump_stack+0x107/0x167 [ 2365.290749] should_fail.cold+0x5/0xa [ 2365.291554] ? create_object.isra.0+0x3a/0xa30 [ 2365.292520] should_failslab+0x5/0x20 [ 2365.293325] kmem_cache_alloc+0x5b/0x310 [ 2365.294178] ? __lockdep_reset_lock+0x180/0x180 [ 2365.295158] create_object.isra.0+0x3a/0xa30 [ 2365.296083] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2365.297154] kmem_cache_alloc+0x159/0x310 [ 2365.298030] __kernfs_new_node+0xd4/0x860 [ 2365.298911] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2365.299922] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2365.300953] ? wait_for_completion_io+0x270/0x270 [ 2365.301970] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2365.303087] kernfs_new_node+0x18d/0x250 [ 2365.303959] __kernfs_create_file+0x51/0x350 [ 2365.304899] sysfs_add_file_mode_ns+0x221/0x560 [ 2365.305901] internal_create_group+0x324/0xb30 [ 2365.306882] ? sysfs_remove_group+0x170/0x170 [ 2365.307843] ? kernfs_name_hash+0xe7/0x110 [ 2365.308763] ? kernfs_find_ns+0x256/0x380 [ 2365.309673] sysfs_slab_add+0x188/0x200 [ 2365.310540] __kmem_cache_create+0x3db/0x520 [ 2365.311503] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2365.312600] p9_client_create+0xc6a/0x1230 [ 2365.313528] ? p9_client_flush+0x430/0x430 [ 2365.314450] ? trace_hardirqs_on+0x5b/0x180 [ 2365.315388] ? lockdep_init_map_type+0x2c7/0x780 [ 2365.316431] ? __raw_spin_lock_init+0x36/0x110 [ 2365.317436] v9fs_session_init+0x1dd/0x1680 [ 2365.318374] ? lock_release+0x680/0x680 [ 2365.319249] ? kmem_cache_alloc_trace+0x151/0x320 [ 2365.320305] ? v9fs_show_options+0x690/0x690 [ 2365.321272] ? trace_hardirqs_on+0x5b/0x180 [ 2365.322211] ? kasan_unpoison_shadow+0x33/0x50 [ 2365.323199] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2365.324318] v9fs_mount+0x79/0x8f0 [ 2365.325090] ? v9fs_write_inode+0x60/0x60 [ 2365.325988] legacy_get_tree+0x105/0x220 [ 2365.326872] vfs_get_tree+0x8e/0x300 [ 2365.327679] path_mount+0x14ab/0x2200 [ 2365.328517] ? strncpy_from_user+0x9e/0x470 [ 2365.329454] ? finish_automount+0xa90/0xa90 [ 2365.330396] ? getname_flags.part.0+0x1dd/0x4f0 [ 2365.331405] ? _copy_from_user+0xfb/0x1b0 [ 2365.332322] __x64_sys_mount+0x282/0x300 [ 2365.333209] ? copy_mnt_ns+0xa00/0xa00 [ 2365.334060] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2365.335198] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2365.336335] do_syscall_64+0x33/0x40 [ 2365.337150] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2365.338263] RIP: 0033:0x7f4689135b19 [ 2365.339067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2365.343072] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2365.344729] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2365.346276] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2365.347816] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2365.349368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2365.350910] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:07:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xddb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, 0x0}, &(0x7f0000000040)=0xc) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner=', @ANYRESDEC=r1, @ANYBLOB=',fowner<', @ANYRESDEC=r1, @ANYBLOB="2c266f776e65723dbc453d98d6232cbf319ddafc7e77dbc9a55f019d6bde6e304aa7e25fc539ff59512348ee4c9cbbc5dff861aa50893c6164848e3badc3de9e850d8ef8a96ab8fe59c076d04409aae18fb87400efd594c1d1d1c3cb567352e28279111e39de7d5c411252dab7d6c78341b5090b239cdba68172964a86b557ae656330c9384a62081fc2", @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,seclabel,\x00']) sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c000000530400022cbd7000fcdbdf656308c495d8e15eefeb5e0000000000000060e342aabbf0391ad02dd7b103a632bccee1e52a21a7c73c6a4b01ef24c0c3de16c18d0eb0e97d44a5a2841ede0fb2ccdd3bdc09ea3cd904f2698d5868e387eb21e40a073d4cbd6a6dfbb7bf110ec4c8b7fe825c7f5cfc90000000"], 0x7c}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000004) 04:07:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xecb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb903, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 74) [ 2365.631605] 9pnet: Insufficient options for proto=fd 04:07:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x2000000000000000) 04:07:18 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000ed00ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1b1e0682c59aa763691e62d2ce8f677aa6cf7f43b7bf550d0a95b20a755e77be7e8508ce51b88c10527af253ce95153c7a8d31df1d7c7101f9cfe94d138be92ac4e35764833ac339c861f6819335cf0ab82e2d3d7cb44aa95d9f33582e62dc25fcee999154cde2d1b05a3b8e8b1355881f2a9b63e02dab54090dcb4956bd362f65fb8a39e47144cb584b5e64652edafd6c6ab09d92727918f1bc7e138822592c07683cdc2e51e02f2729b36fb3814a29d259b1753824be330cb4a6d85f8fc088641eecbd1c06530765f61bb", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2365.703815] FAULT_INJECTION: forcing a failure. [ 2365.703815] name failslab, interval 1, probability 0, space 0, times 0 [ 2365.706480] CPU: 0 PID: 58913 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2365.707974] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2365.709758] Call Trace: [ 2365.710327] dump_stack+0x107/0x167 [ 2365.711123] should_fail.cold+0x5/0xa [ 2365.711965] ? create_object.isra.0+0x3a/0xa30 [ 2365.712949] should_failslab+0x5/0x20 [ 2365.713775] kmem_cache_alloc+0x5b/0x310 [ 2365.714661] ? __lockdep_reset_lock+0x180/0x180 [ 2365.715676] create_object.isra.0+0x3a/0xa30 [ 2365.716639] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2365.717753] kmem_cache_alloc+0x159/0x310 [ 2365.718657] __kernfs_new_node+0xd4/0x860 [ 2365.719560] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2365.720604] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2365.721653] ? wait_for_completion_io+0x270/0x270 [ 2365.722699] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2365.723861] kernfs_new_node+0x18d/0x250 [ 2365.724749] __kernfs_create_file+0x51/0x350 [ 2365.725706] sysfs_add_file_mode_ns+0x221/0x560 [ 2365.726727] internal_create_group+0x324/0xb30 [ 2365.727726] ? sysfs_remove_group+0x170/0x170 [ 2365.728702] ? kernfs_name_hash+0xe7/0x110 [ 2365.729620] ? kernfs_find_ns+0x256/0x380 [ 2365.730528] sysfs_slab_add+0x188/0x200 [ 2365.731392] __kmem_cache_create+0x3db/0x520 [ 2365.732362] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2365.733449] p9_client_create+0xc6a/0x1230 [ 2365.734375] ? p9_client_flush+0x430/0x430 [ 2365.735293] ? trace_hardirqs_on+0x5b/0x180 [ 2365.736241] ? lockdep_init_map_type+0x2c7/0x780 [ 2365.737270] ? __raw_spin_lock_init+0x36/0x110 [ 2365.738267] v9fs_session_init+0x1dd/0x1680 [ 2365.739201] ? lock_release+0x680/0x680 [ 2365.740083] ? kmem_cache_alloc_trace+0x151/0x320 [ 2365.741126] ? v9fs_show_options+0x690/0x690 [ 2365.742090] ? trace_hardirqs_on+0x5b/0x180 [ 2365.743024] ? kasan_unpoison_shadow+0x33/0x50 [ 2365.744022] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2365.745123] v9fs_mount+0x79/0x8f0 [ 2365.745893] ? v9fs_write_inode+0x60/0x60 [ 2365.746788] legacy_get_tree+0x105/0x220 [ 2365.747669] vfs_get_tree+0x8e/0x300 [ 2365.748486] path_mount+0x14ab/0x2200 [ 2365.749316] ? strncpy_from_user+0x9e/0x470 [ 2365.750255] ? finish_automount+0xa90/0xa90 [ 2365.751191] ? getname_flags.part.0+0x1dd/0x4f0 [ 2365.752214] ? _copy_from_user+0xfb/0x1b0 [ 2365.753125] __x64_sys_mount+0x282/0x300 [ 2365.754003] ? copy_mnt_ns+0xa00/0xa00 [ 2365.754855] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2365.756003] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2365.757123] do_syscall_64+0x33/0x40 [ 2365.757931] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2365.759038] RIP: 0033:0x7f4689135b19 [ 2365.759854] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2365.763846] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2365.765493] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2365.767111] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2365.768670] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2365.770226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2365.771776] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:07:18 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x6800, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2365.919027] 9pnet: Insufficient options for proto=fd 04:07:33 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:33 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0xffffffff00000000) 04:07:33 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) openat(r1, &(0x7f0000000040)='./file1\x00', 0x20000, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x1c4) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:33 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x4, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180), 0x1}, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'wg1\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f10909b0970000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc39", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x4, r10}) 04:07:33 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdeb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:33 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb904, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:33 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x6c00, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:33 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 75) [ 2381.143915] 9pnet: Insufficient options for proto=fd [ 2381.154080] FAULT_INJECTION: forcing a failure. [ 2381.154080] name failslab, interval 1, probability 0, space 0, times 0 [ 2381.156604] CPU: 1 PID: 59455 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2381.158095] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2381.159885] Call Trace: [ 2381.160470] dump_stack+0x107/0x167 [ 2381.161264] should_fail.cold+0x5/0xa [ 2381.162090] ? __kernfs_new_node+0xd4/0x860 [ 2381.163023] should_failslab+0x5/0x20 [ 2381.163844] kmem_cache_alloc+0x5b/0x310 [ 2381.164731] __kernfs_new_node+0xd4/0x860 [ 2381.165629] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2381.166654] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2381.167695] ? wait_for_completion_io+0x270/0x270 [ 2381.168788] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2381.169921] kernfs_new_node+0x18d/0x250 [ 2381.170799] __kernfs_create_file+0x51/0x350 [ 2381.171756] sysfs_add_file_mode_ns+0x221/0x560 [ 2381.172779] internal_create_group+0x324/0xb30 [ 2381.173774] ? sysfs_remove_group+0x170/0x170 [ 2381.174738] ? kernfs_name_hash+0xe7/0x110 [ 2381.175656] ? kernfs_find_ns+0x256/0x380 [ 2381.176569] sysfs_slab_add+0x188/0x200 [ 2381.177427] __kmem_cache_create+0x3db/0x520 [ 2381.178378] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2381.179462] p9_client_create+0xc6a/0x1230 [ 2381.180392] ? p9_client_flush+0x430/0x430 [ 2381.181305] ? trace_hardirqs_on+0x5b/0x180 [ 2381.182241] ? lockdep_init_map_type+0x2c7/0x780 [ 2381.183263] ? __raw_spin_lock_init+0x36/0x110 [ 2381.184262] v9fs_session_init+0x1dd/0x1680 [ 2381.185196] ? lock_release+0x680/0x680 [ 2381.186059] ? kmem_cache_alloc_trace+0x151/0x320 [ 2381.187095] ? v9fs_show_options+0x690/0x690 [ 2381.188068] ? trace_hardirqs_on+0x5b/0x180 [ 2381.188995] ? kasan_unpoison_shadow+0x33/0x50 [ 2381.189977] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2381.191072] v9fs_mount+0x79/0x8f0 [ 2381.191837] ? v9fs_write_inode+0x60/0x60 [ 2381.192733] legacy_get_tree+0x105/0x220 [ 2381.193610] vfs_get_tree+0x8e/0x300 [ 2381.194415] path_mount+0x14ab/0x2200 [ 2381.195233] ? strncpy_from_user+0x9e/0x470 [ 2381.196170] ? finish_automount+0xa90/0xa90 [ 2381.197096] ? getname_flags.part.0+0x1dd/0x4f0 [ 2381.198101] ? _copy_from_user+0xfb/0x1b0 [ 2381.199001] __x64_sys_mount+0x282/0x300 [ 2381.199871] ? copy_mnt_ns+0xa00/0xa00 [ 2381.200730] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2381.201853] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2381.202964] do_syscall_64+0x33/0x40 [ 2381.203770] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2381.204881] RIP: 0033:0x7f4689135b19 [ 2381.205678] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2381.209629] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2381.211266] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2381.212812] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2381.214341] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2381.215867] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2381.217404] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2381.224294] kmem_cache_create(9p-fcall-cache-421) failed with error -12 [ 2381.225844] CPU: 1 PID: 59455 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2381.227324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2381.229108] Call Trace: [ 2381.229675] dump_stack+0x107/0x167 [ 2381.230462] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2381.231587] p9_client_create+0xc6a/0x1230 [ 2381.232506] ? p9_client_flush+0x430/0x430 [ 2381.233412] ? trace_hardirqs_on+0x5b/0x180 [ 2381.234335] ? lockdep_init_map_type+0x2c7/0x780 [ 2381.235351] ? __raw_spin_lock_init+0x36/0x110 [ 2381.236344] v9fs_session_init+0x1dd/0x1680 [ 2381.237267] ? lock_release+0x680/0x680 [ 2381.238130] ? kmem_cache_alloc_trace+0x151/0x320 [ 2381.239163] ? v9fs_show_options+0x690/0x690 [ 2381.240127] ? trace_hardirqs_on+0x5b/0x180 [ 2381.241053] ? kasan_unpoison_shadow+0x33/0x50 [ 2381.242032] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2381.243121] v9fs_mount+0x79/0x8f0 [ 2381.243888] ? v9fs_write_inode+0x60/0x60 [ 2381.244785] legacy_get_tree+0x105/0x220 [ 2381.245654] vfs_get_tree+0x8e/0x300 [ 2381.246454] path_mount+0x14ab/0x2200 [ 2381.247272] ? strncpy_from_user+0x9e/0x470 [ 2381.248205] ? finish_automount+0xa90/0xa90 [ 2381.249128] ? getname_flags.part.0+0x1dd/0x4f0 [ 2381.250121] ? _copy_from_user+0xfb/0x1b0 [ 2381.251019] __x64_sys_mount+0x282/0x300 [ 2381.251893] ? copy_mnt_ns+0xa00/0xa00 [ 2381.252740] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2381.253867] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2381.254974] do_syscall_64+0x33/0x40 [ 2381.255771] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2381.256877] RIP: 0033:0x7f4689135b19 [ 2381.257673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2381.261632] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2381.263271] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2381.264806] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2381.266330] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2381.267857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2381.269387] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:07:34 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb905, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:34 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xdfb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:34 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x7400, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:34 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r2 = mmap$IORING_OFF_SQES(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x3000001, 0x1010, r1, 0x10000000) syz_io_uring_submit(0x0, r2, &(0x7f0000000200)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x2, 0x0, 0x0, 0x0, 0x12345}, 0xc39) sendto(r0, &(0x7f0000000280)="54261148095af3da82e893964f185f86bfddadf9dca2dae67c52215be15018a82c65174475a76c2a54114796f3f3ac783e5506e4834f05c3ebef2d9d27a7c7ab4f924c73e96f7fe676bfc436cf725eef622901c74c316a78c4ae6bfe6e14b9b65c6d946e86382d6d136eaab8200c239abea487924701e9159addec41c8e70691db85527d50ac0fb652253d5801c9ffbdfad5eddcd9e7c9bffedee5f664b97bb055ce1a49a08477ea43763b", 0xab, 0x20000000, &(0x7f0000000340)=@nfc_llcp={0x27, 0x0, 0x0, 0x3, 0x9, 0x2, "4ffa96e9f8a111d3d70adeaf333978cce2aefaf09f749f2ab086b872a263da8306c2977a0815e89d6c0317b1f207fc28180cd94c861c0a0b7fab5bb2b580d7", 0x20}, 0x80) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) r4 = ioctl$TUNGETDEVNETNS(r1, 0x54e3, 0x0) write$binfmt_elf64(r4, &(0x7f0000000240)=ANY=[@ANYRES16], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) unlinkat(r3, &(0x7f00000001c0)='./file0\x00', 0x200) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) recvfrom$unix(r1, &(0x7f0000000040)=""/43, 0x2b, 0x10000, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c66736e616d653d2e2c6602776e65723e29af5e1a36e88a74e44642cfe594a9effe567135aa6027db41405437b98adcf5d6d7ebeb6670237538b9ffead5e19366a4b9eb32a2789e007ca0bf60feb1dacc9b86737b733a3dc454d116f31cb97561d30dd3039e57c572ec737b20661163213f14c0f92124258ae3b449fcc2a6a7d5b541b3596d9a94b3baf8776cba83279a922730385c6a7acabbcb1ecd147975ef52aba71ac481f051e8d90d74f648f82a91c9eb8f5ec763e0beae44c83dc7462a2115e2360ef281006e3df5da0bb715d9", @ANYRESDEC=0x0, @ANYBLOB="026c033619634d7a"]) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1/file0\x00', 0x800, 0x0) 04:07:34 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 76) 04:07:34 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedc0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2381.459992] 9pnet: Insufficient options for proto=fd [ 2381.531546] FAULT_INJECTION: forcing a failure. [ 2381.531546] name failslab, interval 1, probability 0, space 0, times 0 [ 2381.534212] CPU: 1 PID: 60085 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2381.535718] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2381.537517] Call Trace: [ 2381.538089] dump_stack+0x107/0x167 [ 2381.538878] should_fail.cold+0x5/0xa [ 2381.539704] ? create_object.isra.0+0x3a/0xa30 [ 2381.540689] should_failslab+0x5/0x20 [ 2381.541511] kmem_cache_alloc+0x5b/0x310 [ 2381.542383] ? __lockdep_reset_lock+0x180/0x180 [ 2381.543392] create_object.isra.0+0x3a/0xa30 [ 2381.544341] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2381.545438] kmem_cache_alloc+0x159/0x310 [ 2381.546335] __kernfs_new_node+0xd4/0x860 [ 2381.547226] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2381.548258] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2381.549296] ? wait_for_completion_io+0x270/0x270 [ 2381.550333] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2381.551471] kernfs_new_node+0x18d/0x250 [ 2381.552356] __kernfs_create_file+0x51/0x350 [ 2381.553307] sysfs_add_file_mode_ns+0x221/0x560 [ 2381.554321] internal_create_group+0x324/0xb30 [ 2381.555312] ? sysfs_remove_group+0x170/0x170 [ 2381.556280] ? kernfs_name_hash+0xe7/0x110 [ 2381.557193] ? kernfs_find_ns+0x256/0x380 [ 2381.558097] sysfs_slab_add+0x188/0x200 [ 2381.558959] __kmem_cache_create+0x3db/0x520 [ 2381.559918] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2381.561011] p9_client_create+0xc6a/0x1230 [ 2381.561933] ? p9_client_flush+0x430/0x430 [ 2381.562843] ? trace_hardirqs_on+0x5b/0x180 [ 2381.563771] ? lockdep_init_map_type+0x2c7/0x780 [ 2381.564797] ? __raw_spin_lock_init+0x36/0x110 [ 2381.565786] v9fs_session_init+0x1dd/0x1680 [ 