at(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:51:17 executing program 4: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x186a3, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:51:17 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 33) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2516.338335] FAULT_INJECTION: forcing a failure. [ 2516.338335] name failslab, interval 1, probability 0, space 0, times 0 [ 2516.340963] CPU: 0 PID: 13942 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2516.342375] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.344059] Call Trace: [ 2516.344604] dump_stack+0x107/0x167 [ 2516.345344] should_fail.cold+0x5/0xa [ 2516.346119] ? create_object.isra.0+0x3a/0xa20 [ 2516.347035] should_failslab+0x5/0x20 [ 2516.347811] kmem_cache_alloc+0x5b/0x310 [ 2516.348624] ? mark_held_locks+0x9e/0xe0 [ 2516.349439] create_object.isra.0+0x3a/0xa20 [ 2516.350329] kmemleak_alloc_percpu+0xa0/0x100 [ 2516.351241] pcpu_alloc+0x4e2/0x1240 [ 2516.352021] do_blk_trace_setup+0x243/0xc10 [ 2516.352885] ? _copy_from_user+0xfb/0x1b0 [ 2516.353717] __blk_trace_setup+0xca/0x180 [ 2516.354545] ? do_blk_trace_setup+0xc10/0xc10 [ 2516.355455] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.356528] blk_trace_ioctl+0x155/0x290 [ 2516.357341] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2516.358322] ? do_vfs_ioctl+0x283/0x10d0 [ 2516.359136] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2516.360195] ? generic_block_fiemap+0x60/0x60 [ 2516.361116] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2516.362087] blkdev_ioctl+0xc1/0x710 [ 2516.362835] ? blkdev_common_ioctl+0x1870/0x1870 [ 2516.363811] ? selinux_file_ioctl+0xb6/0x270 [ 2516.364709] block_ioctl+0xf9/0x140 [ 2516.365433] ? blkdev_read_iter+0x1c0/0x1c0 [ 2516.366301] __x64_sys_ioctl+0x19a/0x210 [ 2516.367136] do_syscall_64+0x33/0x40 [ 2516.367902] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.368952] RIP: 0033:0x7fbe5aa67b19 [ 2516.369702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.373393] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2516.374914] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2516.376347] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2516.377772] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.379214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2516.380650] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2516.427842] FAULT_INJECTION: forcing a failure. [ 2516.427842] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2516.430638] CPU: 1 PID: 13952 Comm: syz-executor.1 Not tainted 5.10.176 #1 [ 2516.432030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.433677] Call Trace: [ 2516.434220] dump_stack+0x107/0x167 [ 2516.434951] should_fail.cold+0x5/0xa [ 2516.435742] __alloc_pages_nodemask+0x182/0x600 [ 2516.436673] ? __kmalloc+0x16e/0x390 [ 2516.437428] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2516.438628] ? trace_hardirqs_on+0x5b/0x180 [ 2516.439514] alloc_pages_current+0x187/0x280 [ 2516.440424] relay_open_buf.part.0+0x2a5/0xc00 [ 2516.441361] relay_open+0x531/0xa10 [ 2516.442110] do_blk_trace_setup+0x4cf/0xc10 [ 2516.442994] ? _copy_from_user+0xfb/0x1b0 [ 2516.443858] __blk_trace_setup+0xca/0x180 [ 2516.444702] ? do_blk_trace_setup+0xc10/0xc10 [ 2516.445614] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.446710] blk_trace_ioctl+0x155/0x290 [ 2516.447547] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2516.448543] ? do_vfs_ioctl+0x283/0x10d0 [ 2516.449379] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2516.450453] ? generic_block_fiemap+0x60/0x60 [ 2516.451368] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2516.452372] blkdev_ioctl+0xc1/0x710 [ 2516.453133] ? blkdev_common_ioctl+0x1870/0x1870 [ 2516.454100] ? selinux_file_ioctl+0xb6/0x270 [ 2516.455004] block_ioctl+0xf9/0x140 [ 2516.455743] ? blkdev_read_iter+0x1c0/0x1c0 [ 2516.456612] __x64_sys_ioctl+0x19a/0x210 [ 2516.457428] do_syscall_64+0x33/0x40 [ 2516.458172] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.459193] RIP: 0033:0x7fd4e354bb19 [ 2516.459948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.463696] RSP: 002b:00007fd4e0ac1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2516.465251] RAX: ffffffffffffffda RBX: 00007fd4e365ef60 RCX: 00007fd4e354bb19 [ 2516.466695] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2516.468159] RBP: 00007fd4e0ac11d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.469615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2516.471077] R13: 00007ffc4172fecf R14: 00007fd4e0ac1300 R15: 0000000000022000 07:51:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xa05000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2516.572803] FAULT_INJECTION: forcing a failure. [ 2516.572803] name failslab, interval 1, probability 0, space 0, times 0 [ 2516.575702] CPU: 0 PID: 13957 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2516.577127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.578830] Call Trace: [ 2516.579508] dump_stack+0x107/0x167 [ 2516.580277] should_fail.cold+0x5/0xa [ 2516.581077] ? create_object.isra.0+0x3a/0xa20 [ 2516.582010] should_failslab+0x5/0x20 [ 2516.582782] kmem_cache_alloc+0x5b/0x310 [ 2516.583617] ? __is_insn_slot_addr+0x123/0x290 [ 2516.584549] create_object.isra.0+0x3a/0xa20 [ 2516.585445] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2516.586484] __kmalloc_track_caller+0x177/0x370 [ 2516.587423] ? kstrdup_const+0x53/0x80 [ 2516.588233] kstrdup+0x36/0x70 [ 2516.588893] kstrdup_const+0x53/0x80 [ 2516.589653] __kernfs_new_node+0x9d/0x850 [ 2516.590506] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2516.591476] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.592584] kernfs_create_dir_ns+0x9c/0x230 [ 2516.593489] sysfs_create_dir_ns+0x127/0x290 [ 2516.594386] ? sysfs_create_mount_point+0xb0/0xb0 [ 2516.595371] ? rwlock_bug.part.0+0x90/0x90 [ 2516.596254] ? class_dir_child_ns_type+0x9/0x60 [ 2516.597200] kobject_add_internal+0x25e/0xa30 [ 2516.598306] kobject_add+0x150/0x1c0 [ 2516.599065] ? kset_create_and_add+0x1a0/0x1a0 [ 2516.600079] ? lockdep_init_map_type+0x2c7/0x780 [ 2516.601051] device_add+0x35a/0x1bc0 [ 2516.601843] ? devlink_add_symlinks+0x970/0x970 [ 2516.602797] device_create_groups_vargs+0x207/0x280 [ 2516.603859] device_create+0xdc/0x120 [ 2516.604642] ? device_create_groups_vargs+0x280/0x280 [ 2516.605684] ? init_timer_key+0x12a/0x240 [ 2516.606532] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2516.607519] mac80211_hwsim_new_radio+0x352/0x4250 [ 2516.608509] ? ____sys_sendmsg+0x70d/0x870 [ 2516.609359] ? ___sys_sendmsg+0xf3/0x170 [ 2516.610170] ? __sys_sendmsg+0xe5/0x1b0 [ 2516.610974] ? do_syscall_64+0x33/0x40 [ 2516.611770] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.612841] ? lock_acquire+0x197/0x470 [ 2516.613639] ? create_object.isra.0+0x3ad/0xa20 [ 2516.614587] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2516.615552] hwsim_new_radio_nl+0x991/0x1080 [ 2516.616445] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2516.617499] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2516.618827] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2516.620148] genl_family_rcv_msg_doit+0x22d/0x330 [ 2516.621123] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2516.622441] ? cap_capable+0x1d6/0x240 [ 2516.623236] ? ns_capable+0xe2/0x110 [ 2516.624015] genl_rcv_msg+0x33c/0x5a0 [ 2516.624790] ? genl_get_cmd+0x480/0x480 [ 2516.625590] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2516.626627] ? lock_release+0x680/0x680 [ 2516.627426] ? netlink_deliver_tap+0xf4/0xcd0 [ 2516.628342] netlink_rcv_skb+0x14b/0x430 [ 2516.629159] ? genl_get_cmd+0x480/0x480 [ 2516.629963] ? netlink_ack+0xab0/0xab0 [ 2516.630752] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2516.631686] ? is_vmalloc_addr+0x7b/0xb0 [ 2516.632503] genl_rcv+0x24/0x40 [ 2516.633164] netlink_unicast+0x549/0x7f0 [ 2516.633990] ? netlink_attachskb+0x870/0x870 [ 2516.634870] ? __virt_addr_valid+0x128/0x350 [ 2516.635789] netlink_sendmsg+0x90f/0xdf0 [ 2516.636617] ? netlink_unicast+0x7f0/0x7f0 [ 2516.637484] ? netlink_unicast+0x7f0/0x7f0 [ 2516.638337] sock_sendmsg+0x154/0x190 [ 2516.639107] ____sys_sendmsg+0x70d/0x870 [ 2516.639936] ? kernel_sendmsg+0x50/0x50 [ 2516.640733] ? do_recvmmsg+0x6d0/0x6d0 [ 2516.641517] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.642572] ? lock_downgrade+0x6d0/0x6d0 [ 2516.643413] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.644485] ___sys_sendmsg+0xf3/0x170 [ 2516.645275] ? sendmsg_copy_msghdr+0x160/0x160 [ 2516.646201] ? lock_downgrade+0x6d0/0x6d0 [ 2516.647035] ? find_held_lock+0x2c/0x110 [ 2516.647870] ? __fget_files+0x296/0x4c0 [ 2516.648682] ? __fget_light+0xea/0x290 [ 2516.649480] __sys_sendmsg+0xe5/0x1b0 [ 2516.650243] ? __sys_sendmsg_sock+0x40/0x40 [ 2516.651110] ? rcu_read_lock_any_held+0x75/0xa0 [ 2516.652082] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2516.653139] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2516.654178] ? trace_hardirqs_on+0x5b/0x180 [ 2516.655046] do_syscall_64+0x33/0x40 [ 2516.655806] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.656831] RIP: 0033:0x7f09254a5b19 [ 