2381.566710] ? lock_release+0x680/0x680 [ 2381.567572] ? kmem_cache_alloc_trace+0x151/0x320 [ 2381.568614] ? v9fs_show_options+0x690/0x690 [ 2381.569569] ? trace_hardirqs_on+0x5b/0x180 [ 2381.570495] ? kasan_unpoison_shadow+0x33/0x50 [ 2381.571473] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2381.572577] v9fs_mount+0x79/0x8f0 [ 2381.573340] ? v9fs_write_inode+0x60/0x60 [ 2381.574231] legacy_get_tree+0x105/0x220 [ 2381.575105] vfs_get_tree+0x8e/0x300 [ 2381.575904] path_mount+0x14ab/0x2200 [ 2381.576737] ? strncpy_from_user+0x9e/0x470 [ 2381.577664] ? finish_automount+0xa90/0xa90 [ 2381.578592] ? getname_flags.part.0+0x1dd/0x4f0 [ 2381.579594] ? _copy_from_user+0xfb/0x1b0 [ 2381.580502] __x64_sys_mount+0x282/0x300 [ 2381.581374] ? copy_mnt_ns+0xa00/0xa00 [ 2381.582217] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2381.583338] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2381.584443] do_syscall_64+0x33/0x40 [ 2381.585252] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2381.586611] RIP: 0033:0x7f4689135b19 [ 2381.587500] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2381.591805] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2381.593440] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2381.594966] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2381.596508] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2381.598028] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2381.599564] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:07:34 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4304, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:07:34 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x7a00, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2395.151694] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:07:57 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb906, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:57 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe0b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:57 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 77) 04:07:57 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xedc0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:57 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeeb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:57 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) r6 = dup(r3) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x200000a, 0x50, r6, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:07:57 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x3, 0x0, 0x0, 0x0, 0x4000, 0x480d2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x5, 0x5}, 0x0, 0x0, 0x3, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1ff}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b59f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:07:57 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)={0x4}) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) ioctl$EXT4_IOC_MOVE_EXT(r0, 0xc028660f, &(0x7f0000000000)={0x0, r2, 0x81, 0x8, 0x0, 0x4}) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c66736d61676900800000000000003030303030303038303030342c666f776e65723d", @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) sendmsg$IPVS_CMD_NEW_SERVICE(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x1c, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x77}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x14) r4 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000140), 0x2, 0x0) sync_file_range(r4, 0x8, 0x40, 0x4) epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r4, &(0x7f0000000280)) [ 2405.155477] FAULT_INJECTION: forcing a failure. [ 2405.155477] name failslab, interval 1, probability 0, space 0, times 0 [ 2405.157871] CPU: 1 PID: 60605 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2405.159326] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2405.161072] Call Trace: [ 2405.161635] dump_stack+0x107/0x167 [ 2405.162408] should_fail.cold+0x5/0xa [ 2405.163212] ? __kernfs_new_node+0xd4/0x860 [ 2405.164114] should_failslab+0x5/0x20 [ 2405.164936] kmem_cache_alloc+0x5b/0x310 [ 2405.165802] __kernfs_new_node+0xd4/0x860 [ 2405.166685] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2405.167688] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2405.168714] ? wait_for_completion_io+0x270/0x270 [ 2405.169725] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2405.170835] kernfs_new_node+0x18d/0x250 [ 2405.171701] __kernfs_create_file+0x51/0x350 [ 2405.172644] sysfs_add_file_mode_ns+0x221/0x560 [ 2405.173648] internal_create_group+0x324/0xb30 [ 2405.174622] ? sysfs_remove_group+0x170/0x170 [ 2405.175566] ? kernfs_name_hash+0xe7/0x110 [ 2405.176471] ? kernfs_find_ns+0x256/0x380 [ 2405.177365] sysfs_slab_add+0x188/0x200 [ 2405.178205] __kmem_cache_create+0x3db/0x520 [ 2405.179140] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2405.180196] p9_client_create+0xc6a/0x1230 [ 2405.181105] ? p9_client_flush+0x430/0x430 [ 2405.181999] ? trace_hardirqs_on+0x5b/0x180 [ 2405.182916] ? lockdep_init_map_type+0x2c7/0x780 [ 2405.183917] ? __raw_spin_lock_init+0x36/0x110 [ 2405.184898] v9fs_session_init+0x1dd/0x1680 [ 2405.185809] ? lock_release+0x680/0x680 [ 2405.186640] ? kmem_cache_alloc_trace+0x151/0x320 [ 2405.187654] ? v9fs_show_options+0x690/0x690 [ 2405.188606] ? trace_hardirqs_on+0x5b/0x180 [ 2405.189516] ? kasan_unpoison_shadow+0x33/0x50 [ 2405.190485] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2405.191552] v9fs_mount+0x79/0x8f0 [ 2405.192313] ? v9fs_write_inode+0x60/0x60 [ 2405.193185] legacy_get_tree+0x105/0x220 [ 2405.194049] vfs_get_tree+0x8e/0x300 [ 2405.194834] path_mount+0x14ab/0x2200 [ 2405.195638] ? strncpy_from_user+0x9e/0x470 [ 2405.196555] ? finish_automount+0xa90/0xa90 [ 2405.197464] ? getname_flags.part.0+0x1dd/0x4f0 [ 2405.198452] ? _copy_from_user+0xfb/0x1b0 [ 2405.199343] __x64_sys_mount+0x282/0x300 [ 2405.200194] ? copy_mnt_ns+0xa00/0xa00 [ 2405.201027] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2405.202136] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2405.203232] do_syscall_64+0x33/0x40 [ 2405.204021] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2405.205102] RIP: 0033:0x7f4689135b19 [ 2405.205890] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2405.209753] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2405.211355] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2405.212862] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2405.214362] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2405.215862] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2405.217377] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2405.228181] 9pnet: Insufficient options for proto=fd 04:07:58 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb907, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:07:58 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe1b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:07:58 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x2, 0x0, 0x6}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="0500000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5f0614b631ab4c222df74701f2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2405.385933] kmem_cache_create(9p-fcall-cache-423) failed with error -12 [ 2405.387470] CPU: 0 PID: 60605 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2405.388945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2405.390701] Call Trace: [ 2405.391272] dump_stack+0x107/0x167 [ 2405.392051] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2405.393170] p9_client_create+0xc6a/0x1230 [ 2405.394071] ? p9_client_flush+0x430/0x430 [ 2405.394972] ? trace_hardirqs_on+0x5b/0x180 [ 2405.395884] ? lockdep_init_map_type+0x2c7/0x780 [ 2405.396915] ? __raw_spin_lock_init+0x36/0x110 [ 2405.397893] v9fs_session_init+0x1dd/0x1680 [ 2405.398806] ? lock_release+0x680/0x680 [ 2405.399661] ? kmem_cache_alloc_trace+0x151/0x320 [ 2405.400692] ? v9fs_show_options+0x690/0x690 [ 2405.401628] ? trace_hardirqs_on+0x5b/0x180 [ 2405.402538] ? kasan_unpoison_shadow+0x33/0x50 [ 2405.403499] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2405.404588] v9fs_mount+0x79/0x8f0 [ 2405.405343] ? v9fs_write_inode+0x60/0x60 [ 2405.406213] legacy_get_tree+0x105/0x220 [ 2405.407072] vfs_get_tree+0x8e/0x300 [ 2405.407866] path_mount+0x14ab/0x2200 [ 2405.408680] ? strncpy_from_user+0x9e/0x470 [ 2405.409593] ? finish_automount+0xa90/0xa90 [ 2405.410508] ? getname_flags.part.0+0x1dd/0x4f0 [ 2405.411493] ? _copy_from_user+0xfb/0x1b0 [ 2405.412388] __x64_sys_mount+0x282/0x300 [ 2405.413243] ? copy_mnt_ns+0xa00/0xa00 [ 2405.414069] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2405.415176] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2405.416276] do_syscall_64+0x33/0x40 [ 2405.417067] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2405.418147] RIP: 0033:0x7f4689135b19 [ 2405.418935] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2405.422822] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2405.424436] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2405.425929] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2405.427428] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2405.428940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2405.430448] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:07:58 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x80000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:07:58 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r1 = syz_io_uring_complete(0x0) r2 = openat(r1, &(0x7f0000000000)='./file1\x00', 0x400402, 0x0) r3 = clone3(&(0x7f0000000600)={0x181309400, &(0x7f00000001c0)=0xffffffffffffffff, &(0x7f0000000200)=0x0, &(0x7f0000000240), {0xe}, &(0x7f00000003c0)=""/208, 0xd0, &(0x7f00000004c0)=""/194, &(0x7f00000005c0)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x3, {r2}}, 0x58) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r6, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r6, 0x6609) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r0, 0xc018937d, &(0x7f0000000700)={{0x1, 0x1, 0x18, r4, {0x7}}, './file1\x00'}) r8 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000940), 0x0, 0x0) fchmod(r8, 0x20) sendmsg$nl_generic(r6, &(0x7f0000000880)={&(0x7f00000006c0), 0xc, &(0x7f0000000840)={&(0x7f0000000980)=ANY=[@ANYBLOB="c80000003500000225bd7000fcdbdf25130000001c004c8008005d00", @ANYRES32=r3, @ANYBLOB="0c006300070000000000000004001f006aef1d6744e0fc7da158bf54c172db0547ac7af5bd15ca0a74667cbf6434ad73241433596d3116d7ef598671fe0a05aef1c0f095efa2e40588ec2d3c2819a1ebf77e481151286c4531fe90a6d9300ee0be3da7e5fe1d1b5c309cfd893f67e254fb3f2dd3c6b6c10baffb852cf89368c7b5656b71696d619b4688ec8b969a255d6a845ca2134f6a3be0a1b213fecfc408003d00", @ANYRES32=r7, @ANYBLOB="007bcd5137ac1679221f49aed67c56669cc663be50eb2d9208db5c4babce38da4ba2d7e92142b1f7cc411c6bac68322089875b706daff776e17dab9ad7ae6f81a07f23411335fdea5f1b8a976530afff092186285345ca2dd4741b24c04459838d2fd437bee5ac437322981367f80bbc30bbfbb83b6e12c25197489f85c8d0029e24f7fff4f6943eba69c9e40c28381c7ded302a5509ee3b7c1e1f63186a3e9e09d9ebe121618568ef934ca32dd2ea8e789b65637dcffe896b0e95596ef4dc331c018f038c62de4093fddd26d73fcd80a1fb92932cb0acec5567a3ea158e"], 0xc8}, 0x1, 0x0, 0x0, 0x40}, 0x4048800) r9 = open(&(0x7f0000000680)='./file1\x00', 0x400082, 0x108) perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0x6, 0x6, 0x1, 0x7f, 0x0, 0xfffffffffffffffe, 0x10a0, 0x2, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x3ff, 0x2, @perf_bp={&(0x7f0000000040), 0x8}, 0x20, 0xffffffff, 0x1, 0x0, 0x3, 0x6c, 0x0, 0x0, 0x3, 0x0, 0x6}, r5, 0x1, r9, 0x2) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fs!cache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner', @ANYRESDEC=0x0, @ANYBLOB=',defcontext=unconfined_u,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',subj_tqpe=#\'#*:.#]/,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:07:58 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xefb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2405.574868] 9pnet: Insufficient options for proto=fd 04:07:58 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0xf, 0x30, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000300)=ANY=[@ANYBLOB="0100000001000000180000001196b29505800408372eb9ecce6fcfa6392d7208c09e388b3584f59111989e7fba93f1f4de93291d46aeac21ac3d1dacfd2228da059decc6b1137a5c932397175524ad1ec2f1c7852ebd86d00b2447471e7bddce91a0fde3cd6cf4bc4db40b45e297778f4a1f057d36df86926458389869b3bb1eef9450b11e0fe97d1269578264b78e7c27006e3faf2ae6866b203c8b6b3f99037ac018cce62d2c857b10a72e85848e636303f82abf5018e9f3586bc1e508bb9b4bf3ef00"/207, @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) recvmmsg$unix(r3, &(0x7f0000000400)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f0000000240)=[{&(0x7f0000000500)=""/202, 0xca}, {&(0x7f00000001c0)=""/44, 0x2c}, {&(0x7f0000000600)=""/162, 0xa2}], 0x3, &(0x7f0000000280)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x1, 0x100, 0x0) io_uring_enter(r6, 0x132, 0xe43e, 0x2, 0x0, 0x1) 04:07:58 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f00000001c0)=ANY=[@ANYBLOB="2d918715e1a3090a1dcb8e22c418eeee00f08dd77cc929e1ace4d19275e33c8e7021a689a22be74a32861725053ec1cb1c2683caed3170efbe848842e48f524e1e94e9daec7c780b3a7292e22a9a11d9ad5ad8bce627c27c4e19526f52c4317921b1c8fc241a8a71e13ef1d5e892130994b13c62b568d1b17f07636fd7d1831be877ec42d7c0380f7af53d39b9430c9444a16f7ad7ff5d40b59f33f508e1c012a9e5c3571a7fd1af60ebabbcaa344fde0adcc6e2533025a6c1ec26c24422f840a1e6f7b1a1f97b21a7d7d171aa8e731a38b267e74ca91cf3837d016a95e7cc350957963f21a6dc16764a8931c21b367b7b2d695e56", @ANYRESDEC=r0, @ANYRESOCT], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:07:58 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb908, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2418.698595] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:08:18 executing program 4: syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESHEX=0x0], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:08:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe2b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x26b1, &(0x7f0000000080)={0x0, 0xfffffffd}, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, 0xffffffffffffffff, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, 0xffffffffffffffff, 0x8000000) syz_io_uring_submit(r5, 0x0, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x0, 0x0}, 0x80000001) r6 = io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0) syz_io_uring_submit(r3, 0x0, &(0x7f0000000400)=@IORING_OP_WRITEV={0x2, 0x3, 0x4007, @fd=r0, 0xa42, &(0x7f0000000a80)=[{&(0x7f0000000300)="852f70e63884ab0fbcc2f19a3f9d59f128e831df08540ded8af63d48c2bdcc3738889be87ede9d7b0fd726df6a7ce498c3d20a3757e9612ceb844bd6334fdff6eabeacdae94bc1f9850874548998bdc3036f915bf02e5de3820a7dbf452b7bd95d3bcfa2d078d36917821a9b03c88d64a144f3551f478af09690f19d45cd448f9cd3e21b56478efc82f27c75240c0597be8de7ba815584fe09b7a21d98a2c67017860cba931b7075fa78cca0cadac7ca2c9a6157c360acead9e26729a23afcb66354f606c0811ef40d035a183b66bd112331a5f3ef981d7876c20b1ece4852c665d3444a79525508984d4160cce7e12732f6d1e11f0f457cbd79724081f2f6", 0xff}, {&(0x7f0000000140)="37acc1d0409a2a6e244c8773cd33d88a267bfaab0dbc86647aa21986d6f4b7933d152642d9a4a45b0dbd28f07d9e406d828bde676cc059fb59e9db5dfdd6b8b0a87e1ea4e85f15c9c1dd0c5f0c34f25aeebcea426d96eb907efd0b6d6433cbc9811f1246561ad1c043530fe1a42c63e5f90149a347a9f8aba2f4fbac42", 0x7d}, {&(0x7f0000000500)="e84df097385f49901678798803214940e2cb1fe3324bc2227b2e68d28d64217c054e195a31f8464fdcb0e5eb272bbf603b09e6e83d21cb36749dee2ff60761b2b0dc60054186e76d61153f26172337a9fd420fa97ae1f6e3b35da58e50c0af2451d6d430246aefadea95c8bec560e9b59a95cbbcb895fc977e5864b14eff3ee2863c42822d1ff02c4b4addedc8668a3a986948045931a2e85e84fa131358b95cc889005c074e161088242e67a75862ef7b9e30a1626add1a8120483a2d8edc1ac5821272ba247da4f918d8f6bb77fdc2c96d5e2f5927facbb1ba96085f92646241264095512a59dc2abd9b645f8d", 0xee}, {&(0x7f0000000600)="8a742034e0110e090510dc18dcb4fece78e0e61f57801f8a0d70df440638f325403652c424e394664ac7597feee0f51acc17e1dcb853367705c6259591d3b3d7f57c763eb402c30f22dc61c584678f020c81b95254a4e5d178667b93974b5507d023eaf5d717d80aa6e384b6b4f619c4548a9da6fdd37258d869ab260f4e96ded22c582e2d2191ca82378e2fdce7f5702db13b31b30dc93848332b7c7b9a9f3a499cee6d07015755", 0xa8}, {&(0x7f0000000240)}, {&(0x7f00000006c0)="814059ea66f86635fc009aebb725378a5f50b7211dd57d11222e576c812d0c2ca73af5f086a9fab71f7a4d0829615f84aefbe59258ef779defe47b0ace6ed0f4356e8a3e9fc984951f18392e643c381d8bde3cd24e52d88ed37f4443715816205912cfcc4ec4d83c1ecb32f58e7a5949378aace04ca77853da08666a6eb6fcb7e17244e41fb2d9eda57273a9d48e7149cfb1050e8578c848d23482722b59615a54d2ea3bd2900f7545171e04808d286a60904bafc8634a0046dacc", 0xbb}, {&(0x7f0000000780)="7c8634a2f8675c4a3f682d50842fe7a6fff4d8e5e437bde968204fa1c1aaf70f488b53e4f72c5e50757dfe41b06d5fbaef3c22ff5616ee5dfde9826626782932dd2d4a7c9b4edd755474636d94149bfcdbd5b9c44f026548ef4ae85aa6293b78d45bdb3625e84688c42afcb7f71532e117c2c63c05b1a91ba6923678deff5629a0420aea3d68bf77dfa3e939c168d335f90b8c9fb68e97d16c6df4a4134c41bcf695e514de98d99d68e816f7adabeac9bb059cf743702eb9a2f2bd3f146c221c57730fb99d1e9a71241c4cf2e15c25e5b4bf804ed0743e46aca59f60097b0867f2", 0xe1}, {&(0x7f0000000880)="f29b60afd1a4738fcfe6d2b8755e03df470b6fb3a11d7e4a27fa1d5c422738d97032cf1fe46a8b544bac68ae1a70ac74d84a2b812dd4cf7818ddafd587f40fa4fcc614763d9f985467e64088e2fb6348616e6a1253388c211d1233e4217e3f2f8010684201e3bbfbcda20bc17e32341a9f8544b58c2c7f095118ca50f3f49a0d4feda9631b61a3c1c4514f4bc66b3aae637d1774a955f57eef86450ec80d32f3ee41e35c296fca7eab0a7cd1c33f7d54862cd5c67836f9d6bd9b0c00f07a4be68a1d87fe06696d8f8fcb72784756e59c35fc6d56ae8a176e642fd9f7f5623f91e8c91a2971c26c0b473dcd82a1056ff44bf50d120e13", 0xf6}, {&(0x7f0000000980)="afcbf6dae92d0a8c6f3dc3dccbbed88e6db840847db2c6c841ed383da523b7d2403ee8d9cf71d2ab95d048efc0e9b040b67476a679b2e4b9bdd94772bf73f1bfb9626565fbe2f059f8fc056ed3464221ed6b201f56a615b3813fdcbe0fd31ac79340a1e337ce4e8433fe7987984fab259da05c4e820e8ade4974b34347bd881f75838847b2d42d82fccf831eba7d043939bfc945cbd97f450cd612836b03646bbb6197d7194f32dbc1ce8cf1a897a5ec4e41344aeb0c8909dc9ee045acd6f1f7d43c59ff0dbb18a364a2293bdca48deb5998e7d5a93f9be9ef657648efc313b8cb4346d4238c0a847c843281aa420f839611f1babb9f454391e5c0bca7", 0xfd}, {&(0x7f0000000280)="9d676dc5acefad5c0b6cec", 0xb}], 0xa, 0x1c, 0x1, {0x2, r6}}, 0x6) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:08:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x3, 0x100) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = syz_open_dev$vcsn(&(0x7f0000000040), 0xbb9, 0x109240) openat(r0, &(0x7f0000000080)='./file1\x00', 0x800, 0x0) pipe(0x0) r1 = inotify_init() ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r1, 0x8008f511, &(0x7f0000000000)) syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x80, &(0x7f00000017c0), 0x1203}, 0x0, 0x8abb4d2a8b028460}, 0x0) r5 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r6, r7, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r8, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@ax25={{0x3, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast]}, 0x80, &(0x7f00000017c0), 0x1203}, 0x0, 0x8abb4d2a8b028460}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r5, 0x0) r9 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r5, 0x8000000) syz_io_uring_submit(r9, r7, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x0, 0x0}, 0x80000001) r10 = socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r2, r7, &(0x7f0000000140)=@IORING_OP_ACCEPT={0xd, 0x0, 0x0, r10, &(0x7f00000000c0), 0x0, 0x0, 0x100000, 0x1}, 0x6) 04:08:18 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:08:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 78) 04:08:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf0b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2425.922692] FAULT_INJECTION: forcing a failure. [ 2425.922692] name failslab, interval 1, probability 0, space 0, times 0 [ 2425.924087] CPU: 1 PID: 61773 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2425.924885] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2425.925820] Call Trace: [ 2425.926128] dump_stack+0x107/0x167 [ 2425.926539] should_fail.cold+0x5/0xa [ 2425.926971] ? create_object.isra.0+0x3a/0xa30 [ 2425.927486] should_failslab+0x5/0x20 [ 2425.927919] kmem_cache_alloc+0x5b/0x310 [ 2425.928389] ? __lockdep_reset_lock+0x180/0x180 [ 2425.928929] create_object.isra.0+0x3a/0xa30 [ 2425.929429] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2425.930007] kmem_cache_alloc+0x159/0x310 [ 2425.930483] __kernfs_new_node+0xd4/0x860 [ 2425.930951] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2425.931491] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2425.932041] ? wait_for_completion_io+0x270/0x270 [ 2425.932594] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2425.933192] kernfs_new_node+0x18d/0x250 [ 2425.933654] __kernfs_create_file+0x51/0x350 [ 2425.934152] sysfs_add_file_mode_ns+0x221/0x560 [ 2425.934684] internal_create_group+0x324/0xb30 [ 2425.935205] ? sysfs_remove_group+0x170/0x170 [ 2425.935707] ? kernfs_name_hash+0xe7/0x110 [ 2425.936188] ? kernfs_find_ns+0x256/0x380 [ 2425.936673] sysfs_slab_add+0x188/0x200 [ 2425.937123] __kmem_cache_create+0x3db/0x520 [ 2425.937625] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2425.938194] p9_client_create+0xc6a/0x1230 [ 2425.938675] ? p9_client_flush+0x430/0x430 [ 2425.939157] ? trace_hardirqs_on+0x5b/0x180 [ 2425.939648] ? lockdep_init_map_type+0x2c7/0x780 [ 2425.940187] ? __raw_spin_lock_init+0x36/0x110 [ 2425.940722] v9fs_session_init+0x1dd/0x1680 [ 2425.941210] ? lock_release+0x680/0x680 [ 2425.941670] ? kmem_cache_alloc_trace+0x151/0x320 [ 2425.942211] ? v9fs_show_options+0x690/0x690 [ 2425.942717] ? trace_hardirqs_on+0x5b/0x180 [ 2425.943212] ? kasan_unpoison_shadow+0x33/0x50 [ 2425.943731] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2425.944313] v9fs_mount+0x79/0x8f0 [ 2425.944725] ? v9fs_write_inode+0x60/0x60 [ 2425.945198] legacy_get_tree+0x105/0x220 [ 2425.945661] vfs_get_tree+0x8e/0x300 [ 2425.946084] path_mount+0x14ab/0x2200 [ 2425.946521] ? strncpy_from_user+0x9e/0x470 [ 2425.947009] ? finish_automount+0xa90/0xa90 [ 2425.947498] ? getname_flags.part.0+0x1dd/0x4f0 [ 2425.948026] ? _copy_from_user+0xfb/0x1b0 [ 2425.948507] __x64_sys_mount+0x282/0x300 [ 2425.948967] ? copy_mnt_ns+0xa00/0xa00 [ 2425.949409] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2425.950001] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2425.950591] do_syscall_64+0x33/0x40 [ 2425.951012] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2425.951592] RIP: 0033:0x7f4689135b19 [ 2425.952013] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2425.954107] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2425.954973] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2425.955783] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2425.956595] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2425.957408] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2425.958213] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:08:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb909, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:08:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf1b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 79) 04:08:18 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x100000000000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffd}, 0x0, 0x0, 0x9, 0x7}, 0x0, 0xfffffffffffffffb, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private2, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000400)=ANY=[@ANYBLOB="05000000000000000a004e23e79b95b631492649f705750000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030021908d881173af84ae00ffff00000000000000000000800000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda017ddb1a00631c1a4256324e9e328633860e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000008000000000000000000000000000000000007db2f000601000000e855abc0a2aaa1163f83e590ceef9b5030a5f77ef63d151dd16659253103a91f96b5fc8030e72b306b69e44df0da80577b557853a97302000000d69df40a80ee527ac563dde68e3c7d9b00000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a815ace84ee5ac698bd40e350fa29c619cec36bebafb646348e3488b510c5d781c574270f88f18bfd2d242e4", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:08:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe3b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2426.125096] FAULT_INJECTION: forcing a failure. [ 2426.125096] name failslab, interval 1, probability 0, space 0, times 0 [ 2426.126436] CPU: 1 PID: 62160 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2426.127217] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2426.128160] Call Trace: [ 2426.128468] dump_stack+0x107/0x167 [ 2426.128893] should_fail.cold+0x5/0xa [ 2426.129329] ? __kernfs_new_node+0xd4/0x860 [ 2426.129827] should_failslab+0x5/0x20 [ 2426.130266] kmem_cache_alloc+0x5b/0x310 [ 2426.130739] __kernfs_new_node+0xd4/0x860 [ 2426.131212] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2426.131767] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2426.132318] ? wait_for_completion_io+0x270/0x270 [ 2426.132882] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2426.133480] kernfs_new_node+0x18d/0x250 [ 2426.133946] __kernfs_create_file+0x51/0x350 [ 2426.134448] sysfs_add_file_mode_ns+0x221/0x560 [ 2426.134983] internal_create_group+0x324/0xb30 [ 2426.135508] ? sysfs_remove_group+0x170/0x170 [ 2426.136017] ? kernfs_name_hash+0xe7/0x110 [ 2426.136506] ? kernfs_find_ns+0x256/0x380 [ 2426.136983] sysfs_slab_add+0x188/0x200 [ 2426.137439] __kmem_cache_create+0x3db/0x520 [ 2426.137953] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2426.138533] p9_client_create+0xc6a/0x1230 [ 2426.139023] ? p9_client_flush+0x430/0x430 [ 2426.139515] ? trace_hardirqs_on+0x5b/0x180 [ 2426.140010] ? lockdep_init_map_type+0x2c7/0x780 [ 2426.140562] ? __raw_spin_lock_init+0x36/0x110 [ 2426.141094] v9fs_session_init+0x1dd/0x1680 [ 2426.141587] ? lock_release+0x680/0x680 [ 2426.142048] ? kmem_cache_alloc_trace+0x151/0x320 [ 2426.142597] ? v9fs_show_options+0x690/0x690 [ 2426.143109] ? trace_hardirqs_on+0x5b/0x180 [ 2426.143604] ? kasan_unpoison_shadow+0x33/0x50 [ 2426.144123] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2426.144711] v9fs_mount+0x79/0x8f0 [ 2426.145119] ? v9fs_write_inode+0x60/0x60 [ 2426.145596] legacy_get_tree+0x105/0x220 [ 2426.146065] vfs_get_tree+0x8e/0x300 [ 2426.146494] path_mount+0x14ab/0x2200 [ 2426.146934] ? strncpy_from_user+0x9e/0x470 [ 2426.147426] ? finish_automount+0xa90/0xa90 [ 2426.147918] ? getname_flags.part.0+0x1dd/0x4f0 [ 2426.148449] ? _copy_from_user+0xfb/0x1b0 [ 2426.148935] __x64_sys_mount+0x282/0x300 [ 2426.149399] ? copy_mnt_ns+0xa00/0xa00 [ 2426.149844] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2426.150449] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2426.151047] do_syscall_64+0x33/0x40 [ 2426.151480] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2426.152066] RIP: 0033:0x7f4689135b19 [ 2426.152508] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2426.154608] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2426.155477] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2426.156292] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2426.157116] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2426.157934] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2426.158751] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:08:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90a, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:08:18 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYRES16, @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2426.269930] kmem_cache_create(9p-fcall-cache-426) failed with error -12 [ 2426.271566] CPU: 0 PID: 62160 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2426.273140] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2426.275027] Call Trace: [ 2426.275631] dump_stack+0x107/0x167 [ 2426.276468] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2426.277674] p9_client_create+0xc6a/0x1230 [ 2426.278641] ? p9_client_flush+0x430/0x430 [ 2426.279607] ? trace_hardirqs_on+0x5b/0x180 [ 2426.280603] ? lockdep_init_map_type+0x2c7/0x780 [ 2426.281679] ? __raw_spin_lock_init+0x36/0x110 [ 2426.282728] v9fs_session_init+0x1dd/0x1680 [ 2426.283706] ? lock_release+0x680/0x680 [ 2426.284634] ? kmem_cache_alloc_trace+0x151/0x320 [ 2426.285718] ? v9fs_show_options+0x690/0x690 [ 2426.286726] ? trace_hardirqs_on+0x5b/0x180 [ 2426.287710] ? kasan_unpoison_shadow+0x33/0x50 [ 2426.288747] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2426.289894] v9fs_mount+0x79/0x8f0 [ 2426.290698] ? v9fs_write_inode+0x60/0x60 [ 2426.291629] legacy_get_tree+0x105/0x220 [ 2426.292559] vfs_get_tree+0x8e/0x300 [ 2426.293403] path_mount+0x14ab/0x2200 [ 2426.294264] ? strncpy_from_user+0x9e/0x470 [ 2426.295239] ? finish_automount+0xa90/0xa90 [ 2426.296214] ? getname_flags.part.0+0x1dd/0x4f0 [ 2426.297273] ? _copy_from_user+0xfb/0x1b0 [ 2426.298218] __x64_sys_mount+0x282/0x300 [ 2426.299133] ? copy_mnt_ns+0xa00/0xa00 [ 2426.300022] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2426.301212] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2426.302380] do_syscall_64+0x33/0x40 [ 2426.303223] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2426.304383] RIP: 0033:0x7f4689135b19 [ 2426.305236] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2426.309391] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2426.311110] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2426.312724] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2426.314342] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2426.315947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2426.317568] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2439.342685] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:08:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90b, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:08:40 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf2b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x2000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:08:40 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe4b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0xa42, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) sendfile(r1, r0, 0x0, 0xd3) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) openat$full(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) 04:08:40 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x9) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000e80000f7faffffff00000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000003000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000008000000f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e14ca19b8f3b12d4cefb26b05ba22a753409a7ae7d4997384a124256276a7f04ce3253cfe61ccf4264de55ab01091442b1be79508b141d3ceb8167b07fb295ef72aae61a320a05ea613c1bfcd4b59e3248825d960287634297490dc51df5a66dd6259fc62c1f0e0e87921f7609a4ca761deabd5abcb17ffb5f03661cb6b884b03ebe260be93cadcde22fefdfe2b46c183d19a95bc80fc183e8bd96b38080a7a9b18e887222aec7e8565f89d96780c551d1a9a156e21cee9136301ea5d57fd85c4885e540bf44a18a6485f0a2694c12cb73f7864253946851404f471248b1d3a0b8f4680d815d9877e86710052a643662b09fdfee84e4de3fa7c6bb88000000000000", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:08:40 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 80) 04:08:40 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x4000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000140)=ANY=[@ANYBLOB="01000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000000000002e2f66696c613046be5570d64659821300"]) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2447.516031] FAULT_INJECTION: forcing a failure. [ 2447.516031] name failslab, interval 1, probability 0, space 0, times 0 [ 2447.518642] CPU: 1 PID: 62635 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2447.520115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2447.521867] Call Trace: [ 2447.522444] dump_stack+0x107/0x167 [ 2447.523232] should_fail.cold+0x5/0xa [ 2447.524055] ? create_object.isra.0+0x3a/0xa30 [ 2447.525031] should_failslab+0x5/0x20 [ 2447.525837] kmem_cache_alloc+0x5b/0x310 [ 2447.526705] ? __lockdep_reset_lock+0x180/0x180 [ 2447.527688] create_object.isra.0+0x3a/0xa30 [ 2447.528622] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2447.529729] kmem_cache_alloc+0x159/0x310 [ 2447.530612] __kernfs_new_node+0xd4/0x860 [ 2447.531516] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2447.532534] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2447.533582] ? wait_for_completion_io+0x270/0x270 [ 2447.534596] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2447.535708] kernfs_new_node+0x18d/0x250 [ 2447.536578] __kernfs_create_file+0x51/0x350 [ 2447.537535] sysfs_add_file_mode_ns+0x221/0x560 [ 2447.538534] internal_create_group+0x324/0xb30 [ 2447.539524] ? sysfs_remove_group+0x170/0x170 [ 2447.540507] ? kernfs_name_hash+0xe7/0x110 [ 2447.541418] ? kernfs_find_ns+0x256/0x380 [ 2447.542345] sysfs_slab_add+0x188/0x200 [ 2447.543189] __kmem_cache_create+0x3db/0x520 [ 2447.544121] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2447.545188] p9_client_create+0xc6a/0x1230 [ 2447.546100] ? p9_client_flush+0x430/0x430 [ 2447.546992] ? trace_hardirqs_on+0x5b/0x180 [ 2447.547906] ? lockdep_init_map_type+0x2c7/0x780 [ 2447.548906] ? __raw_spin_lock_init+0x36/0x110 [ 2447.549881] v9fs_session_init+0x1dd/0x1680 [ 2447.550789] ? lock_release+0x680/0x680 [ 2447.551637] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2447.552775] ? trace_hardirqs_on+0x5b/0x180 [ 2447.553699] ? v9fs_show_options+0x690/0x690 [ 2447.554651] ? _raw_spin_unlock_irqrestore+0x25/0x40 [ 2447.555733] ? kasan_unpoison_shadow+0x33/0x50 [ 2447.556695] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2447.557772] v9fs_mount+0x79/0x8f0 [ 2447.558535] ? v9fs_write_inode+0x60/0x60 [ 2447.559418] legacy_get_tree+0x105/0x220 [ 2447.560278] vfs_get_tree+0x8e/0x300 [ 2447.561082] path_mount+0x14ab/0x2200 [ 2447.561900] ? strncpy_from_user+0x9e/0x470 [ 2447.562804] ? finish_automount+0xa90/0xa90 [ 2447.563721] ? getname_flags.part.0+0x1dd/0x4f0 [ 2447.564695] ? _copy_from_user+0xfb/0x1b0 [ 2447.565590] __x64_sys_mount+0x282/0x300 [ 2447.566440] ? copy_mnt_ns+0xa00/0xa00 [ 2447.567275] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2447.568384] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2447.569480] do_syscall_64+0x33/0x40 [ 2447.570268] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2447.571369] RIP: 0033:0x7f4689135b19 [ 2447.572153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2447.576045] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2447.577671] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2447.579188] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2447.580707] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2447.582218] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2447.583725] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:08:40 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe5b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf3b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) ftruncate(r0, 0x80) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90c, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:08:40 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_config_ext={0x6, 0x7}, 0x2, 0xa0, 0x0, 0x7, 0x1, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x2) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f10900000004000000000000c143a6967a07abd7ae1918eef200000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@remote, 0x4000000, r10}) [ 2447.879459] 9pnet: Insufficient options for proto=fd 04:08:40 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r3, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x2004, @fd, 0x1, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:08:40 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 81) 04:08:40 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x3000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:08:40 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe6b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf4b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:08:40 executing program 4: syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000009000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc02000000000000000000000000e200030000ffff0000000000000000000000000000000000000000f1ff0080000000000000000000000000000000000000000000000000000000000000800000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f109000000040000000000000000000000000000000000000000ff00000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a42120010000000000000a93f23ea05419f9483b9ffbe1497570069a3d0e198ab5c12c4", @ANYRESHEX], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) [ 2448.067166] FAULT_INJECTION: forcing a failure. [ 2448.067166] name failslab, interval 1, probability 0, space 0, times 0 [ 2448.069509] CPU: 0 PID: 63551 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2448.070824] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2448.072428] Call Trace: [ 2448.072950] dump_stack+0x107/0x167 [ 2448.073657] should_fail.cold+0x5/0xa [ 2448.074389] ? __kernfs_new_node+0xd4/0x860 [ 2448.075223] should_failslab+0x5/0x20 [ 2448.075956] kmem_cache_alloc+0x5b/0x310 [ 2448.076737] __kernfs_new_node+0xd4/0x860 [ 2448.077554] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2448.078480] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2448.079420] ? wait_for_completion_io+0x270/0x270 [ 2448.080372] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2448.081398] kernfs_new_node+0x18d/0x250 [ 2448.082191] __kernfs_create_file+0x51/0x350 [ 2448.083030] sysfs_add_file_mode_ns+0x221/0x560 [ 2448.083928] internal_create_group+0x324/0xb30 [ 2448.084815] ? sysfs_remove_group+0x170/0x170 [ 2448.085659] ? kernfs_name_hash+0xe7/0x110 [ 2448.086472] ? kernfs_find_ns+0x256/0x380 [ 2448.087273] sysfs_slab_add+0x188/0x200 [ 2448.088023] __kmem_cache_create+0x3db/0x520 [ 2448.088883] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2448.089833] p9_client_create+0xc6a/0x1230 [ 2448.090651] ? p9_client_flush+0x430/0x430 [ 2448.091452] ? trace_hardirqs_on+0x5b/0x180 [ 2448.092284] ? lockdep_init_map_type+0x2c7/0x780 [ 2448.093201] ? __raw_spin_lock_init+0x36/0x110 [ 2448.094083] v9fs_session_init+0x1dd/0x1680 [ 2448.094900] ? lock_release+0x680/0x680 [ 2448.095669] ? kmem_cache_alloc_trace+0x151/0x320 [ 2448.096588] ? v9fs_show_options+0x690/0x690 [ 2448.097457] ? trace_hardirqs_on+0x5b/0x180 [ 2448.098282] ? kasan_unpoison_shadow+0x33/0x50 [ 2448.099154] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2448.100126] v9fs_mount+0x79/0x8f0 [ 2448.100815] ? v9fs_write_inode+0x60/0x60 [ 2448.101600] legacy_get_tree+0x105/0x220 [ 2448.102394] vfs_get_tree+0x8e/0x300 [ 2448.103107] path_mount+0x14ab/0x2200 [ 2448.103832] ? strncpy_from_user+0x9e/0x470 [ 2448.104652] ? finish_automount+0xa90/0xa90 [ 2448.105477] ? getname_flags.part.0+0x1dd/0x4f0 [ 2448.106354] ? _copy_from_user+0xfb/0x1b0 [ 2448.107150] __x64_sys_mount+0x282/0x300 [ 2448.107920] ? copy_mnt_ns+0xa00/0xa00 [ 2448.108655] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2448.109644] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2448.110619] do_syscall_64+0x33/0x40 [ 2448.111335] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2448.112306] RIP: 0033:0x7f4689135b19 [ 2448.113014] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2448.116460] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2448.117901] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2448.119246] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2448.120578] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2448.121933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2448.123293] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2448.164318] kmem_cache_create(9p-fcall-cache-429) failed with error -12 [ 2448.165667] CPU: 0 PID: 63551 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2448.166948] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2448.168480] Call Trace: [ 2448.168976] dump_stack+0x107/0x167 [ 2448.169649] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2448.170606] p9_client_create+0xc6a/0x1230 [ 2448.171379] ? p9_client_flush+0x430/0x430 [ 2448.172141] ? trace_hardirqs_on+0x5b/0x180 [ 2448.172938] ? lockdep_init_map_type+0x2c7/0x780 [ 2448.173795] ? __raw_spin_lock_init+0x36/0x110 [ 2448.174639] v9fs_session_init+0x1dd/0x1680 [ 2448.175427] ? lock_release+0x680/0x680 [ 2448.176154] ? kmem_cache_alloc_trace+0x151/0x320 [ 2448.177039] ? v9fs_show_options+0x690/0x690 [ 2448.177845] ? trace_hardirqs_on+0x5b/0x180 [ 2448.178637] ? kasan_unpoison_shadow+0x33/0x50 [ 2448.179460] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2448.180378] v9fs_mount+0x79/0x8f0 [ 2448.181033] ? v9fs_write_inode+0x60/0x60 [ 2448.181783] legacy_get_tree+0x105/0x220 [ 2448.182519] vfs_get_tree+0x8e/0x300 [ 2448.183191] path_mount+0x14ab/0x2200 [ 2448.183884] ? strncpy_from_user+0x9e/0x470 [ 2448.184666] ? finish_automount+0xa90/0xa90 [ 2448.185443] ? getname_flags.part.0+0x1dd/0x4f0 [ 2448.186285] ? _copy_from_user+0xfb/0x1b0 [ 2448.187034] __x64_sys_mount+0x282/0x300 [ 2448.187751] ? copy_mnt_ns+0xa00/0xa00 [ 2448.188450] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2448.189388] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2448.190313] do_syscall_64+0x33/0x40 [ 2448.190982] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2448.191894] RIP: 0033:0x7f4689135b19 [ 2448.192564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2448.195831] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2448.197201] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2448.198471] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2448.199747] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2448.201035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2448.202290] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2461.643546] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:09:02 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x4000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:09:02 executing program 4: r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:09:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe7b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:02 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90d, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:02 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf5b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:02 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:09:02 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 82) 04:09:02 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r0, 0xc018937b, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0, {0xffffffffffffffff, 0xffffffffffffffff}}, './file1\x00'}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000280)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r1}}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@hash}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, 'Aa\xd4\xe0\xcc\xeb\xf3\xe2O\xb1\xb3\xbe\x00.'}}, {@fowner_gt}]}}) [ 2469.650610] 9pnet: Insufficient options for proto=fd [ 2469.675150] FAULT_INJECTION: forcing a failure. [ 2469.675150] name failslab, interval 1, probability 0, space 0, times 0 [ 2469.677314] CPU: 0 PID: 63959 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2469.678605] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2469.680153] Call Trace: [ 2469.680650] dump_stack+0x107/0x167 [ 2469.681389] should_fail.cold+0x5/0xa [ 2469.682117] ? create_object.isra.0+0x3a/0xa30 [ 2469.682972] should_failslab+0x5/0x20 [ 2469.683690] kmem_cache_alloc+0x5b/0x310 [ 2469.684447] ? __lockdep_reset_lock+0x180/0x180 [ 2469.685345] create_object.isra.0+0x3a/0xa30 [ 2469.686160] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.687101] kmem_cache_alloc+0x159/0x310 [ 2469.687882] __kernfs_new_node+0xd4/0x860 [ 2469.688652] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2469.689561] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2469.690446] ? wait_for_completion_io+0x270/0x270 [ 2469.691322] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2469.692282] kernfs_new_node+0x18d/0x250 [ 2469.693042] __kernfs_create_file+0x51/0x350 [ 2469.693853] sysfs_add_file_mode_ns+0x221/0x560 [ 2469.694711] internal_create_group+0x324/0xb30 [ 2469.695548] ? sysfs_remove_group+0x170/0x170 [ 2469.696366] ? kernfs_name_hash+0xe7/0x110 [ 2469.697170] ? kernfs_find_ns+0x256/0x380 [ 2469.697940] sysfs_slab_add+0x188/0x200 [ 2469.698678] __kmem_cache_create+0x3db/0x520 [ 2469.699491] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2469.700409] p9_client_create+0xc6a/0x1230 [ 2469.701211] ? p9_client_flush+0x430/0x430 [ 2469.701998] ? trace_hardirqs_on+0x5b/0x180 [ 2469.702784] ? lockdep_init_map_type+0x2c7/0x780 [ 2469.703652] ? __raw_spin_lock_init+0x36/0x110 [ 2469.704501] v9fs_session_init+0x1dd/0x1680 [ 2469.705321] ? lock_release+0x680/0x680 [ 2469.706060] ? kmem_cache_alloc_trace+0x151/0x320 [ 2469.706945] ? v9fs_show_options+0x690/0x690 [ 2469.707758] ? trace_hardirqs_on+0x5b/0x180 [ 2469.708539] ? kasan_unpoison_shadow+0x33/0x50 [ 2469.709404] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2469.710329] v9fs_mount+0x79/0x8f0 [ 2469.710983] ? v9fs_write_inode+0x60/0x60 [ 2469.711736] legacy_get_tree+0x105/0x220 [ 2469.712486] vfs_get_tree+0x8e/0x300 [ 2469.713191] path_mount+0x14ab/0x2200 [ 2469.713889] ? strncpy_from_user+0x9e/0x470 [ 2469.714677] ? finish_automount+0xa90/0xa90 [ 2469.715460] ? getname_flags.part.0+0x1dd/0x4f0 [ 2469.716310] ? _copy_from_user+0xfb/0x1b0 [ 2469.717105] __x64_sys_mount+0x282/0x300 [ 2469.717848] ? copy_mnt_ns+0xa00/0xa00 [ 2469.718561] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2469.719516] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2469.720464] do_syscall_64+0x33/0x40 [ 2469.721180] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2469.722120] RIP: 0033:0x7f4689135b19 [ 2469.722810] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2469.726181] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2469.727566] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2469.728878] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2469.730207] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2469.731510] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2469.732814] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:09:02 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe8b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe9b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1810c0100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r0 = socket(0x26, 0x5, 0x1) r1 = syz_io_uring_setup(0x3875, &(0x7f00000001c0), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000040)=0x0, &(0x7f0000000100)=0x0) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r4, 0x0, &(0x7f0000001a40)={&(0x7f0000000300)=@ax25={{0x3, @default}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast]}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000480)="408e66a3496d07f362248be1a662ea139b8df570551d0914f8d0fb3db547c6fca94a4c19a676145ea6542f6ab013a04d8e3a844e8abb9b9278c35a909dd775dd8448dfc57a94aac0ff7794776f9fe78a25d71912de1dead26ef642c080767dccbd2c6658ba48bf3591920480140201e3b9cab54c98f9c50d3e5f467e0fe70cc59646f24c3c5e63fa1568950dbe52c0bb3f77f4158854105ce65d90df3bba19a9ba5a9dc45c2be1709414bca14f706f1ef972fa41f4fd77272a043b4bd77a77b24e3d6321a10688b14ae116a7697d", 0xce}], 0x1}, 0x0, 0x8abb4d2a8b028460}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x200000f, 0x4000010, r1, 0x8000000) syz_io_uring_submit(r5, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x2, 0x2000, @fd, 0x0, 0x0}, 0x80000001) syz_io_uring_submit(0x0, r3, &(0x7f0000000000)=@IORING_OP_POLL_REMOVE={0x7, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) close(r0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.-fowner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:09:18 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x5000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:09:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x2, 0x1e9}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) r4 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000300)=ANY=[@ANYBLOB="01000000010000001800000007688838e784c0b654a1564aa243103a4de5152a56d9e59a916971316b1892dcfe06b0a063e9f7f6f30f8788dfc6cc64376c8f780af460e65c934bb83ee82fbbf99a1e1570b1ea6beee91a41736cc93c405bde1d0733ae991d7277bf271dc1c8d18eccd28cafa51fd8fff4b4c747b9f429e1acdb0c6d7ac1f4febb7b5b996654bd4664662517e10497e1f27c84f73aed8bb50034a72dd956447f9e91b039e3dcc5cc9c47e961acbc4c1d7514e2add574f8b29fb1b9dff4773dbd60b6f76ea92883f8728ef5e567ba197ccd85d3d5b4708c4c88f73486793ad06d8cda20ba9f36cd", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r4, &(0x7f0000000100)={0x90002005}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:09:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90e, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf6b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca0000000000000000000000000000000000000000000000006281595928e4b8160000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2ef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:09:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 83) [ 2485.455129] FAULT_INJECTION: forcing a failure. [ 2485.455129] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.457743] CPU: 0 PID: 64576 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2485.459216] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.460966] Call Trace: [ 2485.461542] dump_stack+0x107/0x167 [ 2485.462325] should_fail.cold+0x5/0xa [ 2485.463144] ? __kernfs_new_node+0xd4/0x860 [ 2485.464061] should_failslab+0x5/0x20 [ 2485.464866] kmem_cache_alloc+0x5b/0x310 [ 2485.465748] __kernfs_new_node+0xd4/0x860 [ 2485.466632] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2485.467652] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2485.468673] ? wait_for_completion_io+0x270/0x270 [ 2485.469706] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2485.470831] kernfs_new_node+0x18d/0x250 [ 2485.471708] __kernfs_create_file+0x51/0x350 [ 2485.472647] sysfs_add_file_mode_ns+0x221/0x560 [ 2485.473655] internal_create_group+0x324/0xb30 [ 2485.474638] ? sysfs_remove_group+0x170/0x170 [ 2485.475587] ? kernfs_name_hash+0xe7/0x110 [ 2485.476480] ? kernfs_find_ns+0x256/0x380 [ 2485.477409] sysfs_slab_add+0x188/0x200 [ 2485.478255] __kmem_cache_create+0x3db/0x520 [ 2485.479189] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2485.480256] p9_client_create+0xc6a/0x1230 [ 2485.481158] ? p9_client_flush+0x430/0x430 [ 2485.482066] ? trace_hardirqs_on+0x5b/0x180 [ 2485.482979] ? lockdep_init_map_type+0x2c7/0x780 [ 2485.483978] ? __raw_spin_lock_init+0x36/0x110 [ 2485.484955] v9fs_session_init+0x1dd/0x1680 [ 2485.485879] ? lock_release+0x680/0x680 [ 2485.486737] ? kmem_cache_alloc_trace+0x151/0x320 [ 2485.487747] ? v9fs_show_options+0x690/0x690 [ 2485.488693] ? trace_hardirqs_on+0x5b/0x180 [ 2485.489622] ? kasan_unpoison_shadow+0x33/0x50 [ 2485.490591] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.491664] v9fs_mount+0x79/0x8f0 [ 2485.492415] ? v9fs_write_inode+0x60/0x60 [ 2485.493309] legacy_get_tree+0x105/0x220 [ 2485.494176] vfs_get_tree+0x8e/0x300 [ 2485.494962] path_mount+0x14ab/0x2200 [ 2485.495776] ? strncpy_from_user+0x9e/0x470 [ 2485.496686] ? finish_automount+0xa90/0xa90 [ 2485.497608] ? getname_flags.part.0+0x1dd/0x4f0 [ 2485.498586] ? _copy_from_user+0xfb/0x1b0 [ 2485.499485] __x64_sys_mount+0x282/0x300 [ 2485.500344] ? copy_mnt_ns+0xa00/0xa00 [ 2485.501180] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.502299] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.503399] do_syscall_64+0x33/0x40 [ 2485.504187] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.505282] RIP: 0033:0x7f4689135b19 [ 2485.506067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.509940] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2485.511540] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2485.513046] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2485.514555] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2485.516064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2485.517576] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2485.622695] kmem_cache_create(9p-fcall-cache-434) failed with error -12 [ 2485.624292] CPU: 0 PID: 64576 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2485.625753] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.627490] Call Trace: [ 2485.628055] dump_stack+0x107/0x167 [ 2485.628828] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2485.630055] p9_client_create+0xc6a/0x1230 [ 2485.630955] ? p9_client_flush+0x430/0x430 [ 2485.631850] ? trace_hardirqs_on+0x5b/0x180 [ 2485.632765] ? lockdep_init_map_type+0x2c7/0x780 [ 2485.633778] ? __raw_spin_lock_init+0x36/0x110 [ 2485.634738] v9fs_session_init+0x1dd/0x1680 [ 2485.635652] ? lock_release+0x680/0x680 [ 2485.636503] ? kmem_cache_alloc_trace+0x151/0x320 [ 2485.637546] ? v9fs_show_options+0x690/0x690 [ 2485.638480] ? trace_hardirqs_on+0x5b/0x180 [ 2485.639392] ? kasan_unpoison_shadow+0x33/0x50 [ 2485.640355] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.641437] v9fs_mount+0x79/0x8f0 [ 2485.642187] ? v9fs_write_inode+0x60/0x60 [ 2485.643057] legacy_get_tree+0x105/0x220 [ 2485.643911] vfs_get_tree+0x8e/0x300 [ 2485.644691] path_mount+0x14ab/0x2200 [ 2485.645513] ? strncpy_from_user+0x9e/0x470 [ 2485.646424] ? finish_automount+0xa90/0xa90 [ 2485.647331] ? getname_flags.part.0+0x1dd/0x4f0 [ 2485.648321] ? _copy_from_user+0xfb/0x1b0 [ 2485.649212] __x64_sys_mount+0x282/0x300 [ 2485.650070] ? copy_mnt_ns+0xa00/0xa00 [ 2485.650897] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2485.652003] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2485.653092] do_syscall_64+0x33/0x40 [ 2485.653885] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2485.654957] RIP: 0033:0x7f4689135b19 [ 2485.655744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2485.659635] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2485.661249] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2485.662753] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2485.664255] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2485.665769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2485.667265] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:09:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb90f, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf7b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeab4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000080)={0x1000}) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) mount$9p_fd(0x0, &(0x7f0000000140)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='transno=\x00\x00\x00\x00\x00\x00\x00', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYRESDEC=r2, @ANYRESDEC, @ANYBLOB=',hash~ner>', @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:09:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0x0, 0x20}, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = open(&(0x7f0000000140)='./file0\x00', 0x28000, 0x88) getpeername$inet6(r3, &(0x7f0000000180)={0xa, 0x0, 0x0, @mcast1}, &(0x7f0000000240)=0x1c) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_MRT6_DEL_MFC_PROXY(r5, 0x29, 0xd3, &(0x7f0000000300)={{0xa, 0x4e23, 0x2, @loopback, 0x9}, {0xa, 0x4e22, 0x6, @private1, 0xcc82}, 0x7fff, [0x3, 0x5501, 0x7, 0x763b2ef0, 0x3, 0x8, 0x99, 0xcf2]}, 0x5c) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r6, 0x3648, 0xb23e, 0x1, 0x0, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x4, 0x4000010, 0xffffffffffffffff, 0x9b4ab000) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:09:18 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r7 = dup(r2) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:09:18 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb910, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:18 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 84) 04:09:18 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x6000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2485.973653] FAULT_INJECTION: forcing a failure. [ 2485.973653] name