2516.657587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.661254] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2516.662787] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2516.664225] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2516.665651] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.667065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2516.668490] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:51:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xb00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:51:17 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 70) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:51:17 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 8) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:51:17 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x2000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2516.790867] FAULT_INJECTION: forcing a failure. [ 2516.790867] name failslab, interval 1, probability 0, space 0, times 0 [ 2516.793659] CPU: 0 PID: 13974 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2516.795071] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.796758] Call Trace: [ 2516.797299] dump_stack+0x107/0x167 [ 2516.798044] should_fail.cold+0x5/0xa [ 2516.798834] ? __d_alloc+0x2a/0x990 [ 2516.799592] should_failslab+0x5/0x20 [ 2516.800368] kmem_cache_alloc+0x5b/0x310 [ 2516.801192] __d_alloc+0x2a/0x990 [ 2516.801908] d_alloc_parallel+0x111/0x1bc0 [ 2516.802782] ? __lock_acquire+0x1657/0x5b00 [ 2516.803677] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.804739] ? __d_lookup_rcu+0x6d0/0x6d0 [ 2516.805578] ? mark_lock+0xf5/0x2df0 [ 2516.806333] ? lockdep_init_map_type+0x2c7/0x780 [ 2516.807287] ? lockdep_init_map_type+0x2c7/0x780 [ 2516.808273] __lookup_slow+0x193/0x490 [ 2516.809072] ? lookup_open.isra.0+0x1270/0x1270 [ 2516.810013] ? __d_lookup+0x3bf/0x760 [ 2516.810788] ? d_lookup+0xcc/0x130 [ 2516.811532] lookup_one_len+0x167/0x1a0 [ 2516.812340] ? __lookup_slow+0x490/0x490 [ 2516.813156] ? down_write_killable+0x180/0x180 [ 2516.814081] ? do_raw_spin_unlock+0x4f/0x220 [ 2516.814974] ? mntput+0xc/0x90 [ 2516.815642] start_creating.part.0+0x10a/0x230 [ 2516.816582] __debugfs_create_file+0xdb/0x530 [ 2516.817488] do_blk_trace_setup+0x3fb/0xc10 [ 2516.818359] ? _copy_from_user+0xfb/0x1b0 [ 2516.819197] __blk_trace_setup+0xca/0x180 [ 2516.820050] ? do_blk_trace_setup+0xc10/0xc10 [ 2516.820956] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.822032] blk_trace_ioctl+0x155/0x290 [ 2516.822856] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2516.823851] ? do_vfs_ioctl+0x283/0x10d0 [ 2516.824673] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2516.825726] ? generic_block_fiemap+0x60/0x60 [ 2516.826630] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2516.827618] blkdev_ioctl+0xc1/0x710 [ 2516.828370] ? blkdev_common_ioctl+0x1870/0x1870 [ 2516.829324] ? selinux_file_ioctl+0xb6/0x270 [ 2516.830213] block_ioctl+0xf9/0x140 [ 2516.830948] ? blkdev_read_iter+0x1c0/0x1c0 [ 2516.831821] __x64_sys_ioctl+0x19a/0x210 [ 2516.832641] do_syscall_64+0x33/0x40 [ 2516.833393] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.834437] RIP: 0033:0x7fbe5aa67b19 [ 2516.835188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.838909] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2516.840442] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2516.841895] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2516.843343] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.844788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2516.846229] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:51:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xd00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2516.951935] FAULT_INJECTION: forcing a failure. [ 2516.951935] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2516.954607] CPU: 1 PID: 13977 Comm: syz-executor.1 Not tainted 5.10.176 #1 [ 2516.956034] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2516.957721] Call Trace: [ 2516.958266] dump_stack+0x107/0x167 [ 2516.959006] should_fail.cold+0x5/0xa [ 2516.959816] __alloc_pages_nodemask+0x182/0x600 [ 2516.960773] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2516.961881] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2516.963103] ? write_comp_data+0x2f/0x80 [ 2516.963945] alloc_pages_current+0x187/0x280 [ 2516.964848] relay_open_buf.part.0+0x2a5/0xc00 [ 2516.965785] relay_open+0x531/0xa10 [ 2516.966535] do_blk_trace_setup+0x4cf/0xc10 [ 2516.967414] ? _copy_from_user+0xfb/0x1b0 [ 2516.968278] __blk_trace_setup+0xca/0x180 [ 2516.969112] ? do_blk_trace_setup+0xc10/0xc10 [ 2516.970036] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2516.971115] blk_trace_ioctl+0x155/0x290 [ 2516.971953] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2516.972955] ? do_vfs_ioctl+0x283/0x10d0 [ 2516.973782] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2516.974837] ? generic_block_fiemap+0x60/0x60 [ 2516.975762] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2516.976727] blkdev_ioctl+0xc1/0x710 [ 2516.977483] ? blkdev_common_ioctl+0x1870/0x1870 [ 2516.978434] ? selinux_file_ioctl+0xb6/0x270 [ 2516.979325] block_ioctl+0xf9/0x140 [ 2516.980069] ? blkdev_read_iter+0x1c0/0x1c0 [ 2516.980940] __x64_sys_ioctl+0x19a/0x210 [ 2516.981756] do_syscall_64+0x33/0x40 [ 2516.982510] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2516.983541] RIP: 0033:0x7fd4e354bb19 [ 2516.984304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2516.988043] RSP: 002b:00007fd4e0ac1188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2516.989592] RAX: ffffffffffffffda RBX: 00007fd4e365ef60 RCX: 00007fd4e354bb19 [ 2516.991033] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2516.992488] RBP: 00007fd4e0ac11d0 R08: 0000000000000000 R09: 0000000000000000 [ 2516.993923] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2516.995352] R13: 00007ffc4172fecf R14: 00007fd4e0ac1300 R15: 0000000000022000 07:51:33 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 34) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:51:33 executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000140)=[{&(0x7f0000010000)="200000000002000019000000800100000f000000000000000100000005000000000004000040000020000000d9f4655fd9f4655f0100ffff53ef010001000000d9f4655f000000000000000001000000000000000b0000000004000008000000d2c201001203", 0x66, 0x400}, {&(0x7f0000010100)="0000009e44ba9a8dcb77402e9f7101004000"/31, 0x1f, 0x4e0}, {0x0, 0x0, 0x200000000000540}, {&(0x7f0000010400)="02000000030000000400000018000f000300040000000000000000000f00c2b4", 0x20, 0x800}, {&(0x7f0000000080)="ed41feffff070000d9f4655fd9f4655fd9f4655f000000000000040040", 0x1d, 0x566d}], 0x60805, &(0x7f0000000000)) [ 2532.413693] FAULT_INJECTION: forcing a failure. [ 2532.413693] name failslab, interval 1, probability 0, space 0, times 0 [ 2532.416388] CPU: 1 PID: 14006 Comm: syz-executor.3 Not tainted 5.10.176 #1 07:51:33 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x1da, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:51:33 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x34000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:51:33 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x3f00, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:51:33 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 71) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:51:33 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 9) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:51:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2532.417779] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2532.419756] Call Trace: [ 2532.420309] dump_stack+0x107/0x167 [ 2532.421054] should_fail.cold+0x5/0xa [ 2532.421826] ? create_object.isra.0+0x3a/0xa20 [ 2532.422753] should_failslab+0x5/0x20 [ 2532.423524] kmem_cache_alloc+0x5b/0x310 [ 2532.424354] create_object.isra.0+0x3a/0xa20 [ 2532.425246] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2532.426268] kmem_cache_alloc+0x159/0x310 [ 2532.427114] __d_alloc+0x2a/0x990 [ 2532.427835] d_alloc_parallel+0x111/0x1bc0 [ 2532.428708] ? __lock_acquire+0x1657/0x5b00 [ 2532.429577] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2532.430631] ? __d_lookup_rcu+0x6d0/0x6d0 [ 2532.431462] ? mark_lock+0xf5/0x2df0 [ 2532.432218] ? lockdep_init_map_type+0x2c7/0x780 [ 2532.433167] ? lockdep_init_map_type+0x2c7/0x780 [ 2532.434130] __lookup_slow+0x193/0x490 [ 2532.434914] ? lookup_open.isra.0+0x1270/0x1270 [ 2532.435862] ? __d_lookup+0x3bf/0x760 [ 2532.436638] ? d_lookup+0xcc/0x130 07:51:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1100000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2532.437358] lookup_one_len+0x167/0x1a0 [ 2532.438246] ? __lookup_slow+0x490/0x490 [ 2532.439060] ? down_write_killable+0x180/0x180 [ 2532.440006] ? do_raw_spin_unlock+0x4f/0x220 [ 2532.440903] ? mntput+0xc/0x90 [ 2532.441566] start_creating.part.0+0x10a/0x230 [ 2532.441627] FAULT_INJECTION: forcing a failure. [ 2532.441627] name failslab, interval 1, probability 0, space 0, times 0 [ 2532.442489] __debugfs_create_file+0xdb/0x530 [ 2532.442519] do_blk_trace_setup+0x3fb/0xc10 [ 2532.446519] ? _copy_from_user+0xfb/0x1b0 [ 2532.447367] __blk_trace_setup+0xca/0x180 [ 2532.448225] ? do_blk_trace_setup+0xc10/0xc10 [ 2532.449123] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2532.450197] blk_trace_ioctl+0x155/0x290 [ 2532.451015] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2532.452005] ? do_vfs_ioctl+0x283/0x10d0 [ 2532.452819] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2532.453866] ? generic_block_fiemap+0x60/0x60 [ 2532.454765] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2532.455753] blkdev_ioctl+0xc1/0x710 [ 2532.456504] ? blkdev_common_ioctl+0x1870/0x1870 [ 2532.457455] ? selinux_file_ioctl+0xb6/0x270 [ 2532.458354] block_ioctl+0xf9/0x140 [ 2532.459087] ? blkdev_read_iter+0x1c0/0x1c0 [ 2532.459973] __x64_sys_ioctl+0x19a/0x210 [ 2532.460794] do_syscall_64+0x33/0x40 [ 2532.461541] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2532.462572] RIP: 0033:0x7fbe5aa67b19 [ 2532.463319] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2532.467048] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2532.468603] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2532.470043] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2532.471475] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2532.472918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2532.474351] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2532.475823] CPU: 0 PID: 14000 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2532.477227] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2532.478892] Call Trace: [ 2532.479427] dump_stack+0x107/0x167 [ 2532.480189] should_fail.cold+0x5/0xa [ 2532.480959] ? __kernfs_new_node+0xd4/0x850 [ 2532.481833] should_failslab+0x5/0x20 [ 2532.482598] kmem_cache_alloc+0x5b/0x310 [ 2532.483423] __kernfs_new_node+0xd4/0x850 [ 2532.484280] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2532.485242] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2532.486316] kernfs_create_dir_ns+0x9c/0x230 [ 2532.487210] sysfs_create_dir_ns+0x127/0x290 [ 2532.488112] ? sysfs_create_mount_point+0xb0/0xb0 [ 2532.489082] ? rwlock_bug.part.0+0x90/0x90 [ 2532.489942] ? class_dir_child_ns_type+0x9/0x60 [ 2532.490897] kobject_add_internal+0x25e/0xa30 [ 2532.491821] kobject_add+0x150/0x1c0 [ 2532.492567] ? kset_create_and_add+0x1a0/0x1a0 [ 2532.493495] ? lockdep_init_map_type+0x2c7/0x780 [ 2532.494465] device_add+0x35a/0x1bc0 [ 2532.495216] ? devlink_add_symlinks+0x970/0x970 [ 2532.496174] device_create_groups_vargs+0x207/0x280 [ 2532.497181] device_create+0xdc/0x120 [ 2532.497948] ? device_create_groups_vargs+0x280/0x280 [ 2532.498983] ? init_timer_key+0x12a/0x240 [ 2532.499831] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2532.500811] mac80211_hwsim_new_radio+0x352/0x4250 [ 2532.501789] ? ____sys_sendmsg+0x70d/0x870 [ 2532.502632] ? ___sys_sendmsg+0xf3/0x170 [ 2532.503444] ? __sys_sendmsg+0xe5/0x1b0 [ 2532.504255] ? do_syscall_64+0x33/0x40 [ 2532.505034] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2532.506101] ? lock_acquire+0x197/0x470 [ 2532.506897] ? create_object.isra.0+0x3ad/0xa20 [ 2532.507846] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2532.508791] hwsim_new_radio_nl+0x991/0x1080 [ 2532.509679] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2532.510735] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2532.512062] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2532.513374] genl_family_rcv_msg_doit+0x22d/0x330 [ 2532.514346] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2532.515664] ? cap_capable+0x1d6/0x240 [ 2532.516470] ? ns_capable+0xe2/0x110 [ 2532.517224] genl_rcv_msg+0x33c/0x5a0 [ 2532.517993] ? genl_get_cmd+0x480/0x480 [ 2532.518792] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2532.519840] ? lock_release+0x680/0x680 [ 2532.520636] ? netlink_deliver_tap+0xf4/0xcd0 [ 2532.521540] netlink_rcv_skb+0x14b/0x430 [ 2532.522356] ? genl_get_cmd+0x480/0x480 [ 2532.523157] ? netlink_ack+0xab0/0xab0 [ 2532.523975] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2532.524889] ? is_vmalloc_addr+0x7b/0xb0 [ 2532.525707] genl_rcv+0x24/0x40 [ 2532.526369] netlink_unicast+0x549/0x7f0 [ 2532.527191] ? netlink_attachskb+0x870/0x870 [ 2532.528082] ? __virt_addr_valid+0x128/0x350 [ 2532.528973] netlink_sendmsg+0x90f/0xdf0 [ 2532.529794] ? netlink_unicast+0x7f0/0x7f0 [ 2532.530652] ? netlink_unicast+0x7f0/0x7f0 [ 2532.531496] sock_sendmsg+0x154/0x190 [ 2532.532276] ____sys_sendmsg+0x70d/0x870 [ 2532.533091] ? kernel_sendmsg+0x50/0x50 [ 2532.533883] ? do_recvmmsg+0x6d0/0x6d0 [ 2532.534668] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2532.535744] ? lock_downgrade+0x6d0/0x6d0 [ 2532.536578] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2532.537631] ___sys_sendmsg+0xf3/0x170 [ 2532.538412] ? sendmsg_copy_msghdr+0x160/0x160 [ 2532.539331] ? lock_downgrade+0x6d0/0x6d0 [ 2532.540171] ? find_held_lock+0x2c/0x110 [ 2532.540993] ? __fget_files+0x296/0x4c0 [ 2532.541803] ? __fget_light+0xea/0x290 [ 2532.542588] __sys_sendmsg+0xe5/0x1b0 [ 2532.543350] ? __sys_sendmsg_sock+0x40/0x40 [ 2532.544230] ? rcu_read_lock_any_held+0x75/0xa0 [ 2532.545176] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2532.546231] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2532.547260] ? trace_hardirqs_on+0x5b/0x180 [ 2532.548133] do_syscall_64+0x33/0x40 [ 2532.548881] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2532.549904] RIP: 0033:0x7f09254a5b19 [ 2532.550649] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2532.554324] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2532.555860] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2532.557286] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2532.558706] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2532.560139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2532.561560] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2532.564419] kobject_add_internal failed for hwsim803 (error: -12 parent: mac80211_hwsim) 07:51:33 executing program 4: perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x6f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r1, 0x0, r0, 0x0, 0x10001, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105142, 0x0) ioctl$sock_inet6_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000000c0)={@remote, @local, @private0={0xfc, 0x0, '\x00', 0x1}, 0xfff, 0x1f, 0xff, 0x0, 0x2, 0x2}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/exe\x00', 0x0, 0x0) copy_file_range(r3, 0x0, r2, 0x0, 0x10001, 0x0) [ 2532.618842] blktrace: Concurrent blktraces are not allowed on loop0 07:51:33 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:51:33 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4084, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:51:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1201000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:51:48 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1600000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:51:48 executing program 4: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) write$binfmt_script(r0, &(0x7f0000000080)={'#! ', './file0', [{0x20, '\xff\xff'}, {}], 0xa, "d3696a78cea2776aa42eafc2075a13e1f2387dfc88694780dc8622dc9a9c0025e4fe3b7ecd867910c16ffe50292594c00581b33266df74d015d6b4761459169d40ebfe1d70e6c98ba8cb979df929a0e06068168f3627d87e259cdabe9339374aba124d28ceb0dfcb9f87f83c92745ba2ca44d9a54a15c7e9325b78191a57cd3d8ba47e3f1fbdef0e56ecd44eaf39c74d035f0c0ca540b5c43ed86bda16a01dd02e94207d89e1c371d28c16daf034d4e9084ea22d670287f6acd2169da7a1d3ea50fce414fd5ff85a3ab604bfa599d7b371f3e88ff4906aa2e4a868f1e43e767ffda624c58221d997113de6d81dcc8425f6cc79d494af27f1a72355bcffc5a7281bca75d825dbef0c373ee50de08f55218ee9fef78f400b512d886c5ca5361b3c1872550f7ff055bd1983e6a663ab7b587419c1ef4bc1f41baece6445de0596f565b1568978266de35f787b4ff4f4015a0fa1882490312defed36d5531ed0197c66acad94e34f4cfabee369adf4904bd0ee09c72d70cbce3691e452b7970c1f480647eb4c7ba8e72455bb426edbd78b7acb237dec5327e9daa49c9a52d1f255e3372177bc4a64e58fef3fb963f0f718530d7dce391639b18f215f7880294fcedc01f7a11053ada1f4f27af24389a3b7eb76a9475ddb4950c7fd9c65df4e73b1e52de7caf3bc688aecab1db232e1bcc80596b177f6f26cee8077b7ee69b908b952cac554b3167bb50f3dc3f9a293261bf165f71d0129e065f28c447756a4dc9f56e2c196fdecf446ae26c477438d31f1b74e6f7ed50ab3d1ce3a4e8a3fdfe8b3aee836f797949ace7e7a73961cefe495669068fb782a54b099dc94ace362494ed4c47a1a56c6079cd21e9df8ddae32b20bb4e4a936fd2ad02880e1bf034af4b630cf2a8895b4eadc90a68f347cdd2ccc24c9ba7a512bef79fdfb0a3157c8f274cb66ca41edd31db392a63c3a947c72d2b64c4eb1ade423e20b2bcafe4d9c2742d3665aa59ce9f5055117199c0af585f19921da9dec251b97d3506a930c9a57e14390f5e9661aca58a7b4d2ea151815c1b54539f46f34722dc8c516f8c8d3ff8df799b72f01d8b6ddc10c8e91de9e8df2c2a16df3bbb69d7161e15460a04466106bed4a0b1b60223b9fa990041df07c8f104acb508b8d56962b578fb65b8204b0ee5d733400f6e44ae20b2127a80c640eaa7a620b8c47bc8c76a1d03095e2960db030054120531961e8d8c2a18c72b86bdcbec271aa97d259c95a8bf99e13ca6eca7e09f3282652e7e9ac678722afc54d2a499119d457a9058b5e0ad51281732132d61f43f27899d3d8767759264bc94c846deeeed11f000ca0c87c8f596495ee3962f9e294fd301da1ee9477f3dde8f831dd2e881668b82c963569d1331714cdf7e10c2718950d40ec8f93d96fe425d1ac670de13d8e04a5fd444f24bc086ef8f8d7bcf63fd319011c087e7ae8bfec529a7468f1453a8945ff21840fba2e6c6af3ba437e4669579263dbd497ea44fc52871535a8e665b1ea383c0f705290a161bcf814be0cf41843414809c197184b0a47a0d56a266ce564c29afa8be0b1c5b7d96fce152107fccbca399a73c3bbfd8873a84e076a01b90ced2d4f184669120e4e9d55bf5d9ede81808dd1ce87cf0481bd39fddffedcf720223736a7670b627435614129ae6f262780fff427c4f717dab19ad1986d472833af6d235abc6f999e10fe8745b5d9bbd22b3dc1593e8b16a1a21d0c2fdfbfcd599d82ad98c2e79319c75b66c33c004548d22669e6ae5fe43996b25b5e52070e0b3bf7c1eba16159f13876a8fbb55a41964c397ee3a02eda2445478869da62b5242de607cb171002bfb9f51a04da3a3fdb5c18bd8f04401f058bcd572fa362002ae3cd6fe13241263