failslab, interval 1, probability 0, space 0, times 0 [ 2485.975925] CPU: 1 PID: 65432 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2485.977241] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2485.978787] Call Trace: [ 2485.979282] dump_stack+0x107/0x167 [ 2485.979958] should_fail.cold+0x5/0xa [ 2485.980659] ? create_object.isra.0+0x3a/0xa30 [ 2485.981507] should_failslab+0x5/0x20 [ 2485.982209] kmem_cache_alloc+0x5b/0x310 [ 2485.982964] ? __lockdep_reset_lock+0x180/0x180 [ 2485.983835] create_object.isra.0+0x3a/0xa30 [ 2485.984642] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2485.985590] kmem_cache_alloc+0x159/0x310 [ 2485.986357] __kernfs_new_node+0xd4/0x860 [ 2485.987128] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2485.988002] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2485.988888] ? wait_for_completion_io+0x270/0x270 [ 2485.989790] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2485.990770] kernfs_new_node+0x18d/0x250 [ 2485.991533] __kernfs_create_file+0x51/0x350 [ 2485.992355] sysfs_add_file_mode_ns+0x221/0x560 [ 2485.993228] internal_create_group+0x324/0xb30 [ 2485.994074] ? sysfs_remove_group+0x170/0x170 [ 2485.994898] ? kernfs_name_hash+0xe7/0x110 [ 2485.995690] ? kernfs_find_ns+0x256/0x380 [ 2485.996462] sysfs_slab_add+0x188/0x200 [ 2485.997212] __kmem_cache_create+0x3db/0x520 [ 2485.998026] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2485.998945] p9_client_create+0xc6a/0x1230 [ 2485.999732] ? p9_client_flush+0x430/0x430 [ 2486.000513] ? trace_hardirqs_on+0x5b/0x180 [ 2486.001317] ? lockdep_init_map_type+0x2c7/0x780 [ 2486.002186] ? __raw_spin_lock_init+0x36/0x110 [ 2486.003034] v9fs_session_init+0x1dd/0x1680 [ 2486.003818] ? lock_release+0x680/0x680 [ 2486.004547] ? kmem_cache_alloc_trace+0x151/0x320 [ 2486.005439] ? v9fs_show_options+0x690/0x690 [ 2486.006255] ? trace_hardirqs_on+0x5b/0x180 [ 2486.007041] ? kasan_unpoison_shadow+0x33/0x50 [ 2486.007880] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2486.008811] v9fs_mount+0x79/0x8f0 [ 2486.009478] ? v9fs_write_inode+0x60/0x60 [ 2486.010235] legacy_get_tree+0x105/0x220 [ 2486.010973] vfs_get_tree+0x8e/0x300 [ 2486.011660] path_mount+0x14ab/0x2200 [ 2486.012358] ? strncpy_from_user+0x9e/0x470 [ 2486.013140] ? finish_automount+0xa90/0xa90 [ 2486.013927] ? getname_flags.part.0+0x1dd/0x4f0 [ 2486.014778] ? _copy_from_user+0xfb/0x1b0 [ 2486.015550] __x64_sys_mount+0x282/0x300 [ 2486.016286] ? copy_mnt_ns+0xa00/0xa00 [ 2486.016997] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2486.017963] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2486.018897] do_syscall_64+0x33/0x40 [ 2486.019564] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2486.020484] RIP: 0033:0x7f4689135b19 [ 2486.021150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2486.024448] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2486.025824] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2486.027103] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2486.028375] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2486.029661] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2486.030947] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:09:18 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf8b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080)={0x0, 0xffffffff, 0x20, 0x8003}, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000640)=ANY=[@ANYBLOB="010000001200000018000000a34853becec0ab133a4813d0f2612ec1f3d693daf988bd64d5e99057a5ca6c5ea560aeceda9e8ba6ddef291d6f27f2fd06292a934e54bcf10d6796e197493adda807b0f0a8f2acf14a69ba3e4162e510e5931c17594b2aba6931559ebd68a9b829e36aeb4bf2e3a5fbf5d4f6aaab9c623ae3cde3efa78f4eb87052b2744ea729134c739d732b", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00002e00000000402e2f66696c6530aa5c69391666ae13e42d44281d790082807ffae97c4cf8d1fdae409c1d95e1de4a5dcb95c030e0ef2845d7cc9a0f464bfd4c99fcfced6d8474d7307348c735d9d4ec1de69572bdc04e3701f3a8b52283039522325c98d1d1e9b54fc5c8e0e4b44e0d1a9a9ba7d5b4004bf7b24430a7c15a525c4ea288a1a576913fcb428940dd8ecd32b71b8a2c365bb130"]) r5 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r5, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r5, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r5, 0x6609) ioctl$AUTOFS_IOC_EXPIRE(r5, 0x810c9365, &(0x7f0000000300)={{0x8, 0xfef}, 0x100, './file0\x00'}) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:09:18 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xebb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:18 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) openat(r0, &(0x7f0000000000)='./file1\x00', 0x900, 0x18) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2486.183735] 9pnet: Insufficient options for proto=fd [ 2500.363582] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:09:42 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf9b2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:42 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'caif0\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:09:42 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x7000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:09:42 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 85) 04:09:42 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x4, 0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c66736e65723e5e1906f8937868c6a6b21d7fe19fbe81e0a81b009d9855fbc2556097daf3412b3ddf9725cd239f8bb7fe5ed6dd16c9c3ae864896facb55c0ccd7c19a7e661217eee048cbe5e9ee66babd68f3c949581eafaaf6d351b36ef942031c92b958a4677dc373ed01d990a24fd0001db02f4349762a0bc97b6c", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:09:42 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xecb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) connect$inet(r3, &(0x7f0000000140)={0x2, 0x4e22, @loopback}, 0x10) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:09:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe2b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2509.484994] FAULT_INJECTION: forcing a failure. [ 2509.484994] name failslab, interval 1, probability 0, space 0, times 0 [ 2509.487618] CPU: 1 PID: 66024 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2509.489115] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2509.490929] Call Trace: [ 2509.491506] dump_stack+0x107/0x167 [ 2509.492299] should_fail.cold+0x5/0xa [ 2509.493125] ? __kernfs_new_node+0xd4/0x860 [ 2509.494066] should_failslab+0x5/0x20 [ 2509.494893] kmem_cache_alloc+0x5b/0x310 [ 2509.495768] __kernfs_new_node+0xd4/0x860 [ 2509.496662] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2509.497693] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2509.498741] ? wait_for_completion_io+0x270/0x270 [ 2509.499776] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2509.500910] kernfs_new_node+0x18d/0x250 [ 2509.501794] __kernfs_create_file+0x51/0x350 [ 2509.502742] sysfs_add_file_mode_ns+0x221/0x560 [ 2509.503726] internal_create_group+0x324/0xb30 [ 2509.504696] ? sysfs_remove_group+0x170/0x170 [ 2509.505658] ? kernfs_name_hash+0xe7/0x110 [ 2509.506582] ? kernfs_find_ns+0x256/0x380 [ 2509.507481] sysfs_slab_add+0x188/0x200 [ 2509.508335] __kmem_cache_create+0x3db/0x520 [ 2509.509282] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2509.510363] p9_client_create+0xc6a/0x1230 [ 2509.511272] ? p9_client_flush+0x430/0x430 [ 2509.512178] ? trace_hardirqs_on+0x5b/0x180 [ 2509.513106] ? lockdep_init_map_type+0x2c7/0x780 [ 2509.514138] ? __raw_spin_lock_init+0x36/0x110 [ 2509.515120] v9fs_session_init+0x1dd/0x1680 [ 2509.516044] ? lock_release+0x680/0x680 [ 2509.516918] ? kmem_cache_alloc_trace+0x151/0x320 [ 2509.517978] ? v9fs_show_options+0x690/0x690 [ 2509.518914] ? trace_hardirqs_on+0x5b/0x180 [ 2509.519840] ? kasan_unpoison_shadow+0x33/0x50 [ 2509.520814] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2509.521923] v9fs_mount+0x79/0x8f0 [ 2509.522688] ? v9fs_write_inode+0x60/0x60 [ 2509.523575] legacy_get_tree+0x105/0x220 [ 2509.524456] vfs_get_tree+0x8e/0x300 [ 2509.525252] path_mount+0x14ab/0x2200 [ 2509.526078] ? strncpy_from_user+0x9e/0x470 [ 2509.526998] ? finish_automount+0xa90/0xa90 [ 2509.527941] ? getname_flags.part.0+0x1dd/0x4f0 [ 2509.528940] ? _copy_from_user+0xfb/0x1b0 [ 2509.529848] __x64_sys_mount+0x282/0x300 [ 2509.530716] ? copy_mnt_ns+0xa00/0xa00 [ 2509.531560] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2509.532684] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2509.533829] do_syscall_64+0x33/0x40 [ 2509.534623] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2509.535712] RIP: 0033:0x7f4689135b19 [ 2509.536502] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2509.540410] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2509.542032] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2509.543526] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2509.545013] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2509.546508] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2509.548006] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2509.561087] 9pnet: Insufficient options for proto=fd [ 2509.648186] kmem_cache_create(9p-fcall-cache-437) failed with error -12 [ 2509.649690] CPU: 1 PID: 66024 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2509.651144] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2509.652882] Call Trace: [ 2509.653451] dump_stack+0x107/0x167 [ 2509.654229] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2509.655329] p9_client_create+0xc6a/0x1230 [ 2509.656224] ? p9_client_flush+0x430/0x430 [ 2509.657111] ? trace_hardirqs_on+0x5b/0x180 [ 2509.658038] ? lockdep_init_map_type+0x2c7/0x780 [ 2509.659057] ? __raw_spin_lock_init+0x36/0x110 [ 2509.660033] v9fs_session_init+0x1dd/0x1680 [ 2509.660953] ? lock_release+0x680/0x680 [ 2509.661816] ? kmem_cache_alloc_trace+0x151/0x320 [ 2509.662830] ? v9fs_show_options+0x690/0x690 [ 2509.663762] ? trace_hardirqs_on+0x5b/0x180 [ 2509.664669] ? kasan_unpoison_shadow+0x33/0x50 [ 2509.665650] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2509.666713] v9fs_mount+0x79/0x8f0 [ 2509.667465] ? v9fs_write_inode+0x60/0x60 [ 2509.668334] legacy_get_tree+0x105/0x220 [ 2509.669191] vfs_get_tree+0x8e/0x300 [ 2509.669985] path_mount+0x14ab/0x2200 [ 2509.670788] ? strncpy_from_user+0x9e/0x470 [ 2509.671690] ? finish_automount+0xa90/0xa90 [ 2509.672606] ? getname_flags.part.0+0x1dd/0x4f0 [ 2509.673590] ? _copy_from_user+0xfb/0x1b0 [ 2509.674470] __x64_sys_mount+0x282/0x300 [ 2509.675330] ? copy_mnt_ns+0xa00/0xa00 [ 2509.676153] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2509.677257] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2509.678346] do_syscall_64+0x33/0x40 [ 2509.679122] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2509.680220] RIP: 0033:0x7f4689135b19 [ 2509.681046] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2509.684939] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2509.686556] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2509.688244] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2509.689789] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2509.691310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2509.692817] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:09:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe3b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:42 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:42 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfab2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:09:42 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) openat$cgroup_procs(r0, &(0x7f0000000000)='cgroup.procs\x00', 0x2, 0x0) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB="2ce3a5d1356f3c56a255c92c1e579a318137b338ff6a7fc9991f36d3059c65d6f58cc768b588000000", @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB="1757d0c293800356dac7ee"]) 04:09:42 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x402, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000400000000000040000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea009e3007550000007ffc020000000000000000000000000001030000ffff0000000000eeffffffffffffff00000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc12cf9efd778c6fa052d1ca00000000000000000000000000000000000000960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37faed75000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a973020000000000e2ffb1d0a9b573bd056c5fba2856c4938e93e499ccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7b1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc396dd469521490dd0f61c75080110cef2462c936006c8dfff2f664af3fa515966ae50b2e6296bb831363098763ec7f8eeb3fffcb19e4816e5d25eb0e44ba1ba63f396beef430c8ba605415419d6b815672550c01ffeb548578b03c15e0e32abfae63b0fec0810018a3f872d004d38560e5d721e4b9344eb5f68d0e098ab66825f38764c70434c1d1e83453820379b4de51312bb48f65f64c354080982c62de375c2a709542f0eee797da3c6895440ee6e53e50c27e3b867765c2f4eb77ca58940caf7346f0cd312bfc40ab335dee7eafc2d0a125fe1f3e6a293b472cae00005687bf9c161e4a9f09ab9b7f59c07f396013a790113442f6cc694d2b780f364c61279572bd01548386247d6512dad622be9c09a4a2a70a4231da95428486da3cdf1c4d2d24e9ff708b92bdefc60a2216b305941ef971d63b1b4b2d5498d2d7f6a855426e57cc84fedbd64eb9abaea0909825f42fac7f9d1726be649c917981935bfa7ba5d7ff3441d93c5cba61be9cccf8336b70686c6e8f4ae530deb5751b59a3040ed524691898551798e57ec46322bc114685bf3f098e5f82feef15dc809594a6c806a8ebe35b4947f0738e82f720b8460c4d331e20580c92e17939f4061f2e6fdff964f80fa4a59b6ace1b6345801ec019985b7746d63bf70ea75f98420aa4af5173d98907d6c198f2eb97100000000000000000006110e9c4c5838f9c763aae69676616603baa25bfe37098e0fcf3f8e3d9851c032926916549f1d5a3f1b3482145f25d6449544782c5a358f478ec728079d2f57aa1da48e3db0c8895fb61fd78d9a9eaba53b4007c37d98007d25279bead7beb61c9d925e106f18e630fa918648afb1954dcea4e3100cc612cfe79747c54b3c683bf4edb0a8eb0716b4ed5a196a5b45a2d6393975f27d39d4e315bd0b7068e4e4bc219cb90010a3726b72061122813481aee9db3ae2621364056cde4e5c44e592df7ac99583f71c385b1c96ebe331548bf0fc9876feefad022f43b96b6bb93661b9e", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2509.924789] 9pnet: Insufficient options for proto=fd 04:09:42 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe4b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:09:42 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x8000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:09:42 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 86) 04:09:42 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r3, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r3, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r3, 0x6609) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd=r3, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000a44f13de05b1ba9122856cba8980000000422f66696c80c9f6"]) io_uring_enter(r5, 0xe6, 0xe280, 0x2, &(0x7f0000000140)={[0x762]}, 0x8) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) [ 2510.113008] FAULT_INJECTION: forcing a failure. [ 2510.113008] name failslab, interval 1, probability 0, space 0, times 0 [ 2510.115542] CPU: 1 PID: 67004 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2510.117014] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2510.118791] Call Trace: [ 2510.119359] dump_stack+0x107/0x167 [ 2510.120147] should_fail.cold+0x5/0xa [ 2510.120972] ? create_object.isra.0+0x3a/0xa30 [ 2510.121966] should_failslab+0x5/0x20 [ 2510.122781] kmem_cache_alloc+0x5b/0x310 [ 2510.123672] ? __lockdep_reset_lock+0x180/0x180 [ 2510.124664] create_object.isra.0+0x3a/0xa30 [ 2510.125606] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2510.126693] kmem_cache_alloc+0x159/0x310 [ 2510.127584] __kernfs_new_node+0xd4/0x860 [ 2510.128469] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2510.129500] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2510.130534] ? wait_for_completion_io+0x270/0x270 [ 2510.131562] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2510.132687] kernfs_new_node+0x18d/0x250 [ 2510.133566] __kernfs_create_file+0x51/0x350 [ 2510.134509] sysfs_add_file_mode_ns+0x221/0x560 [ 2510.135513] internal_create_group+0x324/0xb30 [ 2510.136485] ? sysfs_remove_group+0x170/0x170 [ 2510.137434] ? kernfs_name_hash+0xe7/0x110 [ 2510.138340] ? kernfs_find_ns+0x256/0x380 [ 2510.139235] sysfs_slab_add+0x188/0x200 [ 2510.140074] __kmem_cache_create+0x3db/0x520 [ 2510.141022] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2510.142116] p9_client_create+0xc6a/0x1230 [ 2510.143013] ? p9_client_flush+0x430/0x430 [ 2510.143906] ? trace_hardirqs_on+0x5b/0x180 [ 2510.144820] ? lockdep_init_map_type+0x2c7/0x780 [ 2510.145828] ? __raw_spin_lock_init+0x36/0x110 [ 2510.146800] v9fs_session_init+0x1dd/0x1680 [ 2510.147714] ? lock_release+0x680/0x680 [ 2510.148565] ? kmem_cache_alloc_trace+0x151/0x320 [ 2510.149586] ? v9fs_show_options+0x690/0x690 [ 2510.150522] ? trace_hardirqs_on+0x5b/0x180 [ 2510.151433] ? kasan_unpoison_shadow+0x33/0x50 [ 2510.152388] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2510.153470] v9fs_mount+0x79/0x8f0 [ 2510.154227] ? v9fs_write_inode+0x60/0x60 [ 2510.155098] legacy_get_tree+0x105/0x220 [ 2510.155961] vfs_get_tree+0x8e/0x300 [ 2510.156754] path_mount+0x14ab/0x2200 [ 2510.157565] ? strncpy_from_user+0x9e/0x470 [ 2510.158476] ? finish_automount+0xa90/0xa90 [ 2510.159387] ? getname_flags.part.0+0x1dd/0x4f0 [ 2510.160368] ? _copy_from_user+0xfb/0x1b0 [ 2510.161252] __x64_sys_mount+0x282/0x300 [ 2510.162115] ? copy_mnt_ns+0xa00/0xa00 [ 2510.162941] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2510.164047] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2510.165138] do_syscall_64+0x33/0x40 [ 2510.165933] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2510.167013] RIP: 0033:0x7f4689135b19 [ 2510.167795] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2510.171719] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2510.173367] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2510.174884] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2510.176392] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2510.177904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2510.179410] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2524.051079] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:10:05 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedc0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:05 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB="2c66686e616d653d2e2c666f576e65723e21adb61796e05251d06a13d7221ae3ed5654350bd94198b02516d40ce9a4e6ae83ec473b49b146a7371565cefe53c87245443ba911e5cd2a557c5dc919afc92fbbdfa53f1ce67a4ced0d91547880dab0bfcabc", @ANYRESDEC=0x0, @ANYBLOB=',\x00']) 04:10:05 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x1000002, 0x810, r0, 