fe27cff9bc3b1bd599e0a262589675156a6f6ed83f27f21e0085840d29597a542a4ffcfd642dd4aa770512bd9296ea4885846628accbe785dad1e993bb72acc6976bdb369688d3c59b67e316d08c3f8225919eee04db43409d80f442c518c80f3df306dfdd5e326da2c445edfb3cb190cef986ccd706afb9cc8512f8a095b04c70ab7dcf2eb87a8110b710fafcd74db765cd37031dc8732852cb637606d09fae01fac11355632a7b605050ad0478735be6259743a1ae506d0a6ddfb7c682280160fb6f54ed6ecdae781b350e7376baede5e26657a1bb667e25fc8c9d848361c14873f291d660a7f5613c25efaa9ff08339de77d306d9267d610c6e9f0a7190d17e698f56fc4b1a2edba76a6dfc55713d3a7f05e3c29c756bb9ded2fe22df7604a2e63ec2c570c803ee887d2299281e93fb70cf01510cc2249c8f560e60796d897429bc4a9f32350dc3981b58480b37c547fab669ace1a777595c6ee83fdaa25b51b6dd7fbd465f77652e2d0dc449c96c894b49a946abb47e97426cf3f917982f27bbeae8dd56d35c5d563c4f34607e4776f59bf47f3a494953e5b895618df832914b193cecfbb08b213fe85be30718ab81a1c8b10114e52c9ee3cac71dca9fc6b1fa38223a9410d87cf9b05c0737ffc32b1e14e6395ff1f8955a40d0d57d109bfdce66c1b53d688921f212208645ed7be32946e09dc33641dd8c15a20e13d19d08e03abba31b2da3afc7aad98508c53a4c942f74777d3bcdee47b6248411f494b4a4feb14976b5ea2f51cd1cf11081ba591b6ccc68f0c30ae24ef53e9399440a334d111cb5050a77f6285856526269b646599cb680bf34e33a9a962e7c5a7f35fd17e47294c8c73157fbceb77ea4f01ccab08f1ca7af64600ce93b46673eadf3ac7648add71b562b83aa0fff8ad3501db39de487a4c4ecae3e36f9f7c1e13705a3523c327d430fe4a146fc892191102dc430292e08204c4e1c1572ad64ab06569e8871a61f337297f0e4d1c603df5b5eb038c71f38da5ddd5d8ff260f1b784607ea8dd339ea3d112bfb6454da81324766924d1849a3865cb54957818f115e3ff76b43c9c53b83ea6923e391a1a817fb7b29033ec6a037838118f8f615bbd0a2635abf90ce3451bb3d91356299b3effda872afca06cafe4dbd6bbff419052d1ca3e4bad333d10e63447183eafce941c7de8ab2017e5db727b8464b762c7f333d82fc5a099019aee008aa5088283fd87a9b4f30bb70f0a2481103ae9e186f4b992f2f983548d6fb342f87a1bc46e75d2a9646b8799ba994fe2aae9b87078e86cd4376fd873c9d9d2a036599f320309a68ef069bbd92424ba5931002f2c63c3ec71d4a1bfd67467a7b17c492336f73e178f91e831b851d3b219ea5dd8dadd9c0e731aab11a4760c36ab2399cf26c1600f0b661aad4c6de7ed34f8784ba6db9055c5b18251be804ab396fb3ce15b1019b165913f754da138e4dd9a5cf546d4ba5821b1fac26e807adbe531d1db86a94b7035444a82225ce53db10e29f42b96abdaeda8edeca1edd53916dde8dc75978dcec4e3753c4b066352c3c05cba4cc39021255e1366c323138f12432f4e4c6b8d2d707c5f4a28064d68cc5840c98c9478824c4ea3b4453dc4e453e2ed47eaf218bf02be5fb5fc45507a9591fda8bf6da28005e675883c9ec501460b03300ad2d2aea33dd42659230ecd1d4acc781b9c724fa396e4dc4091fb661254ffc7add163d0a73263ce5785d8d7a4aaa78f9a659521b405da9608d3a7ff35b3ea5d53ae2da9b200ff22c67962ba74e22d819107f875a25d925d2a9f7ddc9e7bf4f16d47fbbe2a05eab069eedc98dfbc6dea560616605ffe12e5848123c0d5b27c12f9163019185a890a0b48de4829652432cd4e3dbbfeee217e20c63df7fd6753679c4ecb2244127a7276da53909dac4601dd8b7b7d3579200190034519f4f1f976d4de3357e3b591ffc0d6ab4ba091c29099f975b3532c655c2d6d11f141dfae6a64bb845309673b5420f512a0cb0fd23ee84dd3e2ed5e5b92e30d3b94b1bdc09d77437a2068b1169d6e18013095bac26607fe16bade78de6d27f4011f47b2435f0c09241bf4a692abeb5ac67c864d4ee14e928af6c390b5c84bb7391bd02eb67bfe00383e862f8d6440a2139aaa1f6c5ac64c0b01e121e962fca04c12f0ce716f849abe77761c197b714f49c70daeab116531246d92cbb5b124d1968e0518efa4e1841da602383fdb4758333dbb339b46f09514b323b37c2d80078f797bc3345af43d4d3912098b7dec18b372f065b30a333c9490e3c67438f2c19dea9bda8da111f74ce11e74ee7db2d8e812a451f7405b9f265519de8800804ba2807d727d5949e579ab07adbe87b902aad30f6bc3da01109671fbf753ed32062e297ea3ec57c6661c98d6529aa6a956600f550e781d5117749f8e8c17e9c071a72373c4f90ed1851b97272db30663655cdd67888bdfe3849b605aa86ae7d9b03f2a5f639529e367519da52356a21dac21deadcdd765d9a0804e250ba7b9f315b359a5bd5f673da8fabe3fb5484295fb6d595dcd368cfbf6ea621e6af86a1d6ca55c1c0d6658f2c901db90068a0d36fdb94b28bca87a1a76a5d1bbdcce48aeef5778f19590fee52e3ed6c412d64296e2c1f46b9944d562fca2ff96b456a60d59e541fee56720423efabe96ce86ee17cf5a6da6f9b4e3a73867acef216a72fee6a9cdd51074f0568ba83ebf92e883495e93dbf591a53a9787a16889392bdf4de70a984a52d36018dc32da947669dac785a6cbc5b4a5c9d341e35211f6643aa9ee6054f15e854ceb846f5855108be8b06bbd47b54655930847487ec38c89d07385669ebd15f2e08b77d7a4d795fc8bdcfc50fa3a31a27d67c74a3efc00c639bf4940e38c7e6b4eb953d0f8ff4b9915c1f4564914681357655453d9271e227036a70ab51ba11c42961012df08b106d3b4e3e92ba95afeb4fb7dcfd56c45ced5c470198969ef28a68a52b53bf139311eeab28a01985df0673af0202ff8ad85d2e2e2f5b2b2dcf8d9601174290bb02fd7e55720f2f09a06cc51669c8d8a5c8fabcfbe5d5f8696ae9667c4de69d51efca1db22245501605765857b3edbe23bc0689ad8d80f9f39fca977e4c0c37214a707f80169fb0dfd5d169cbd6d16a108af6c9c657032965365c7c12032f1c700641703820114a6f89ed0ec01e98936dd110c3452fc3aca229faf8871e2501c721432e32e58660a80eff40111f9d39c3b833e920b15cfae268978d37450109196a76f901f48a5f1f48bbc563df35f75172569876927da0e0d76f4ec80fb8af6da1485d59374624d97710fc731806d777398e083f40e489f3e84e21c4d1b74f8c2f7dc81e64eb747315502571a90ea47a8f334349e1c2fbee7c53e0035ae6fe540f02bce503c537ff969f4c05a839283f41a4d449ab34d0056f2f99553422c841459c6a978f9761c2f10b91d1da68a36a3679b9132ab15ea925f4c83c44202eec87e675b5ccd33a8d40f5fa62ad45777d8bab461ed4358d0651d9f45877c03e527e6c73bf6d3273c5b371cf028cd22233183630dad5fd6351be8f55c8440992c1f606a5ac82ef1cc6f6d372729ea7b8938515229edc692c8dde0f8d033fc8e4a06064ac438c6eb8453e06cbab6d67216f5c1515e006449f477416740c596486ff10fe5d544b0dd1063a07f3c250fbf0780ba980b3c32317830880c779ed65803740f75dcd4fe388a41abeca9667c0785cefca725c2d9db35b2701e5628039035e0beb5388ae73087d24f3a92640ed57e07b136c2c90557f48c3c0004d3299c438ad7df213dc65c980f0bee775538ae7242fa1e36b2f2535534d59b0bd259a7c377c2425e1b343373eaf99a4cb3e44aa0749"}, 0x100f) syz_emit_ethernet(0x66, &(0x7f0000001240)=ANY=[@ANYBLOB="0180c200000000000000000086dd601d66090000301100fc020000000000000000000000000000ff0200000000000000000000000000010200907800000002600000000000000000000000000000000000ffff0000000000000000000000000000ffffe0000002"], 0x0) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f00000010c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x5}}, './file0\x00'}) r2 = syz_genetlink_get_family_id$devlink(&(0x7f0000001140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_SB_OCC_SNAPSHOT(r1, &(0x7f0000001340)={&(0x7f0000001100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000001300)={&(0x7f0000001380)={0x170, r2, 0x800, 0x70bd26, 0x25dfdbfb, {}, [{@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x7}}, {@nsim={{}, {0x0, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0xefc}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x527}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3f}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x8}}, {@pci, {0x8, 0xb, 0x2}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xfffffe26, 0xb, 0x20}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x1f}}, {@nsim={{0xe}, {0x6d, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7}}]}, 0x170}, 0x1, 0x0, 0x0, 0x4000000}, 0x20000000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001180), 0x400000, 0x0) fsetxattr$trusted_overlay_redirect(r3, &(0x7f00000011c0), &(0x7f0000001200)='./file1\x00', 0x8, 0x1) 07:51:48 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 10) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:51:48 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x300, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:51:48 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4800, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:51:48 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 35) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:51:48 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x80000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:51:48 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x2, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2547.221742] FAULT_INJECTION: forcing a failure. [ 2547.221742] name failslab, interval 1, probability 0, space 0, times 0 [ 2547.224405] CPU: 1 PID: 14052 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2547.225800] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2547.227462] Call Trace: [ 2547.228008] dump_stack+0x107/0x167 [ 2547.228746] should_fail.cold+0x5/0xa [ 2547.229520] ? alloc_inode+0x171/0x240 [ 2547.230312] should_failslab+0x5/0x20 [ 2547.231085] kmem_cache_alloc+0x5b/0x310 [ 2547.231931] ? __lookup_slow+0x490/0x490 [ 2547.232760] alloc_inode+0x171/0x240 [ 2547.233516] new_inode+0x23/0x250 [ 2547.234219] debugfs_get_inode+0x1a/0x130 [ 2547.235070] __debugfs_create_file+0x14e/0x530 [ 2547.236014] do_blk_trace_setup+0x3fb/0xc10 [ 2547.236895] ? _copy_from_user+0xfb/0x1b0 [ 2547.237737] __blk_trace_setup+0xca/0x180 [ 2547.238576] ? do_blk_trace_setup+0xc10/0xc10 [ 2547.239487] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2547.240573] blk_trace_ioctl+0x155/0x290 [ 2547.241401] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2547.242397] ? do_vfs_ioctl+0x283/0x10d0 [ 2547.243217] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2547.244299] ? generic_block_fiemap+0x60/0x60 [ 2547.245209] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2547.246189] blkdev_ioctl+0xc1/0x710 [ 2547.246942] ? blkdev_common_ioctl+0x1870/0x1870 [ 2547.247918] ? selinux_file_ioctl+0xb6/0x270 [ 2547.248813] block_ioctl+0xf9/0x140 [ 2547.249547] ? blkdev_read_iter+0x1c0/0x1c0 [ 2547.250421] __x64_sys_ioctl+0x19a/0x210 [ 2547.251245] do_syscall_64+0x33/0x40 [ 2547.252021] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2547.253103] RIP: 0033:0x7fbe5aa67b19 [ 