0x0) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000300)=ANY=[@ANYBLOB="0000001c229e10041d1c17186304dcba3221d8f8eb381cf06725b63783a81c7c7c6d34aa07fa2ed83aa3e9b875bb332a91b3689f41c9efd2b1e178d129f368531ed1387daf766a8ae3c50a71ba641406cad1026159e494ed263332ae5ba03d7f357aafc1b4536a89aeb1b91f0d049d7c069cb577f83b0527dced9f3b676242af0a7435d28aa40421d831200de08ef878a2ac8a687e9a172796835595fd025716569f426b401b5a6cb380f10a251badf37cd4c02ef99d7d53993e8740b24f1e1b66847688434f9804c9f5c386c0", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:10:05 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 87) 04:10:05 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfbb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:05 executing program 4: syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(r4, 0x29, 0x30, &(0x7f0000000400)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000300000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe88000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a0100000000d0e1ddff4c579b909183457df0ed1e3d622a3ee584531589060880d9ea7ca76512c4c21983e0c32ff1f6e8d396b7420dd9e70d84eeb243a7c8f46c", @ANYRES32=r2], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:10:05 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x9000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) [ 2532.910161] 9pnet: Insufficient options for proto=fd 04:10:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe5b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) [ 2532.914117] FAULT_INJECTION: forcing a failure. [ 2532.914117] name failslab, interval 1, probability 0, space 0, times 0 [ 2532.916481] CPU: 1 PID: 67197 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2532.917910] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2532.919598] Call Trace: [ 2532.920149] dump_stack+0x107/0x167 [ 2532.920903] should_fail.cold+0x5/0xa [ 2532.921708] ? __kernfs_new_node+0xd4/0x860 [ 2532.922601] should_failslab+0x5/0x20 [ 2532.923386] kmem_cache_alloc+0x5b/0x310 [ 2532.924221] __kernfs_new_node+0xd4/0x860 [ 2532.925074] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2532.926069] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2532.927051] ? wait_for_completion_io+0x270/0x270 [ 2532.928071] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2532.929186] kernfs_new_node+0x18d/0x250 [ 2532.930063] __kernfs_create_file+0x51/0x350 [ 2532.931000] sysfs_add_file_mode_ns+0x221/0x560 [ 2532.931996] internal_create_group+0x324/0xb30 [ 2532.932970] ? sysfs_remove_group+0x170/0x170 [ 2532.933894] ? kernfs_name_hash+0xe7/0x110 [ 2532.934789] ? kernfs_find_ns+0x256/0x380 [ 2532.935657] sysfs_slab_add+0x188/0x200 [ 2532.936499] __kmem_cache_create+0x3db/0x520 [ 2532.937427] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2532.938503] p9_client_create+0xc6a/0x1230 [ 2532.939409] ? p9_client_flush+0x430/0x430 [ 2532.940310] ? trace_hardirqs_on+0x5b/0x180 [ 2532.941225] ? lockdep_init_map_type+0x2c7/0x780 [ 2532.942239] ? __raw_spin_lock_init+0x36/0x110 [ 2532.943215] v9fs_session_init+0x1dd/0x1680 [ 2532.944133] ? lock_release+0x680/0x680 [ 2532.944985] ? kmem_cache_alloc_trace+0x151/0x320 [ 2532.946015] ? v9fs_show_options+0x690/0x690 [ 2532.946932] ? trace_hardirqs_on+0x5b/0x180 [ 2532.947853] ? kasan_unpoison_shadow+0x33/0x50 [ 2532.948816] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2532.949905] v9fs_mount+0x79/0x8f0 [ 2532.950656] ? v9fs_write_inode+0x60/0x60 [ 2532.951536] legacy_get_tree+0x105/0x220 [ 2532.952398] vfs_get_tree+0x8e/0x300 [ 2532.953191] path_mount+0x14ab/0x2200 [ 2532.954006] ? strncpy_from_user+0x9e/0x470 [ 2532.954899] ? finish_automount+0xa90/0xa90 [ 2532.955819] ? getname_flags.part.0+0x1dd/0x4f0 [ 2532.956791] ? _copy_from_user+0xfb/0x1b0 [ 2532.957682] __x64_sys_mount+0x282/0x300 [ 2532.958553] ? copy_mnt_ns+0xa00/0xa00 [ 2532.959378] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2532.960460] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2532.961562] do_syscall_64+0x33/0x40 [ 2532.962358] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2532.963442] RIP: 0033:0x7f4689135b19 [ 2532.964238] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2532.968039] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2532.969599] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2532.971083] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2532.972551] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2532.974024] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2532.975497] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2533.013022] kmem_cache_create(9p-fcall-cache-442) failed with error -12 [ 2533.014703] CPU: 1 PID: 67197 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2533.016117] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2533.017825] Call Trace: [ 2533.018372] dump_stack+0x107/0x167 [ 2533.019128] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2533.020208] p9_client_create+0xc6a/0x1230 [ 2533.021086] ? p9_client_flush+0x430/0x430 [ 2533.021955] ? trace_hardirqs_on+0x5b/0x180 [ 2533.022848] ? lockdep_init_map_type+0x2c7/0x780 [ 2533.023838] ? __raw_spin_lock_init+0x36/0x110 [ 2533.024785] v9fs_session_init+0x1dd/0x1680 [ 2533.025710] ? lock_release+0x680/0x680 [ 2533.026538] ? kmem_cache_alloc_trace+0x151/0x320 [ 2533.027557] ? v9fs_show_options+0x690/0x690 [ 2533.028475] ? trace_hardirqs_on+0x5b/0x180 [ 2533.029389] ? kasan_unpoison_shadow+0x33/0x50 [ 2533.030325] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2533.031397] v9fs_mount+0x79/0x8f0 [ 2533.032137] ? v9fs_write_inode+0x60/0x60 [ 2533.033019] legacy_get_tree+0x105/0x220 [ 2533.033866] vfs_get_tree+0x8e/0x300 [ 2533.034649] path_mount+0x14ab/0x2200 [ 2533.035444] ? strncpy_from_user+0x9e/0x470 [ 2533.036355] ? finish_automount+0xa90/0xa90 [ 2533.037243] ? getname_flags.part.0+0x1dd/0x4f0 [ 2533.038230] ? _copy_from_user+0xfb/0x1b0 [ 2533.039089] __x64_sys_mount+0x282/0x300 [ 2533.039948] ? copy_mnt_ns+0xa00/0xa00 [ 2533.040762] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2533.041883] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2533.042944] do_syscall_64+0x33/0x40 [ 2533.043731] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2533.044778] RIP: 0033:0x7f4689135b19 [ 2533.045568] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2533.049350] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2533.050970] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2533.052470] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2533.053980] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2533.055485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2533.056983] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:10:05 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeeb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:05 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe6b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:10:05 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x7, 0x0, 0x0, 0xc800, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6e6f6e652c63616368653d667363616368652c64656275673d3078303030303030303030303030303932302c6e6f6465766d61702c76657273696f6e3d3970323030302e4c2c736d61636b66737472616e736d7574653d9224fff2b876b9332c666f776e65723e", @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC, @ANYBLOB="2c646f6e745f686173682c646566636f6e746578743d73797374656d5f752c7365636c6162656c2cd647816e4d197b608582c67933684987338315b3a010da808403206ca36a6a4e1c9f33e9becaf4bd765419911250f3d14959eb46b79ffb45d64279e238f5428d5304e11e6c9f2f30237e7f3f67446bb667ee53e09511144987d2cf59042107e400e0bd2a31424f82eca1adaae7db8d7290e3e395b3057dd75a8febf3b0ed031ba3b600"/180]) r1 = accept(0xffffffffffffffff, &(0x7f0000000000)=@alg, &(0x7f0000000140)=0x80) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000180)={{0x1, 0x1, 0x18, r1}, './file1\x00'}) 04:10:05 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfcb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2533.145187] 9pnet: Insufficient options for proto=fd 04:10:05 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x42, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x6}, 0x2, 0xa0, 0x8000000, 0x0, 0x1}, 0x0, 0xf800000000000001, 0xffffffffffffffff, 0x8) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@remote, 0x3a, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x7, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51ee633960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5130a57cadf77ef635151dd166592d310002000000000000e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6197a4212dc3900d0e1e146c65ef03ac34d7c0c44bcb846154991c82dd8e6a329d113796d6f54b76ce5d59d44ca6a01e2e5d38b7bc467eacf6fb366397e53c34ce2e161662c61f2a2", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2546.313120] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:10:27 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xefb4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:27 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfdb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:27 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 88) 04:10:27 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xa000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:10:27 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r0, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) openat(r0, &(0x7f0000000100)='./file1\x00', 0x2acec2, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r1) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsuuid={'fsuuid', 0x3d, {[0x32, 0x33, 0x0, 0x33, 0x60, 0x61, 0x35, 0x62], 0x2d, [0x65, 0x64, 0x37, 0x33], 0x2d, [0x37, 0x30, 0x35, 0x38], 0x2d, [0x62, 0x66, 0x64, 0x62], 0x2d, [0x61, 0x33, 0x35, 0x79888da06206930a, 0xfc, 0x34, 0x34, 0x65]}}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt={'fowner>', r1}}]}}) 04:10:27 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe7b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:10:27 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r4 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r3, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r4}}, 0x4) syz_io_uring_submit(r1, 0x0, &(0x7f0000000180)=@IORING_OP_TIMEOUT={0xb, 0x5, 0x0, 0x0, 0x1, &(0x7f0000000040), 0x1, 0x1, 0x0, {0x0, r4}}, 0x1c) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r5 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r5, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r6, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000140)={0x2, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:10:27 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x3}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, r1, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r7, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0x12, 0x3, 0x1, 0x1, 0x8, 0x7f}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2555.075469] FAULT_INJECTION: forcing a failure. [ 2555.075469] name failslab, interval 1, probability 0, space 0, times 0 [ 2555.078047] CPU: 0 PID: 68158 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2555.079505] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2555.081248] Call Trace: [ 2555.081806] dump_stack+0x107/0x167 [ 2555.082641] should_fail.cold+0x5/0xa [ 2555.083442] ? create_object.isra.0+0x3a/0xa30 [ 2555.084388] should_failslab+0x5/0x20 [ 2555.085182] kmem_cache_alloc+0x5b/0x310 [ 2555.086037] ? __lockdep_reset_lock+0x180/0x180 [ 2555.087010] create_object.isra.0+0x3a/0xa30 [ 2555.087925] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2555.088991] kmem_cache_alloc+0x159/0x310 [ 2555.089867] __kernfs_new_node+0xd4/0x860 [ 2555.090750] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2555.091744] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2555.092755] ? wait_for_completion_io+0x270/0x270 [ 2555.093760] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2555.094866] kernfs_new_node+0x18d/0x250 [ 2555.095719] __kernfs_create_file+0x51/0x350 [ 2555.096640] sysfs_add_file_mode_ns+0x221/0x560 [ 2555.097629] internal_create_group+0x324/0xb30 [ 2555.098602] ? sysfs_remove_group+0x170/0x170 [ 2555.099532] ? kernfs_name_hash+0xe7/0x110 [ 2555.100413] ? kernfs_find_ns+0x256/0x380 [ 2555.101283] sysfs_slab_add+0x188/0x200 [ 2555.102126] __kmem_cache_create+0x3db/0x520 [ 2555.103049] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2555.104092] p9_client_create+0xc6a/0x1230 [ 2555.104984] ? p9_client_flush+0x430/0x430 [ 2555.105863] ? trace_hardirqs_on+0x5b/0x180 [ 2555.106781] ? lockdep_init_map_type+0x2c7/0x780 [ 2555.107770] ? __raw_spin_lock_init+0x36/0x110 [ 2555.108741] v9fs_session_init+0x1dd/0x1680 [ 2555.109639] ? lock_release+0x680/0x680 [ 2555.110502] ? kmem_cache_alloc_trace+0x151/0x320 [ 2555.111505] ? v9fs_show_options+0x690/0x690 [ 2555.112482] ? trace_hardirqs_on+0x5b/0x180 [ 2555.113387] ? kasan_unpoison_shadow+0x33/0x50 [ 2555.114396] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2555.115463] v9fs_mount+0x79/0x8f0 [ 2555.116219] ? v9fs_write_inode+0x60/0x60 [ 2555.117088] legacy_get_tree+0x105/0x220 [ 2555.117953] vfs_get_tree+0x8e/0x300 [ 2555.118749] path_mount+0x14ab/0x2200 [ 2555.119550] ? strncpy_from_user+0x9e/0x470 [ 2555.120448] ? finish_automount+0xa90/0xa90 [ 2555.121343] ? getname_flags.part.0+0x1dd/0x4f0 [ 2555.122325] ? _copy_from_user+0xfb/0x1b0 [ 2555.123200] __x64_sys_mount+0x282/0x300 [ 2555.124072] ? copy_mnt_ns+0xa00/0xa00 [ 2555.124898] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2555.126015] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2555.127096] do_syscall_64+0x33/0x40 [ 2555.127876] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2555.128938] RIP: 0033:0x7f4689135b19 [ 2555.129715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2555.133547] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2555.135143] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2555.136629] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2555.138124] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2555.139609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2555.141099] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:10:27 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf0b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:27 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mkdirat(r0, &(0x7f0000000000)='./file1\x00', 0xc1) openat(r1, &(0x7f0000000040)='./file1\x00', 0x100000, 0xc0) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x10000, 0x0, 0x10}, 0x18) ioctl$FS_IOC_SETVERSION(r2, 0x40087602, &(0x7f00000001c0)=0x9) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB=',cache=mmap,cache=fscache,debug=0x0000000000000924,nodevmap,version=9p2000.L,smackfstransmute=nodevmap,fowner>', @ANYRESDEC=0x0, @ANYBLOB=',fsmagic=0x0000000000000004,fowner=', @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,fowner>', @ANYRESDEC=0x0, @ANYBLOB="2c0041fe8a026d8cb949dbb176f24f9f94691d9f8a040bcb5e0bc714d666446d2a40a8e81e7a9341fef9c7991ecd7729e0ea8f1a848bcf7ab9f8dd7e1f66186ba32565bbeb7b328a"]) 04:10:28 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x4b02, 0x7, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1a13fee19708e3c6c25e2a9ce73e36d3a9627f2c0039b73e0d36947177f2d303478780151607a8253d0089541352f346aabcd354cea0be642b7a2fb6b0ea4d75662", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:10:28 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfeb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2555.330177] 9pnet: Insufficient options for proto=fd 04:10:28 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe8b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:10:28 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 89) 04:10:28 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) fcntl$setpipe(r0, 0x407, 0x6) 04:10:28 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0xb000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:10:28 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf1b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2555.607889] FAULT_INJECTION: forcing a failure. [ 2555.607889] name failslab, interval 1, probability 0, space 0, times 0 [ 2555.610927] CPU: 1 PID: 69090 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2555.612661] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2555.614732] Call Trace: [ 2555.615397] dump_stack+0x107/0x167 [ 2555.616313] should_fail.cold+0x5/0xa [ 2555.617269] ? __kernfs_new_node+0xd4/0x860 [ 2555.618352] should_failslab+0x5/0x20 [ 2555.619309] kmem_cache_alloc+0x5b/0x310 [ 2555.620330] __kernfs_new_node+0xd4/0x860 [ 2555.621368] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2555.622586] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2555.623804] ? wait_for_completion_io+0x270/0x270 [ 2555.625010] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2555.626329] kernfs_new_node+0x18d/0x250 [ 2555.627347] __kernfs_create_file+0x51/0x350 [ 2555.628456] sysfs_add_file_mode_ns+0x221/0x560 [ 2555.629629] internal_create_group+0x324/0xb30 [ 2555.630792] ? sysfs_remove_group+0x170/0x170 [ 2555.631899] ? kernfs_name_hash+0xe7/0x110 [ 2555.632957] ? kernfs_find_ns+0x256/0x380 [ 2555.634015] sysfs_slab_add+0x188/0x200 [ 2555.635012] __kmem_cache_create+0x3db/0x520 [ 2555.636119] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2555.637370] p9_client_create+0xc6a/0x1230 [ 2555.638443] ? p9_client_flush+0x430/0x430 [ 2555.639509] ? trace_hardirqs_on+0x5b/0x180 [ 2555.640571] ? lockdep_init_map_type+0x2c7/0x780 [ 2555.641731] ? __raw_spin_lock_init+0x36/0x110 [ 2555.642870] v9fs_session_init+0x1dd/0x1680 [ 2555.643924] ? lock_release+0x680/0x680 [ 2555.644910] ? kmem_cache_alloc_trace+0x151/0x320 [ 2555.646091] ? v9fs_show_options+0x690/0x690 [ 2555.647175] ? trace_hardirqs_on+0x5b/0x180 [ 2555.648235] ? kasan_unpoison_shadow+0x33/0x50 [ 2555.649346] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2555.650592] v9fs_mount+0x79/0x8f0 [ 2555.651459] ? v9fs_write_inode+0x60/0x60 [ 2555.652464] legacy_get_tree+0x105/0x220 [ 2555.653458] vfs_get_tree+0x8e/0x300 [ 2555.654376] path_mount+0x14ab/0x2200 [ 2555.655306] ? strncpy_from_user+0x9e/0x470 [ 2555.656358] ? finish_automount+0xa90/0xa90 [ 2555.657407] ? getname_flags.part.0+0x1dd/0x4f0 [ 2555.658557] ? _copy_from_user+0xfb/0x1b0 [ 2555.659586] __x64_sys_mount+0x282/0x300 [ 2555.660574] ? copy_mnt_ns+0xa00/0xa00 [ 2555.661530] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2555.662821] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2555.664084] do_syscall_64+0x33/0x40 [ 2555.664992] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2555.666253] RIP: 0033:0x7f4689135b19 [ 2555.667159] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2555.671643] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2555.673495] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2555.675231] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2555.676952] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2555.678678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2555.680390] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2555.704257] 9pnet: Insufficient options for proto=fd 04:10:28 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2555.741435] kmem_cache_create(9p-fcall-cache-445) failed with error -12 [ 2555.743113] CPU: 1 PID: 69090 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2555.744755] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2555.746734] Call Trace: [ 2555.747364] dump_stack+0x107/0x167 [ 2555.748234] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2555.749484] p9_client_create+0xc6a/0x1230 [ 2555.750516] ? p9_client_flush+0x430/0x430 [ 2555.751521] ? trace_hardirqs_on+0x5b/0x180 [ 2555.752546] ? lockdep_init_map_type+0x2c7/0x780 [ 2555.753681] ? __raw_spin_lock_init+0x36/0x110 [ 2555.754784] v9fs_session_init+0x1dd/0x1680 [ 2555.755812] ? lock_release+0x680/0x680 [ 2555.756756] ? kmem_cache_alloc_trace+0x151/0x320 [ 2555.757894] ? v9fs_show_options+0x690/0x690 [ 2555.758947] ? trace_hardirqs_on+0x5b/0x180 [ 2555.759959] ? kasan_unpoison_shadow+0x33/0x50 [ 2555.761027] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2555.762241] v9fs_mount+0x79/0x8f0 [ 2555.763090] ? v9fs_write_inode+0x60/0x60 [ 2555.764065] legacy_get_tree+0x105/0x220 [ 2555.765026] vfs_get_tree+0x8e/0x300 [ 2555.765902] path_mount+0x14ab/0x2200 [ 2555.766812] ? strncpy_from_user+0x9e/0x470 [ 2555.767828] ? finish_automount+0xa90/0xa90 [ 2555.768842] ? getname_flags.part.0+0x1dd/0x4f0 [ 2555.769933] ? _copy_from_user+0xfb/0x1b0 [ 2555.770929] __x64_sys_mount+0x282/0x300 [ 2555.771888] ? copy_mnt_ns+0xa00/0xa00 [ 2555.772804] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2555.774047] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2555.775259] do_syscall_64+0x33/0x40 [ 2555.776137] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2555.777340] RIP: 0033:0x7f4689135b19 [ 2555.778217] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2555.782488] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2555.784261] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2555.785915] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2555.787591] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2555.789254] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2555.790920] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2568.903293] kmemleak: 1 new suspected memory leaks (see /sys/kernel/debug/kmemleak) 04:10:55 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x10000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:10:55 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x34004, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000200)}, 0x0, 0x0, 0x3, 0x7, 0x80000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x68}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:10:55 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfeff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:55 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) openat(r0, &(0x7f0000000040)='./file1\x00', 0x1e9001, 0x14) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) read(r0, &(0x7f0000000000)=""/34, 0x22) 04:10:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x4307, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x1}, &(0x7f000000b000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f00000000c0)=0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r4, r2, &(0x7f00000002c0)=@IORING_OP_OPENAT2={0x1c, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000180)={0x111400, 0xa0, 0xa0a44dacc1301d3b}, &(0x7f0000000240)='./file0\x00', 0x18, 0x0, 0x23456}, 0x8) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000600)=ANY=[@ANYBLOB="0100000201002ffb826cf23b24eeb496a4aa34b5b711de262421e78a2a71ac56b2c9f6f638a1dcb7d05decf4770ed5b137741278048ec6571c33ae5701fc4c610b1cdf7b1c55bca5", @ANYRES32=0xffffffffffffffff, @ANYBLOB="00000000000000002e2f664f1d2e51ecf96e5697d0f5fbb6a0696c65300011837f4e41b7a9969f25cf22cba0595eccea9608b6dccc6d5f671b6f8b09509557cb0c35fc1126db04fa9f49f1d891dcf39a2720e74d64abda694815bdd3198e0542f92251990fc06c9daa2bb30864bf89eea2fe337daa7945ec2c7ac1bee9933c7aa9ff8dacfeba0a408cbce3643a36e4b829635817d32ae1bfdecb6a1d4c542db16cd9ba85e43a586ca6bf1ca916f4c0ab"]) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x2000003, 0x1f012, 0xffffffffffffffff, 0x0) syz_io_uring_setup(0xee2, &(0x7f0000000300)={0x0, 0xbcb3, 0x1, 0x2, 0xa3}, &(0x7f000073c000/0x1000)=nil, &(0x7f0000b2a000/0x3000)=nil, &(0x7f0000000140), &(0x7f00000001c0)=0x0) r7 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(0x0, r6, &(0x7f0000000280)=@IORING_OP_SEND={0x1a, 0x3, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000380)="df698c3b6a0697a08cba569c02978c1d8af4f9174fa03a59986e666a5fcda15b106355a20a431dedbcd16b922033029d840c627fa13dab9852fb5870767f4850678ad8a28b688ea70c5d8290e477faa4ea69d455261ff30c4b2e7f076fae3878e2a561d08ab96acf957e2b83d6f2c35176fbceb911b31ba2d4bc338c955bbd40ed578e6956073cede609ab", 0x8b, 0x24008001, 0x0, {0x0, r7}}, 0x4) syz_io_uring_submit(r4, 0x0, &(0x7f0000000140)=@IORING_OP_FADVISE={0x18, 0x5, 0x0, @fd=r3, 0x753ebb8c, 0x0, 0x40, 0x5, 0x0, {0x0, r7}}, 0x6) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:10:55 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xe9b8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:10:55 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf202, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:55 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 90) [ 2582.940943] FAULT_INJECTION: forcing a failure. [ 2582.940943] name failslab, interval 1, probability 0, space 0, times 0 [ 2582.943367] CPU: 1 PID: 69427 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2582.944829] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2582.944872] 9pnet: Insufficient options for proto=fd [ 2582.946583] Call Trace: [ 2582.946683] dump_stack+0x107/0x167 [ 2582.949074] should_fail.cold+0x5/0xa [ 2582.949883] ? create_object.isra.0+0x3a/0xa30 [ 2582.950861] should_failslab+0x5/0x20 [ 2582.951668] kmem_cache_alloc+0x5b/0x310 [ 2582.952527] ? __lockdep_reset_lock+0x180/0x180 [ 2582.953515] create_object.isra.0+0x3a/0xa30 [ 2582.954451] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.955526] kmem_cache_alloc+0x159/0x310 [ 2582.956410] __kernfs_new_node+0xd4/0x860 [ 2582.957290] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2582.958295] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2582.959314] ? wait_for_completion_io+0x270/0x270 [ 2582.960337] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2582.961454] kernfs_new_node+0x18d/0x250 [ 2582.962333] __kernfs_create_file+0x51/0x350 [ 2582.963267] sysfs_add_file_mode_ns+0x221/0x560 [ 2582.964266] internal_create_group+0x324/0xb30 [ 2582.965246] ? sysfs_remove_group+0x170/0x170 [ 2582.966184] ? kernfs_name_hash+0xe7/0x110 [ 2582.967091] ? kernfs_find_ns+0x256/0x380 [ 2582.967977] sysfs_slab_add+0x188/0x200 [ 2582.968825] __kmem_cache_create+0x3db/0x520 [ 2582.969760] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2582.970800] p9_client_create+0xc6a/0x1230 [ 2582.971703] ? p9_client_flush+0x430/0x430 [ 2582.972594] ? trace_hardirqs_on+0x5b/0x180 [ 2582.973506] ? lockdep_init_map_type+0x2c7/0x780 [ 2582.974514] ? __raw_spin_lock_init+0x36/0x110 [ 2582.975479] v9fs_session_init+0x1dd/0x1680 [ 2582.976394] ? lock_release+0x680/0x680 [ 2582.977245] ? kmem_cache_alloc_trace+0x151/0x320 [ 2582.978269] ? v9fs_show_options+0x690/0x690 [ 2582.979206] ? trace_hardirqs_on+0x5b/0x180 [ 2582.980284] ? kasan_unpoison_shadow+0x33/0x50 [ 2582.981373] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2582.982455] v9fs_mount+0x79/0x8f0 [ 2582.983203] ? v9fs_write_inode+0x60/0x60 [ 2582.984068] legacy_get_tree+0x105/0x220 [ 2582.984919] vfs_get_tree+0x8e/0x300 [ 2582.985703] path_mount+0x14ab/0x2200 [ 2582.986521] ? strncpy_from_user+0x9e/0x470 [ 2582.987432] ? finish_automount+0xa90/0xa90 [ 2582.988341] ? getname_flags.part.0+0x1dd/0x4f0 [ 2582.989315] ? _copy_from_user+0xfb/0x1b0 [ 2582.990193] __x64_sys_mount+0x282/0x300 [ 2582.991056] ? copy_mnt_ns+0xa00/0xa00 [ 2582.991876] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2582.992974] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2582.994054] do_syscall_64+0x33/0x40 [ 2582.994846] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2582.995923] RIP: 0033:0x7f4689135b19 [ 2582.996703] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2583.000558] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2583.002158] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2583.003658] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2583.005156] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2583.006658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2583.008144] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:10:55 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) r3 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r3, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB="0000000000000066b2c8a5002e2f6669"]) io_uring_enter(r4, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:10:55 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r0 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) finit_module(r0, &(0x7f0000000040)='\x00', 0x1) 04:10:55 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xff03, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2583.154123] 9pnet: Insufficient options for proto=fd 04:10:55 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e21, @empty}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000180)={@mcast1, 0xd985, 0x1, 0x2, 0x4, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:10:55 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeab8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:10:55 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf2b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:10:56 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000180)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df00200000000000000730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e13dca1c9fd134c230010991cd4d1aa233f9451c5f56fda006656eb9a6f51c3b4876883f502c0aaf918c3749d9cf670d5af0d43ca8fe566d22ba2a2de2ed44b4f646b78e86d26c8212bbc77fdaf0d385e61b50af054bddbe66cb66dd3d480fc87e3232e90662875f81272e30ec17b70042639907b8639ff1fb000000002d35f6ea866033910588fc1564aff17af2f0ac5def85531e40ceb95dbd02764c0f7f89fa0ee6f72b37e9466b346a8bd78d85710345a9346629224092450b61108ebb5fc7b2dc8f9a70cfd0d5b2b5ca1580d747cfa7abe5a040b5ba16167ed41e3f8e02cdff2510e325ea6a4a939d06d1616c85fcb51a1f50ad46c31d16f7a3a15899c6892223d3fb2e9d498afdf3db89550807b7", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:11:09 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(0xffffffffffffffff, 0x8916, &(0x7f0000000000)={@remote, 0x4a, r10}) 04:11:09 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) r0 = syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file1\x00', 0x0, 0x5, &(0x7f0000000340)=[{&(0x7f0000000140)="af7fd2c7f57f3b5eb2fdb53086bc5c0274e28a3dcc9adcc38a3943752c8c8b9ef09cea4163a6da67b62d078d6aab832b8407af0be549c3beb60d9a376e66d1562e3342dff649c5fedcb82843e33dd98316e966caf705016af12076f48aa9c8cb692f2288ead150", 0x67, 0x1000}, {&(0x7f00000001c0)="081e1c3c898137ae436885107996fb8548789cb5efe95d92c41f", 0x1a, 0x6}, {&(0x7f0000000200)="d786320f84a317584f525fb88feca55163e8209610735cfeb5ac834459ba42f8376c76fcad4c03280ecd16677b0445dea15e20dc41c7dca337fe5f0f324a92158674cc653bc58607509c966023e5cc3046a22a1b8a21780bcfe66e05cd8766643d37d8152329b5a1f29d6ef34ab7465fe241bf14079d6e720ca3d1d3dcbd1248573f35010f4f3319e717faab0ad06e5d8a4da91572d20513a7a64b5a252f0151fbff0b71252367459f9e0402", 0xac, 0x8001}, {&(0x7f00000002c0)="3b5f9afd274ad3237a78a6681d83dd804c328b950204f459302923aa528469820a0c35502b3e0860100c39936fca70084be3726a", 0x34, 0x40}, {&(0x7f0000000300)="ac570d0d0629fd61", 0x8, 0x80}], 0x1000002, &(0x7f00000003c0)={[{@dmode={'dmode', 0x3d, 0x80000001}}, {@iocharset={'iocharset', 0x3d, 'koi8-ru'}}, {@uid={'uid', 0x3d, 0xffffffffffffffff}}, {@nojoliet}, {@map_normal}, {@utf8}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}], [{@fowner_eq={'fowner', 0x3d, 0xee01}}, {@fsname={'fsname', 0x3d, 'cache=fscache'}}, {@audit}, {@fsmagic={'fsmagic', 0x3d, 0x5}}, {@audit}, {@subj_type={'subj_type', 0x3d, 'fsname'}}, {@func={'func', 0x3d, 'FILE_MMAP'}}, {@smackfshat={'smackfshat', 0x3d, '\x03}'}}, {@smackfstransmute={'smackfstransmute', 0x3d, 'debug'}}, {@obj_role}]}) openat(r0, &(0x7f0000000500)='./file1\x00', 0x121000, 0x2) 04:11:09 executing program 0: r0 = perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x6004, @fd_index=0x1, 0x8, 0x0}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r1, 0x0) r4 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r1, 0x8000000) syz_io_uring_submit(r4, r3, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)=ANY=[@ANYBLOB="0100000000070000005b3cf9", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00']) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r6, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r6, &(0x7f0000000240)=ANY=[@ANYRES16=r0, @ANYRESOCT=r6, @ANYRES32=r5, @ANYRES32], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r6, 0x6609) ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000180)={{0x1, 0x1, 0x18, r6}, './file1\x00'}) io_uring_enter(r5, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r1, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:11:09 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xebb8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:11:09 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xffb2, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:09 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 91) 04:11:09 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x20000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:11:09 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf3b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2597.086450] 9pnet: Insufficient options for proto=fd [ 2597.095834] FAULT_INJECTION: forcing a failure. [ 2597.095834] name failslab, interval 1, probability 0, space 0, times 0 [ 2597.098774] CPU: 0 PID: 70391 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2597.100236] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2597.101961] Call Trace: [ 2597.102540] dump_stack+0x107/0x167 [ 2597.103309] should_fail.cold+0x5/0xa [ 2597.104112] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2597.105313] should_failslab+0x5/0x20 [ 2597.106137] kmem_cache_alloc+0x5b/0x310 [ 2597.107008] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2597.108184] idr_get_free+0x4b5/0x8f0 [ 2597.109007] idr_alloc_u32+0x184/0x300 [ 2597.109833] ? __fprop_inc_percpu_max+0x130/0x130 [ 2597.110858] ? lock_acquire+0x197/0x470 [ 2597.111689] ? __kernfs_new_node+0xff/0x860 [ 2597.112610] idr_alloc_cyclic+0x102/0x230 [ 2597.113487] ? idr_alloc+0x130/0x130 [ 2597.114264] ? rwlock_bug.part.0+0x90/0x90 [ 2597.115171] __kernfs_new_node+0x117/0x860 [ 2597.116054] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2597.117046] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2597.118059] ? wait_for_completion_io+0x270/0x270 [ 2597.119078] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2597.120190] kernfs_new_node+0x18d/0x250 [ 2597.121046] __kernfs_create_file+0x51/0x350 [ 2597.122006] sysfs_add_file_mode_ns+0x221/0x560 [ 2597.123004] internal_create_group+0x324/0xb30 [ 2597.123981] ? sysfs_remove_group+0x170/0x170 [ 2597.124913] ? kernfs_name_hash+0xe7/0x110 [ 2597.125807] ? kernfs_find_ns+0x256/0x380 [ 2597.126701] sysfs_slab_add+0x188/0x200 [ 2597.127539] __kmem_cache_create+0x3db/0x520 [ 2597.128474] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2597.129530] p9_client_create+0xc6a/0x1230 [ 2597.130439] ? p9_client_flush+0x430/0x430 [ 2597.131327] ? trace_hardirqs_on+0x5b/0x180 [ 2597.132228] ? lockdep_init_map_type+0x2c7/0x780 [ 2597.133246] ? __raw_spin_lock_init+0x36/0x110 [ 2597.134209] v9fs_session_init+0x1dd/0x1680 [ 2597.135136] ? lock_release+0x680/0x680 [ 2597.135985] ? kmem_cache_alloc_trace+0x151/0x320 [ 2597.137018] ? v9fs_show_options+0x690/0x690 [ 2597.137949] ? trace_hardirqs_on+0x5b/0x180 [ 2597.138860] ? kasan_unpoison_shadow+0x33/0x50 [ 2597.139819] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2597.140878] v9fs_mount+0x79/0x8f0 [ 2597.141626] ? v9fs_write_inode+0x60/0x60 [ 2597.142498] legacy_get_tree+0x105/0x220 [ 2597.143356] vfs_get_tree+0x8e/0x300 [ 2597.144132] path_mount+0x14ab/0x2200 [ 2597.144928] ? strncpy_from_user+0x9e/0x470 [ 2597.145826] ? finish_automount+0xa90/0xa90 [ 2597.146743] ? getname_flags.part.0+0x1dd/0x4f0 [ 2597.147722] ? _copy_from_user+0xfb/0x1b0 [ 2597.148591] __x64_sys_mount+0x282/0x300 [ 2597.149436] ? copy_mnt_ns+0xa00/0xa00 [ 2597.150252] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2597.151355] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2597.152451] do_syscall_64+0x33/0x40 [ 2597.153237] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2597.154309] RIP: 0033:0x7f4689135b19 [ 2597.155094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2597.158941] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2597.160526] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2597.162010] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2597.163506] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2597.164998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2597.166493] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:11:10 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfffe, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:10 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xecb8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:11:10 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf4b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:10 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX, @ANYBLOB="2c63616368653d6d6d61707363616368652c70726976616f72742c6e506465766d61702c76657273696f6e3d3970323030302e4c2c736d61634b66737472616e736d7574653d6e6f6465764bdfb46861707072616973655f747970653d696d617369672c66736d615869633d3078303030303030303030303030303030342c666f776e65723d0000000000000000", @ANYRESDEC=0x0, @ANYBLOB=',fsname=.,pcr=00000000000000000016,\x00']) 04:11:10 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x2, 0x4200b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x714c4e29, 0x0, @perf_config_ext={0x938}, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0x8, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2597.415009] 9pnet: Insufficient options for proto=fd 04:11:10 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedb8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:11:10 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x80000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2613.728021] FAULT_INJECTION: forcing a failure. [ 2613.728021] name failslab, interval 1, probability 0, space 0, times 0 [ 2613.729676] CPU: 1 PID: 71543 Comm: syz-executor.6 Not tainted 5.10.250 #1 04:11:26 executing program 0: perf_event_open(&(0x7f0000000480)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_io_uring_setup(0x3a75, &(0x7f0000000080), &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000200)=0x0, &(0x7f0000000100)=0x0) socket$inet6_udplite(0xa, 0x2, 0x88) r3 = socket$inet_udp(0x2, 0x2, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd_index, 0x8, 0x0, 0x0, 0x0, 0x1}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x13, r0, 0x0) stat(&(0x7f0000001cc0)='.