2547.253859] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2547.257579] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2547.259136] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2547.260581] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2547.262021] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2547.263459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2547.264920] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2547.266741] debugfs: out of free dentries, can not create file 'dropped' [ 2547.285965] FAULT_INJECTION: forcing a failure. [ 2547.285965] name failslab, interval 1, probability 0, space 0, times 0 [ 2547.288563] CPU: 1 PID: 14059 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2547.289984] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2547.291680] Call Trace: [ 2547.292231] dump_stack+0x107/0x167 [ 2547.292974] should_fail.cold+0x5/0xa [ 2547.293761] ? create_object.isra.0+0x3a/0xa20 [ 2547.294701] should_failslab+0x5/0x20 [ 2547.295483] kmem_cache_alloc+0x5b/0x310 [ 2547.296341] create_object.isra.0+0x3a/0xa20 [ 2547.297248] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2547.298278] kmem_cache_alloc+0x159/0x310 [ 2547.299128] __kernfs_new_node+0xd4/0x850 [ 2547.299984] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2547.300949] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2547.302028] kernfs_create_dir_ns+0x9c/0x230 [ 2547.302932] sysfs_create_dir_ns+0x127/0x290 [ 2547.303822] ? sysfs_create_mount_point+0xb0/0xb0 [ 2547.304811] ? rwlock_bug.part.0+0x90/0x90 [ 2547.305680] ? class_dir_child_ns_type+0x9/0x60 [ 2547.306631] kobject_add_internal+0x25e/0xa30 [ 2547.307573] kobject_add+0x150/0x1c0 [ 2547.308356] ? kset_create_and_add+0x1a0/0x1a0 [ 2547.309288] ? lockdep_init_map_type+0x2c7/0x780 [ 2547.310264] device_add+0x35a/0x1bc0 [ 2547.311017] ? devlink_add_symlinks+0x970/0x970 [ 2547.311981] device_create_groups_vargs+0x207/0x280 [ 2547.312986] device_create+0xdc/0x120 [ 2547.313762] ? device_create_groups_vargs+0x280/0x280 [ 2547.314797] ? init_timer_key+0x12a/0x240 [ 2547.315650] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2547.316660] mac80211_hwsim_new_radio+0x352/0x4250 [ 2547.317649] ? ____sys_sendmsg+0x70d/0x870 [ 2547.318500] ? ___sys_sendmsg+0xf3/0x170 [ 2547.319319] ? __sys_sendmsg+0xe5/0x1b0 [ 2547.320124] ? do_syscall_64+0x33/0x40 [ 2547.320915] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2547.321990] ? lock_acquire+0x197/0x470 [ 2547.322798] ? create_object.isra.0+0x3ad/0xa20 [ 2547.323746] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2547.324720] hwsim_new_radio_nl+0x991/0x1080 [ 2547.325614] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2547.326681] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2547.328026] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2547.329356] genl_family_rcv_msg_doit+0x22d/0x330 [ 2547.330341] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2547.331673] ? cap_capable+0x1d6/0x240 [ 2547.332483] ? ns_capable+0xe2/0x110 [ 2547.333245] genl_rcv_msg+0x33c/0x5a0 [ 2547.334044] ? genl_get_cmd+0x480/0x480 [ 2547.334864] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2547.335954] netlink_rcv_skb+0x14b/0x430 [ 2547.336787] ? genl_get_cmd+0x480/0x480 [ 2547.337600] ? netlink_ack+0xab0/0xab0 [ 2547.338395] ? down_read+0x10f/0x430 [ 2547.339146] ? genl_get_cmd+0x480/0x480 [ 2547.339962] genl_rcv+0x24/0x40 [ 2547.340631] netlink_unicast+0x549/0x7f0 [ 2547.341457] ? netlink_attachskb+0x870/0x870 [ 2547.342347] ? __virt_addr_valid+0x128/0x350 [ 2547.343245] netlink_sendmsg+0x90f/0xdf0 [ 2547.344079] ? netlink_unicast+0x7f0/0x7f0 [ 2547.345014] ? netlink_unicast+0x7f0/0x7f0 [ 2547.345894] sock_sendmsg+0x154/0x190 [ 2547.346705] ____sys_sendmsg+0x70d/0x870 [ 2547.347550] ? kernel_sendmsg+0x50/0x50 [ 2547.348387] ? do_recvmmsg+0x6d0/0x6d0 [ 2547.349173] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2547.350231] ? lock_downgrade+0x6d0/0x6d0 [ 2547.351067] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2547.352135] ___sys_sendmsg+0xf3/0x170 [ 2547.352920] ? sendmsg_copy_msghdr+0x160/0x160 [ 2547.353845] ? lock_downgrade+0x6d0/0x6d0 [ 2547.354683] ? find_held_lock+0x2c/0x110 [ 2547.355509] ? __fget_files+0x296/0x4c0 [ 2547.356335] ? __fget_light+0xea/0x290 [ 2547.357126] __sys_sendmsg+0xe5/0x1b0 [ 2547.357891] ? __sys_sendmsg_sock+0x40/0x40 [ 2547.358760] ? rcu_read_lock_any_held+0x75/0xa0 [ 2547.359714] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2547.360778] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2547.361815] ? trace_hardirqs_on+0x5b/0x180 [ 2547.362689] do_syscall_64+0x33/0x40 [ 2547.363441] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2547.364517] RIP: 0033:0x7f09254a5b19 [ 2547.365321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2547.369221] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2547.370816] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2547.372332] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2547.373769] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2547.375213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2547.376663] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:51:48 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1800000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:51:48 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4c00, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:51:48 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) bind$packet(r2, &(0x7f0000000100)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={0x0, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={0x0, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) 07:51:48 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x301, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:10 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 36) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x5203, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2569.893014] FAULT_INJECTION: forcing a failure. [ 2569.893014] name failslab, interval 1, probability 0, space 0, times 0 [ 2569.894581] CPU: 0 PID: 14107 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2569.895322] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2569.896206] Call Trace: [ 2569.896515] dump_stack+0x107/0x167 [ 2569.896907] should_fail.cold+0x5/0xa [ 2569.897315] ? radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2569.897927] should_failslab+0x5/0x20 [ 2569.898331] kmem_cache_alloc+0x5b/0x310 [ 2569.898772] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2569.899366] idr_get_free+0x4b5/0x8f0 [ 2569.899785] idr_alloc_u32+0x170/0x2d0 [ 2569.900204] ? __fprop_inc_percpu_max+0x130/0x130 07:52:10 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x400300, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:10 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x3cd, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:52:10 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x87) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x401, @ipv4={'\x00', '\xff\xff', @multicast2}, 0x40000}, 0x1c) sendto(r0, &(0x7f0000000040)="83780c27", 0x4, 0x24008800, &(0x7f0000000100)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) write$binfmt_elf64(r1, &(0x7f0000000140)=ANY=[@ANYRESDEC, @ANYRES64], 0x5c000) write$P9_RREADDIR(r1, &(0x7f0000000080)={0x2a, 0x29, 0x1, {0x80000000, [{{0x2, 0x3, 0x4}, 0x8, 0x7, 0x7, './file0'}]}}, 0x2a) [ 2569.900856] ? lock_acquire+0x197/0x470 [ 2569.901301] ? __kernfs_new_node+0xff/0x850 [ 2569.901773] idr_alloc_cyclic+0x102/0x230 [ 2569.902220] ? idr_alloc+0x130/0x130 [ 2569.902619] ? rwlock_bug.part.0+0x90/0x90 [ 2569.903080] __kernfs_new_node+0x117/0x850 [ 2569.903549] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2569.904064] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2569.904652] kernfs_create_dir_ns+0x9c/0x230 [ 2569.905134] sysfs_create_dir_ns+0x127/0x290 [ 2569.905613] ? sysfs_create_mount_point+0xb0/0xb0 [ 2569.906127] ? rwlock_bug.part.0+0x90/0x90 [ 2569.906595] ? class_dir_child_ns_type+0x9/0x60 [ 2569.907111] kobject_add_internal+0x25e/0xa30 [ 2569.907611] kobject_add+0x150/0x1c0 [ 2569.908010] ? kset_create_and_add+0x1a0/0x1a0 [ 2569.908504] ? lockdep_init_map_type+0x2c7/0x780 [ 2569.909024] device_add+0x35a/0x1bc0 [ 2569.909432] ? devlink_add_symlinks+0x970/0x970 [ 2569.909949] device_create_groups_vargs+0x207/0x280 [ 2569.910495] device_create+0xdc/0x120 [ 2569.910931] ? device_create_groups_vargs+0x280/0x280 [ 2569.911471] ? init_timer_key+0x12a/0x240 [ 2569.911949] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2569.912473] mac80211_hwsim_new_radio+0x352/0x4250 [ 2569.913029] ? ____sys_sendmsg+0x70d/0x870 [ 2569.913498] ? ___sys_sendmsg+0xf3/0x170 [ 2569.913959] ? __sys_sendmsg+0xe5/0x1b0 [ 2569.914417] ? do_syscall_64+0x33/0x40 [ 2569.914846] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2569.915433] ? lock_acquire+0x197/0x470 07:52:10 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1260, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:10 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 11) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:52:10 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2000000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2569.915856] ? create_object.isra.0+0x3ad/0xa20 [ 2569.916492] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2569.916983] hwsim_new_radio_nl+0x991/0x1080 [ 2569.917479] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2569.918075] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2569.918835] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2569.919574] genl_family_rcv_msg_doit+0x22d/0x330 [ 2569.920121] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2569.920879] ? cap_capable+0x1d6/0x240 [ 2569.921327] ? ns_capable+0xe2/0x110 [ 2569.921753] genl_rcv_msg+0x33c/0x5a0 [ 2569.922179] ? genl_get_cmd+0x480/0x480 [ 2569.922625] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2569.923204] ? lock_release+0x680/0x680 [ 2569.923647] ? netlink_deliver_tap+0xf4/0xcd0 [ 2569.924151] netlink_rcv_skb+0x14b/0x430 [ 2569.924625] ? genl_get_cmd+0x480/0x480 [ 2569.925069] ? netlink_ack+0xab0/0xab0 [ 2569.925521] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2569.926043] ? is_vmalloc_addr+0x7b/0xb0 [ 2569.926504] genl_rcv+0x24/0x40 [ 2569.926887] netlink_unicast+0x549/0x7f0 [ 2569.927353] ? netlink_attachskb+0x870/0x870 [ 2569.927848] ? __virt_addr_valid+0x128/0x350 [ 2569.928371] netlink_sendmsg+0x90f/0xdf0 [ 2569.928838] ? netlink_unicast+0x7f0/0x7f0 [ 2569.929326] ? netlink_unicast+0x7f0/0x7f0 [ 2569.929803] sock_sendmsg+0x154/0x190 [ 2569.930241] ____sys_sendmsg+0x70d/0x870 [ 2569.930670] ? kernel_sendmsg+0x50/0x50 [ 2569.931118] ? do_recvmmsg+0x6d0/0x6d0 [ 2569.931552] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2569.932144] ? lock_downgrade+0x6d0/0x6d0 [ 2569.932625] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2569.933222] ___sys_sendmsg+0xf3/0x170 [ 2569.933658] ? sendmsg_copy_msghdr+0x160/0x160 [ 2569.934185] ? lock_downgrade+0x6d0/0x6d0 [ 2569.934649] ? find_held_lock+0x2c/0x110 [ 2569.935114] ? __fget_files+0x296/0x4c0 [ 2569.935571] ? __fget_light+0xea/0x290 [ 2569.936023] __sys_sendmsg+0xe5/0x1b0 [ 2569.936461] ? __sys_sendmsg_sock+0x40/0x40 [ 2569.936922] ? rcu_read_lock_any_held+0x75/0xa0 [ 2569.937455] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2569.938048] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2569.938632] ? trace_hardirqs_on+0x5b/0x180 [ 2569.939119] do_syscall_64+0x33/0x40 [ 2569.939542] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2569.940118] RIP: 0033:0x7f09254a5b19 [ 2569.940556] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2569.942636] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2569.943507] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2569.944273] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2569.945021] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2569.945770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2569.946517] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2569.983644] FAULT_INJECTION: forcing a failure. [ 2569.983644] name failslab, interval 1, probability 0, space 0, times 0 [ 2569.984959] CPU: 0 PID: 14121 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2569.985715] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2569.986613] Call Trace: [ 2569.986900] dump_stack+0x107/0x167 [ 2569.987296] should_fail.cold+0x5/0xa [ 2569.987703] ? create_object.isra.0+0x3a/0xa20 [ 2569.988189] should_failslab+0x5/0x20 [ 2569.988624] kmem_cache_alloc+0x5b/0x310 [ 2569.989061] create_object.isra.0+0x3a/0xa20 [ 2569.989530] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2569.990067] kmem_cache_alloc+0x159/0x310 [ 2569.990511] alloc_inode+0x171/0x240 [ 2569.990904] new_inode+0x23/0x250 [ 2569.991272] debugfs_get_inode+0x1a/0x130 [ 2569.991723] __debugfs_create_file+0x14e/0x530 [ 2569.992235] do_blk_trace_setup+0x3fb/0xc10 [ 2569.992698] ? _copy_from_user+0xfb/0x1b0 [ 2569.993140] __blk_trace_setup+0xca/0x180 [ 2569.993580] ? do_blk_trace_setup+0xc10/0xc10 [ 2569.994054] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2569.994613] blk_trace_ioctl+0x155/0x290 [ 2569.995038] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2569.995545] ? do_vfs_ioctl+0x283/0x10d0 [ 2569.995975] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2569.996542] ? generic_block_fiemap+0x60/0x60 [ 2569.997018] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2569.997527] blkdev_ioctl+0xc1/0x710 [ 2569.997923] ? blkdev_common_ioctl+0x1870/0x1870 [ 2569.998418] ? selinux_file_ioctl+0xb6/0x270 [ 2569.998880] block_ioctl+0xf9/0x140 [ 2569.999269] ? blkdev_read_iter+0x1c0/0x1c0 [ 2569.999731] __x64_sys_ioctl+0x19a/0x210 [ 2570.000166] do_syscall_64+0x33/0x40 [ 2570.000562] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2570.001099] RIP: 0033:0x7fbe5aa67b19 [ 2570.001495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2570.003415] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2570.004230] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2570.004985] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2570.005744] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2570.006493] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2570.007246] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:52:10 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2010000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:10 executing program 4: openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x46e2, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0, 0x0) perf_event_open(&(0x7f0000001d80)={0x7, 0x80, 0x8, 0x0, 0x0, 0x5, 0x2, 0x0, 0x40020, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, @perf_bp={&(0x7f0000000000), 0x1}, 0x800, 0x8, 0x0, 0x0, 0x8, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x9) 07:52:10 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1263, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2300000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:24 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 12) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:52:24 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 37) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) 07:52:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2e00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6800, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2583.727678] FAULT_INJECTION: forcing a failure. [ 2583.727678] name failslab, interval 1, probability 0, space 0, times 0 [ 2583.730550] CPU: 0 PID: 14151 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2583.731981] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2583.733668] Call Trace: [ 2583.734210] dump_stack+0x107/0x167 [ 2583.734967] should_fail.cold+0x5/0xa [ 2583.735745] ? create_object.isra.0+0x3a/0xa20 [ 2583.736700] should_failslab+0x5/0x20 [ 2583.737477] kmem_cache_alloc+0x5b/0x310 [ 2583.738313] create_object.isra.0+0x3a/0xa20 [ 2583.739208] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2583.740248] kmem_cache_alloc+0x159/0x310 [ 2583.741116] radix_tree_node_alloc.constprop.0+0x1e3/0x300 [ 2583.742261] idr_get_free+0x4b5/0x8f0 [ 2583.743056] idr_alloc_u32+0x170/0x2d0 [ 2583.743858] ? __fprop_inc_percpu_max+0x130/0x130 [ 2583.744849] ? lock_acquire+0x197/0x470 [ 2583.745661] ? __kernfs_new_node+0xff/0x850 [ 2583.746550] idr_alloc_cyclic+0x102/0x230 [ 2583.747401] ? idr_alloc+0x130/0x130 [ 2583.748156] ? rwlock_bug.part.0+0x90/0x90 [ 2583.749047] __kernfs_new_node+0x117/0x850 [ 2583.749916] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2583.750882] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2583.751970] kernfs_create_dir_ns+0x9c/0x230 [ 2583.752896] sysfs_create_dir_ns+0x127/0x290 [ 2583.753800] ? sysfs_create_mount_point+0xb0/0xb0 [ 2583.754789] ? rwlock_bug.part.0+0x90/0x90 [ 2583.755666] ? class_dir_child_ns_type+0x9/0x60 [ 2583.756637] kobject_add_internal+0x25e/0xa30 [ 2583.757560] kobject_add+0x150/0x1c0 [ 2583.758280] ? kset_create_and_add+0x1a0/0x1a0 [ 2583.759218] ? lockdep_init_map_type+0x2c7/0x780 [ 2583.760196] device_add+0x35a/0x1bc0 [ 2583.760991] ? devlink_add_symlinks+0x970/0x970 [ 2583.761964] device_create_groups_vargs+0x207/0x280 [ 2583.763003] device_create+0xdc/0x120 [ 2583.763792] ? device_create_groups_vargs+0x280/0x280 [ 2583.764859] ? init_timer_key+0x12a/0x240 [ 2583.765725] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2583.766728] mac80211_hwsim_new_radio+0x352/0x4250 [ 2583.767731] ? ____sys_sendmsg+0x70d/0x870 [ 2583.768610] ? ___sys_sendmsg+0xf3/0x170 [ 2583.769437] ? __sys_sendmsg+0xe5/0x1b0 [ 2583.770242] ? do_syscall_64+0x33/0x40 [ 2583.771027] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2583.772103] ? lock_acquire+0x197/0x470 [ 2583.772915] ? create_object.isra.0+0x3ad/0xa20 [ 2583.773868] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2583.774827] hwsim_new_radio_nl+0x991/0x1080 [ 2583.775726] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2583.776811] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2583.778144] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2583.779466] genl_family_rcv_msg_doit+0x22d/0x330 [ 2583.780455] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2583.781783] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2583.782876] ? trace_hardirqs_on+0x5b/0x180 [ 2583.783748] ? cap_capable+0x1d6/0x240 [ 2583.784558] ? ns_capable+0xe2/0x110 [ 2583.785324] genl_rcv_msg+0x33c/0x5a0 [ 2583.786098] ? genl_get_cmd+0x480/0x480 [ 2583.786906] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2583.787953] ? lock_release+0x680/0x680 [ 2583.788779] ? netlink_deliver_tap+0xf4/0xcd0 [ 2583.789694] netlink_rcv_skb+0x14b/0x430 [ 2583.790517] ? genl_get_cmd+0x480/0x480 [ 