\x00', &(0x7f0000001c00)={0x0, 0x0, 0x0, 0x0, 0x0}) setreuid(0x0, r4) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0, 0x0}, &(0x7f0000000240)=0xc) lchown(&(0x7f0000000140)='./file0\x00', r4, r5) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0xf, 0x13, r0, 0x8000000) syz_io_uring_submit(r6, r2, &(0x7f00000002c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x4, 0x0, @fd, 0x0, 0x0}, 0x80000001) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) io_uring_enter(r7, 0x3648, 0xb23e, 0x1, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000040)={0x0, 0x7fff, 0x0, 0x3, 0x7}) io_uring_enter(r0, 0x58ab, 0x0, 0x0, 0x0, 0x0) 04:11:26 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf5b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:26 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xedc0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:11:26 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xb30000, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 92) 04:11:26 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_bp={&(0x7f0000000180), 0x2}, 0x40200, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) 04:11:26 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x20100000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:11:26 executing program 5: r0 = syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0}, './file1\x00'}) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {0x1002}, 0x0, 0x0, 0x0, 0x0, 0x13}, 0x58) pipe(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2613.730617] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2613.731916] Call Trace: [ 2613.732270] dump_stack+0x107/0x167 [ 2613.732763] should_fail.cold+0x5/0xa [ 2613.733272] ? create_object.isra.0+0x3a/0xa30 [ 2613.733873] should_failslab+0x5/0x20 [ 2613.734374] kmem_cache_alloc+0x5b/0x310 [ 2613.734922] ? __lockdep_reset_lock+0x180/0x180 [ 2613.735540] create_object.isra.0+0x3a/0xa30 [ 2613.736126] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2613.736815] kmem_cache_alloc+0x159/0x310 [ 2613.737374] __kernfs_new_node+0xd4/0x860 [ 2613.737928] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2613.738567] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2613.739227] ? wait_for_completion_io+0x270/0x270 [ 2613.739878] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2613.740577] kernfs_new_node+0x18d/0x250 [ 2613.741118] __kernfs_create_file+0x51/0x350 [ 2613.741702] sysfs_add_file_mode_ns+0x221/0x560 [ 2613.742337] internal_create_group+0x324/0xb30 [ 2613.742956] ? sysfs_remove_group+0x170/0x170 [ 2613.743540] ? kernfs_name_hash+0xe7/0x110 [ 2613.744101] ? kernfs_find_ns+0x256/0x380 [ 2613.744659] sysfs_slab_add+0x188/0x200 [ 2613.745189] __kmem_cache_create+0x3db/0x520 [ 2613.745777] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2613.746446] p9_client_create+0xc6a/0x1230 [ 2613.747041] ? p9_client_flush+0x430/0x430 [ 2613.747620] ? trace_hardirqs_on+0x5b/0x180 [ 2613.748196] ? lockdep_init_map_type+0x2c7/0x780 [ 2613.748822] ? __raw_spin_lock_init+0x36/0x110 [ 2613.749443] v9fs_session_init+0x1dd/0x1680 [ 2613.750020] ? lock_release+0x680/0x680 [ 2613.750562] ? kmem_cache_alloc_trace+0x151/0x320 [ 2613.751205] ? v9fs_show_options+0x690/0x690 [ 2613.751799] ? trace_hardirqs_on+0x5b/0x180 [ 2613.752379] ? kasan_unpoison_shadow+0x33/0x50 [ 2613.752982] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2613.753654] v9fs_mount+0x79/0x8f0 [ 2613.754129] ? v9fs_write_inode+0x60/0x60 [ 2613.754688] legacy_get_tree+0x105/0x220 [ 2613.755233] vfs_get_tree+0x8e/0x300 [ 2613.755739] path_mount+0x14ab/0x2200 [ 2613.756251] ? strncpy_from_user+0x9e/0x470 [ 2613.756826] ? finish_automount+0xa90/0xa90 [ 2613.757396] ? getname_flags.part.0+0x1dd/0x4f0 [ 2613.758017] ? _copy_from_user+0xfb/0x1b0 [ 2613.758568] __x64_sys_mount+0x282/0x300 [ 2613.759115] ? copy_mnt_ns+0xa00/0xa00 [ 2613.759637] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2613.760356] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2613.761044] do_syscall_64+0x33/0x40 [ 2613.761549] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2613.762224] RIP: 0033:0x7f4689135b19 [ 2613.762727] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2613.765186] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2613.766203] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2613.767166] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2613.768114] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2613.769064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2613.770005] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 [ 2613.787429] 9pnet: Insufficient options for proto=fd 04:11:26 executing program 4: syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r0 = perf_event_open(&(0x7f0000001d80)={0x2, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x4000, 0x8410, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x3, 0x7, 0x80000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) r3 = dup(r2) r4 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x890c, &(0x7f0000000080)={@local, 0x78, r5}) ioctl$sock_inet6_SIOCDIFADDR(r3, 0x8916, &(0x7f0000000000)={@private0, 0x0, r5}) r6 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRES32=r4], 0x190) r7 = dup(r6) r8 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8936, &(0x7f0000000080)={@local, 0x78, r9}) ioctl$sock_inet6_SIOCDIFADDR(r7, 0x8916, &(0x7f0000000000)={@remote, 0x0, r9}) 04:11:26 executing program 1: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xeeb8, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}], [{@fowner_gt}]}}) 04:11:26 executing program 7: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xf6b4, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:26 executing program 6: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) (fail_nth: 93) 04:11:26 executing program 3: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x48000000, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@version_L}]}}) 04:11:26 executing program 2: openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(&(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff}) mount$9p_fd(0xfeffff, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000580)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_mmap}, {@cache_fscache}, {@debug={'debug', 0x3d, 0x924}}, {@nodevmap}, {@version_L}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) [ 2613.980229] FAULT_INJECTION: forcing a failure. [ 2613.980229] name failslab, interval 1, probability 0, space 0, times 0 [ 2613.981733] CPU: 1 PID: 72141 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2613.982576] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2613.983585] Call Trace: [ 2613.983907] dump_stack+0x107/0x167 [ 2613.984348] should_fail.cold+0x5/0xa [ 2613.984807] ? __kernfs_new_node+0xd4/0x860 [ 2613.985326] should_failslab+0x5/0x20 [ 2613.985801] kmem_cache_alloc+0x5b/0x310 [ 2613.986294] __kernfs_new_node+0xd4/0x860 [ 2613.986810] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2613.987386] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2613.987965] ? wait_for_completion_io+0x270/0x270 [ 2613.988545] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2613.989184] kernfs_new_node+0x18d/0x250 [ 2613.989683] __kernfs_create_file+0x51/0x350 [ 2613.990210] sysfs_add_file_mode_ns+0x221/0x560 [ 2613.990782] internal_create_group+0x324/0xb30 [ 2613.991338] ? sysfs_remove_group+0x170/0x170 [ 2613.991879] ? kernfs_name_hash+0xe7/0x110 [ 2613.992391] ? kernfs_find_ns+0x256/0x380 [ 2613.992893] sysfs_slab_add+0x188/0x200 [ 2613.993375] __kmem_cache_create+0x3db/0x520 [ 2613.993907] kmem_cache_create_usercopy+0x1db/0x2f0 [ 2613.994515] p9_client_create+0xc6a/0x1230 [ 2613.995030] ? p9_client_flush+0x430/0x430 [ 2613.995537] ? trace_hardirqs_on+0x5b/0x180 [ 2613.996051] ? lockdep_init_map_type+0x2c7/0x780 [ 2613.996616] ? __raw_spin_lock_init+0x36/0x110 [ 2613.997167] v9fs_session_init+0x1dd/0x1680 [ 2613.997689] ? lock_release+0x680/0x680 [ 2613.998172] ? kmem_cache_alloc_trace+0x151/0x320 [ 2613.998776] ? v9fs_show_options+0x690/0x690 [ 2613.999310] ? trace_hardirqs_on+0x5b/0x180 [ 2613.999834] ? kasan_unpoison_shadow+0x33/0x50 [ 2614.000383] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2614.000992] v9fs_mount+0x79/0x8f0 [ 2614.001415] ? v9fs_write_inode+0x60/0x60 [ 2614.001911] legacy_get_tree+0x105/0x220 [ 2614.002400] vfs_get_tree+0x8e/0x300 [ 2614.002852] path_mount+0x14ab/0x2200 [ 2614.003308] ? strncpy_from_user+0x9e/0x470 [ 2614.003827] ? finish_automount+0xa90/0xa90 [ 2614.004351] ? getname_flags.part.0+0x1dd/0x4f0 [ 2614.004911] ? _copy_from_user+0xfb/0x1b0 [ 2614.005415] __x64_sys_mount+0x282/0x300 [ 2614.005897] ? copy_mnt_ns+0xa00/0xa00 [ 2614.006361] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2614.007002] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2614.007620] do_syscall_64+0x33/0x40 [ 2614.008064] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2614.008670] RIP: 0033:0x7f4689135b19 [ 2614.009114] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.011294] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2614.012194] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2614.013039] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2614.013880] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2614.014740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.015583] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 04:11:26 executing program 5: syz_mount_image$vfat(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) clone3(&(0x7f00000008c0)={0x1040100, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe(0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r1, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r1, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r1, 0x6609) r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) ioctl$FS_IOC_FSSETXATTR(r2, 0x40086602, &(0x7f0000000000)) write$binfmt_elf64(r2, &(0x7f00000001c0)=ANY=[], 0xfdef) ioctl$EXT4_IOC_MIGRATE(r2, 0x6609) openat(r2, &(0x7f00000001c0)='./file1\x00', 0x86000, 0x80) mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0xc000, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@access_user}, {@cache_none}, {@cache_mmap}], [{@euid_lt={'euid<', 0xee00}}]}}) semget(0x2, 0x1, 0x108) mount$9p_fd(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), 0x0, &(0x7f0000000200)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[], [{@smackfstransmute={'smackfstransmute', 0x3d, 'nodevmap\x99\x1d\xc6\x8aT\xcb\xc3mD\xe49\x96\xb1r\xf7\x84\xd9}< \xe0@\xb5\x17?\x03a\x85\xc4;\x95D\xb5\xdf\xa6O\xba\x7f\xe2\x0f&\xa9m\xd0\x85\a\x9fjD\x02\x04.vy\xc6\xe0OO\x90\xa3.x:t\xf1\xc14\xaf\xd4\x94\x94a\"\xa3\xeb\xbc5\xd6\xf3oS\f?\x11=\xf9\nl+\x91&\xd6\xde\xe2XL\x8a\xc1^*\xb9\xcbd\xef\x14\xe8\xdf\vk@_\x15\x8b\x0e2\x85\xc7cnM2\xbf\x91\xb1/wl\xc3\xcf\xe5|\x00Z\x92\b\xb4\xbfI\xd7cy\xcd6\xbc\x06I\xffL\x9dc\x94Q\x1c8\x04,\x0evH\xd73\xc5\x89\x1e\xcdj\xbf#\xd0\nXJr\ai\xfb\x80\fQ\xab\xf0\"\xf2Dc?\xebg\x15\xdbc\xec^\xdb\x92&t\xd2\n\xc0A\xee}:Ni\xbf\xba?\xe7=\x17\x05\x99bF\x98\xa0\x83+&\xc1GC\xdd\xd5Z\xf1\xffKa\xcdK\xdfRV\x9c\x89l\xef\xa0L\x9f\xeb\xffq\x02\xbd\x81W] dz\x8d\b\xc7C\xf9\xdc\xe6\xe2a\xac\x1e\xf0\xb0\xa8\xfa\x84\x06\xb2i\x12\x00\xdax\xa0\xd24Y\xbb/\xf2#!\xaf:\xcfK\x8c\xeb\x128\xab\xe6vM\x98Tg<42\x9e\x80\xfc\xda\x92i@9\xf4\xf3t\xe7\xde\xf7\x18\xaa'}}, {@fowner_gt}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@fowner_eq}, {@fsname={'fsname', 0x3d, '.'}}, {@fowner_gt}]}}) 04:11:26 executing program 4: r0 = syz_io_uring_setup(0x0, 0x0, &(0x7f00000a0000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0x0, &(0x7f0000000140)) r1 = perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x73, 0x2, 0x0, 0x0, 0x0, 0x9, 0xc11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x3}, 0x10000, 0x0, 0x8f, 0x7, 0x80000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3}, 0x0, 0xffffffffffffbfff, 0xffffffffffffffff, 0x0) fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4307, 0x62140, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0), 0x4}, 0x2, 0xa0, 0x0, 0x5, 0x1}, 0x0, 0xf7ffffffffffffff, 0xffffffffffffffff, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @local}, 0x10) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) r4 = dup(r3) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x890c, &(0x7f0000000080)={@local, 0x78, r6}) ioctl$sock_inet6_SIOCDIFADDR(r4, 0x8916, &(0x7f0000000000)={@private0, 0x0, r6}) r7 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, &(0x7f0000000100)={@mcast1, 0xd985, 0x3, 0x1, 0x0, 0x6, 0x7}, 0x20) setsockopt$inet6_MCAST_MSFILTER(0xffffffffffffffff, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="05000000000000000a004e230000000100000000000000000000000000000000f7ffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000200ea000a004e240000007ffc020000000000000000000000000001030000ffff0000000000000000000000000000000000000000f1ff0000000000000000000000000000000000000000000000000000000000000000040000000000000000aecc128c6fa052d1ca000000000000000000000000000000000000000000000000d51eda33960e5ccd0000000032fd73b525ea0faafe880000000000000000000000000001f1090000000400000000000000000000000000000000000000000000000000000000000000000000800000000000001e4a266666ed3eac9e000000000000000000006caae28cee27ef37000000000000000000000000000000000000000000000000000007db2f000601000000009e967bbe7a5da2e855abc0a2aaa1163f83e590ceef9b5030a57cadf77ef63d151dd166592d3103a91f96b5fc8030e72b306b69e44df0da80577b557853a9730200000000000000b1d0a1b573bd056c5fba2856c4938e93e49dccc76bdd57d2d23a6fd3edc523ce5ff2b19f5491e167f5f404423bcd40c2a48fe26fb0455873b940a886bbea7a1ae914453cd1209f1ee4220e7e27d4d759e6117a4212dc3900d0e1", @ANYRESDEC=r0], 0x190) r8 = dup(r7) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8936, &(0x7f0000000080)={@local, 0x78, r10}) ioctl$sock_inet6_SIOCDIFADDR(r8, 0x8916, &(0x7f0000000000)={@remote, 0x0, r10}) [ 2614.096085] kmem_cache_create(9p-fcall-cache-452) failed with error -12 [ 2614.097311] CPU: 0 PID: 72141 Comm: syz-executor.6 Not tainted 5.10.250 #1 [ 2614.098427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2614.099778] Call Trace: [ 2614.100206] dump_stack+0x107/0x167 [ 2614.100799] kmem_cache_create_usercopy.cold+0x17/0x65 [ 2614.101642] p9_client_create+0xc6a/0x1230 [ 2614.102334] ? p9_client_flush+0x430/0x430 [ 2614.103036] ? trace_hardirqs_on+0x5b/0x180 [ 2614.103725] ? lockdep_init_map_type+0x2c7/0x780 [ 2614.104513] ? __raw_spin_lock_init+0x36/0x110 [ 2614.105253] v9fs_session_init+0x1dd/0x1680 [ 2614.105956] ? lock_release+0x680/0x680 [ 2614.106625] ? kmem_cache_alloc_trace+0x151/0x320 [ 2614.107407] ? v9fs_show_options+0x690/0x690 [ 2614.108125] ? trace_hardirqs_on+0x5b/0x180 [ 2614.108832] ? kasan_unpoison_shadow+0x33/0x50 [ 2614.109583] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2614.110406] v9fs_mount+0x79/0x8f0 [ 2614.110995] ? v9fs_write_inode+0x60/0x60 [ 2614.111663] legacy_get_tree+0x105/0x220 [ 2614.112321] vfs_get_tree+0x8e/0x300 [ 2614.112926] path_mount+0x14ab/0x2200 [ 2614.113543] ? strncpy_from_user+0x9e/0x470 [ 2614.114268] ? finish_automount+0xa90/0xa90 [ 2614.115089] ? getname_flags.part.0+0x1dd/0x4f0 [ 2614.115878] ? _copy_from_user+0xfb/0x1b0 [ 2614.116548] __x64_sys_mount+0x282/0x300 [ 2614.117195] ? copy_mnt_ns+0xa00/0xa00 [ 2614.117831] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2614.118695] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2614.119541] do_syscall_64+0x33/0x40 [ 2614.120157] entry_SYSCALL_64_after_hwframe+0x67/0xd1 [ 2614.120999] RIP: 0033:0x7f4689135b19 [ 2614.121616] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.124592] RSP: 002b:00007f46866ab188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2614.125805] RAX: ffffffffffffffda RBX: 00007f4689248f60 RCX: 00007f4689135b19 [ 2614.126956] RDX: 00000000200000c0 RSI: 0000000020000080 RDI: 0000000000000000 [ 2614.128094] RBP: 00007f46866ab1d0 R08: 0000000020000580 R09: 0000000000000000 [ 2614.129199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.130312] R13: 00007ffc161c421f R14: 00007f46866ab300 R15: 0000000000022000 VM DIAGNOSIS: 09:16:30 Registers: info registers vcpu 0 RAX=ffffffff83e9f9c0 RBX=0000000000000000 RCX=ffffffff83e8762c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83ea0188 RBP=0000000000000000 RSP=ffffffff84e07e38 R8 =0000000000000001 R9 =ffff88806ce3c12b R10=ffffed100d9c7825 R11=0000000000000001 R12=0000000000000000 R13=ffffffff8567b308 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9f9ce RFL=00000206 [-----P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f069418b010 CR3=000000000e6a6000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=006402fe016c6c6f502e726567616e61 XMM02=61746f7420636578650a0a0100010101 XMM03=78650e007a7a7566206365786509006c XMM04=78650a006574616469646e6163206365 XMM05=74756365786511006873616d73206365 XMM06=6578650800737472617473657220726f XMM07=6169727420636578650b006e65672063 XMM08=7a7566206365786509006c61746f7420 XMM09=74616469646e616320636578650e007a XMM10=6511006873616d7320636578650a0065 XMM11=737472617473657220726f7475636578 XMM12=636578650b006e656720636578650800 XMM13=696d20636578650d0065676169727420 XMM14=6e696820636578650a00657a696d696e XMM15=0000736465657320636578650a007374 info registers vcpu 1 RAX=ffffffff83e9f9c0 RBX=0000000000000001 RCX=ffffffff83e8762c RDX=0000000000000000 RSI=0000000000000000 RDI=ffffffff83ea0188 RBP=0000000000000001 RSP=ffff888008987e70 R8 =0000000000000001 R9 =ffff88806cf3c12b R10=ffffed100d9e7825 R11=0000000000000001 R12=0000000000000001 R13=ffffffff8567b308 R14=0000000000000000 R15=dffffc0000000000 RIP=ffffffff83e9f9ce RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00005562047fd678 CR3=000000000e6a6000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001fa0 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=00000000000000000000000000000000 XMM01=00000000000000000000000000000000 XMM02=000000000000000041292dc000000000 XMM03=0000ff00000000000000000000000000 XMM04=732f6c61636f6c2f7273752f3d485441 XMM05=622f6c61636f6c2f7273752f3a6e6962 XMM06=73752f3a6e6962732f7273752f3a6e69 XMM07=6e69622f3a6e6962732f3a6e69622f72 XMM08=00000000000000000000000000000000 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000