2583.791326] ? netlink_ack+0xab0/0xab0 [ 2583.792120] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2583.793045] ? is_vmalloc_addr+0x7b/0xb0 [ 2583.793872] genl_rcv+0x24/0x40 [ 2583.794541] netlink_unicast+0x549/0x7f0 [ 2583.795369] ? netlink_attachskb+0x870/0x870 [ 2583.796255] ? __virt_addr_valid+0x128/0x350 [ 2583.797156] netlink_sendmsg+0x90f/0xdf0 [ 2583.797982] ? netlink_unicast+0x7f0/0x7f0 [ 2583.798850] ? netlink_unicast+0x7f0/0x7f0 [ 2583.799703] sock_sendmsg+0x154/0x190 [ 2583.800494] ____sys_sendmsg+0x70d/0x870 [ 2583.801319] ? kernel_sendmsg+0x50/0x50 [ 2583.802115] ? do_recvmmsg+0x6d0/0x6d0 [ 2583.802902] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2583.803959] ? lock_downgrade+0x6d0/0x6d0 [ 2583.804811] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2583.805873] ___sys_sendmsg+0xf3/0x170 [ 2583.806661] ? sendmsg_copy_msghdr+0x160/0x160 [ 2583.807591] ? lock_downgrade+0x6d0/0x6d0 [ 2583.808445] ? find_held_lock+0x2c/0x110 [ 2583.809277] ? __fget_files+0x296/0x4c0 [ 2583.810089] ? __fget_light+0xea/0x290 [ 2583.810883] __sys_sendmsg+0xe5/0x1b0 [ 2583.811653] ? __sys_sendmsg_sock+0x40/0x40 [ 2583.812531] ? rcu_read_lock_any_held+0x75/0xa0 [ 2583.813491] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2583.814551] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2583.815588] ? trace_hardirqs_on+0x5b/0x180 [ 2583.816479] do_syscall_64+0x33/0x40 [ 2583.817236] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2583.818269] RIP: 0033:0x7f09254a5b19 [ 2583.819020] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2583.822766] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2583.824309] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2583.825782] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2583.827239] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2583.828687] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2583.830127] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:52:24 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x3f4, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:52:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1265, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:24 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf0ffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2583.832600] device syz_tun entered promiscuous mode [ 2583.846257] device syz_tun left promiscuous mode [ 2583.853934] FAULT_INJECTION: forcing a failure. [ 2583.853934] name failslab, interval 1, probability 0, space 0, times 0 [ 2583.856560] CPU: 0 PID: 14163 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2583.857956] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2583.859627] Call Trace: [ 2583.860164] dump_stack+0x107/0x167 07:52:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1269, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2583.860919] should_fail.cold+0x5/0xa [ 2583.861832] ? security_inode_alloc+0x34/0x160 [ 2583.862757] should_failslab+0x5/0x20 [ 2583.863523] kmem_cache_alloc+0x5b/0x310 [ 2583.864345] security_inode_alloc+0x34/0x160 [ 2583.865241] inode_init_always+0xa4e/0xd10 [ 2583.866102] alloc_inode+0x84/0x240 [ 2583.866839] new_inode+0x23/0x250 [ 2583.867549] debugfs_get_inode+0x1a/0x130 [ 2583.868388] __debugfs_create_file+0x14e/0x530 [ 2583.869323] do_blk_trace_setup+0x3fb/0xc10 [ 2583.870192] ? _copy_from_user+0xfb/0x1b0 [ 2583.871025] __blk_trace_setup+0xca/0x180 [ 2583.871856] ? do_blk_trace_setup+0xc10/0xc10 [ 2583.872774] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2583.873843] blk_trace_ioctl+0x155/0x290 [ 2583.874657] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2583.875638] ? do_vfs_ioctl+0x283/0x10d0 [ 2583.876459] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2583.877508] ? generic_block_fiemap+0x60/0x60 [ 2583.878407] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2583.879377] blkdev_ioctl+0xc1/0x710 [ 2583.880126] ? blkdev_common_ioctl+0x1870/0x1870 [ 2583.881093] ? selinux_file_ioctl+0xb6/0x270 [ 2583.881978] block_ioctl+0xf9/0x140 [ 2583.882705] ? blkdev_read_iter+0x1c0/0x1c0 [ 2583.883571] __x64_sys_ioctl+0x19a/0x210 [ 2583.884390] do_syscall_64+0x33/0x40 [ 2583.885147] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2583.886173] RIP: 0033:0x7fbe5aa67b19 [ 2583.886920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2583.890625] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2583.892162] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2583.893617] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2583.895052] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2583.896498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2583.897933] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2583.899893] debugfs: out of free dentries, can not create file 'dropped' [ 2583.914774] device syz_tun entered promiscuous mode [ 2583.929723] device syz_tun left promiscuous mode 07:52:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x2f00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6c00, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:52:24 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) 07:52:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7400, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2584.073814] device syz_tun entered promiscuous mode 07:52:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x3f00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1274, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2584.095938] device syz_tun left promiscuous mode 07:52:24 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x3f5, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:52:39 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x4000000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:39 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x3fa, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:52:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) 07:52:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7a00, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:52:39 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1275, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 38) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:39 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 13) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2598.603394] FAULT_INJECTION: forcing a failure. [ 2598.603394] name failslab, interval 1, probability 0, space 0, times 0 [ 2598.604809] CPU: 1 PID: 14230 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2598.605589] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2598.606538] Call Trace: [ 2598.606845] dump_stack+0x107/0x167 [ 2598.607258] should_fail.cold+0x5/0xa [ 2598.607692] ? create_object.isra.0+0x3a/0xa20 [ 2598.608213] should_failslab+0x5/0x20 [ 2598.608652] kmem_cache_alloc+0x5b/0x310 [ 2598.609123] create_object.isra.0+0x3a/0xa20 [ 2598.609619] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2598.610226] kmem_cache_alloc+0x159/0x310 [ 2598.610705] security_inode_alloc+0x34/0x160 [ 2598.611212] inode_init_always+0xa4e/0xd10 [ 2598.611699] alloc_inode+0x84/0x240 [ 2598.612116] new_inode+0x23/0x250 [ 2598.612512] debugfs_get_inode+0x1a/0x130 [ 2598.612997] __debugfs_create_file+0x14e/0x530 [ 2598.613541] do_blk_trace_setup+0x3fb/0xc10 [ 2598.614056] ? _copy_from_user+0xfb/0x1b0 [ 2598.614548] __blk_trace_setup+0xca/0x180 [ 2598.615042] ? do_blk_trace_setup+0xc10/0xc10 [ 2598.615582] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2598.616217] blk_trace_ioctl+0x155/0x290 [ 2598.616717] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2598.617303] ? do_vfs_ioctl+0x283/0x10d0 [ 2598.617785] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2598.618408] ? generic_block_fiemap+0x60/0x60 [ 2598.618677] FAULT_INJECTION: forcing a failure. [ 2598.618677] name failslab, interval 1, probability 0, space 0, times 0 [ 2598.618944] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2598.618958] blkdev_ioctl+0xc1/0x710 [ 2598.618974] ? blkdev_common_ioctl+0x1870/0x1870 [ 2598.622751] ? selinux_file_ioctl+0xb6/0x270 [ 2598.623272] block_ioctl+0xf9/0x140 [ 2598.623702] ? blkdev_read_iter+0x1c0/0x1c0 [ 2598.624209] __x64_sys_ioctl+0x19a/0x210 [ 2598.624711] do_syscall_64+0x33/0x40 [ 2598.625154] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2598.625757] RIP: 0033:0x7fbe5aa67b19 [ 2598.626198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2598.628368] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2598.629282] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2598.630131] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2598.630974] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2598.631813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2598.632667] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2598.633529] CPU: 0 PID: 14224 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2598.634945] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2598.636641] Call Trace: [ 2598.637182] dump_stack+0x107/0x167 [ 2598.637953] should_fail.cold+0x5/0xa [ 2598.638738] ? __kernfs_new_node+0xd4/0x850 [ 2598.639620] should_failslab+0x5/0x20 [ 2598.640393] kmem_cache_alloc+0x5b/0x310 [ 2598.641239] __kernfs_new_node+0xd4/0x850 [ 2598.642084] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2598.643046] ? lock_acquire+0x197/0x470 [ 2598.643857] ? find_held_lock+0x2c/0x110 [ 2598.644689] ? sysfs_do_create_link_sd+0x82/0x140 [ 2598.645664] kernfs_new_node+0x93/0x120 [ 2598.646494] kernfs_create_link+0xcb/0x230 [ 2598.647361] sysfs_do_create_link_sd+0x90/0x140 [ 2598.648292] sysfs_create_link+0x5f/0xc0 [ 2598.649118] device_add+0x5e1/0x1bc0 [ 2598.649871] ? devlink_add_symlinks+0x970/0x970 [ 2598.650832] device_create_groups_vargs+0x207/0x280 [ 2598.651838] device_create+0xdc/0x120 [ 2598.652628] ? device_create_groups_vargs+0x280/0x280 [ 2598.653664] ? init_timer_key+0x12a/0x240 [ 2598.654514] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2598.655497] mac80211_hwsim_new_radio+0x352/0x4250 [ 2598.656483] ? ____sys_sendmsg+0x70d/0x870 [ 2598.657339] ? ___sys_sendmsg+0xf3/0x170 [ 2598.658149] ? __sys_sendmsg+0xe5/0x1b0 [ 2598.658944] ? do_syscall_64+0x33/0x40 [ 2598.659723] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2598.660814] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2598.661753] hwsim_new_radio_nl+0x991/0x1080 [ 2598.662635] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2598.663680] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2598.664996] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2598.666300] genl_family_rcv_msg_doit+0x22d/0x330 [ 2598.667265] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2598.668572] ? cap_capable+0x1d6/0x240 [ 2598.669374] ? ns_capable+0xe2/0x110 [ 2598.670123] genl_rcv_msg+0x33c/0x5a0 [ 2598.670887] ? genl_get_cmd+0x480/0x480 [ 2598.671682] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2598.672732] ? lock_release+0x680/0x680 [ 2598.673533] ? netlink_deliver_tap+0xf4/0xcd0 [ 2598.674434] netlink_rcv_skb+0x14b/0x430 [ 2598.675253] ? genl_get_cmd+0x480/0x480 [ 2598.676051] ? netlink_ack+0xab0/0xab0 [ 2598.676872] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2598.677778] ? is_vmalloc_addr+0x7b/0xb0 [ 2598.678593] genl_rcv+0x24/0x40 [ 2598.679301] netlink_unicast+0x549/0x7f0 [ 2598.680234] ? netlink_attachskb+0x870/0x870 [ 2598.681224] ? __virt_addr_valid+0x128/0x350 [ 2598.682242] netlink_sendmsg+0x90f/0xdf0 [ 2598.683162] ? netlink_unicast+0x7f0/0x7f0 [ 2598.684133] ? netlink_unicast+0x7f0/0x7f0 [ 2598.685102] sock_sendmsg+0x154/0x190 [ 2598.685965] ____sys_sendmsg+0x70d/0x870 [ 2598.686876] ? kernel_sendmsg+0x50/0x50 [ 2598.687772] ? do_recvmmsg+0x6d0/0x6d0 [ 2598.688654] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2598.689842] ? lock_downgrade+0x6d0/0x6d0 [ 2598.690778] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2598.691965] ___sys_sendmsg+0xf3/0x170 [ 2598.692846] ? sendmsg_copy_msghdr+0x160/0x160 [ 2598.693883] ? lock_downgrade+0x6d0/0x6d0 [ 2598.694815] ? find_held_lock+0x2c/0x110 [ 2598.695747] ? __fget_files+0x296/0x4c0 [ 2598.696669] ? __fget_light+0xea/0x290 [ 2598.697554] __sys_sendmsg+0xe5/0x1b0 [ 2598.698399] ? __sys_sendmsg_sock+0x40/0x40 [ 2598.699369] ? rcu_read_lock_any_held+0x75/0xa0 [ 2598.700422] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2598.701613] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2598.702759] ? trace_hardirqs_on+0x5b/0x180 [ 2598.703732] do_syscall_64+0x33/0x40 [ 2598.704563] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2598.705719] RIP: 0033:0x7f09254a5b19 [ 2598.706557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2598.710648] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2598.712357] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2598.713969] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2598.715568] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2598.717174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2598.718764] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2598.746139] device syz_tun entered promiscuous mode [ 2598.768561] device syz_tun left promiscuous mode 07:52:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback={0x0, 0x7}}, 0x1c) 07:52:39 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1276, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x4800000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:39 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 14) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2598.877821] device syz_tun entered promiscuous mode [ 2598.921359] device syz_tun left promiscuous mode 07:52:39 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4b47, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2598.923939] FAULT_INJECTION: forcing a failure. [ 2598.923939] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2598.927022] CPU: 0 PID: 14251 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2598.928492] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2598.930271] Call Trace: [ 2598.930841] dump_stack+0x107/0x167 [ 2598.931623] should_fail.cold+0x5/0xa [ 2598.932451] __alloc_pages_nodemask+0x182/0x600 [ 2598.933445] ? lock_acquire+0x197/0x470 [ 2598.934294] ? lockref_get+0x11/0x50 [ 2598.935091] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2598.936371] ? lock_downgrade+0x6d0/0x6d0 [ 2598.937262] ? do_raw_spin_lock+0x121/0x260 [ 2598.938186] ? rwlock_bug.part.0+0x90/0x90 [ 2598.939096] alloc_pages_current+0x187/0x280 [ 2598.940036] __get_free_pages+0xc/0xa0 [ 2598.940885] inode_doinit_with_dentry+0x8f1/0x1240 [ 2598.941934] ? hrtimer_start_range_ns+0x6d7/0xae0 [ 2598.942955] ? hrtimers_resume+0x10/0xf0 [ 2598.943823] ? selinux_file_lock+0x280/0x280 [ 2598.944770] ? current_time+0x1e6/0x2c0 [ 2598.945620] ? igrab+0xc0/0xc0 [ 2598.946316] selinux_d_instantiate+0x23/0x30 [ 2598.947253] security_d_instantiate+0x56/0xe0 [ 2598.948211] d_instantiate+0x5a/0x90 [ 2598.949015] __debugfs_create_file+0x246/0x530 [ 2598.949992] do_blk_trace_setup+0x3fb/0xc10 [ 2598.950913] ? _copy_from_user+0xfb/0x1b0 [ 2598.951796] __blk_trace_setup+0xca/0x180 [ 2598.952693] ? do_blk_trace_setup+0xc10/0xc10 [ 2598.953653] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2598.954786] blk_trace_ioctl+0x155/0x290 [ 2598.955648] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2598.956693] ? do_vfs_ioctl+0x283/0x10d0 [ 2598.957554] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2598.958667] ? generic_block_fiemap+0x60/0x60 [ 2598.959632] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2598.960676] blkdev_ioctl+0xc1/0x710 [ 2598.961477] ? blkdev_common_ioctl+0x1870/0x1870 [ 2598.962485] ? selinux_file_ioctl+0xb6/0x270 [ 2598.963436] block_ioctl+0xf9/0x140 [ 2598.964205] ? blkdev_read_iter+0x1c0/0x1c0 [ 2598.965130] __x64_sys_ioctl+0x19a/0x210 [ 2598.965997] do_syscall_64+0x33/0x40 [ 2598.966793] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2598.967879] RIP: 0033:0x7fbe5aa67b19 [ 2598.968697] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2598.972589] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2598.974219] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2598.975733] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2598.977258] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2598.978772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2598.980290] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:52:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 39) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:52:39 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4b49, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2599.060800] FAULT_INJECTION: forcing a failure. [ 2599.060800] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2599.062186] CPU: 1 PID: 14260 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2599.062904] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2599.063785] Call Trace: [ 2599.064076] dump_stack+0x107/0x167 [ 2599.064462] should_fail.cold+0x5/0xa [ 2599.064893] __alloc_pages_nodemask+0x182/0x600 [ 2599.065387] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2599.066053] alloc_pages_current+0x187/0x280 [ 2599.066518] allocate_slab+0x26f/0x380 [ 2599.066944] ___slab_alloc+0x470/0x700 [ 2599.067359] ? __kernfs_new_node+0xd4/0x850 [ 2599.067817] ? mutex_lock_io_nested+0xf30/0xf30 [ 2599.068317] ? __kernfs_new_node+0xd4/0x850 [ 2599.068792] ? kmem_cache_alloc+0x301/0x310 [ 2599.069251] ? __kernfs_new_node+0xd4/0x850 [ 2599.069706] kmem_cache_alloc+0x301/0x310 [ 2599.070152] __kernfs_new_node+0xd4/0x850 [ 2599.070598] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2599.071105] ? lock_acquire+0x197/0x470 [ 2599.071524] ? find_held_lock+0x2c/0x110 [ 2599.071959] ? sysfs_do_create_link_sd+0x82/0x140 [ 2599.072474] kernfs_new_node+0x93/0x120 [ 2599.072922] kernfs_create_link+0xcb/0x230 [ 2599.073386] sysfs_do_create_link_sd+0x90/0x140 [ 2599.073887] sysfs_create_link+0x5f/0xc0 [ 2599.074325] device_add+0x5e1/0x1bc0 [ 2599.074731] ? devlink_add_symlinks+0x970/0x970 [ 2599.075237] device_create_groups_vargs+0x207/0x280 [ 2599.075769] device_create+0xdc/0x120 [ 2599.076184] ? device_create_groups_vargs+0x280/0x280 [ 2599.076746] ? init_timer_key+0x12a/0x240 [ 2599.077193] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2599.077708] mac80211_hwsim_new_radio+0x352/0x4250 [ 2599.078225] ? ____sys_sendmsg+0x70d/0x870 [ 2599.078671] ? ___sys_sendmsg+0xf3/0x170 [ 2599.079098] ? __sys_sendmsg+0xe5/0x1b0 [ 2599.079516] ? do_syscall_64+0x33/0x40 [ 2599.079931] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2599.080492] ? lock_acquire+0x197/0x470 [ 2599.080928] ? create_object.isra.0+0x3ad/0xa20 [ 2599.081427] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2599.081924] hwsim_new_radio_nl+0x991/0x1080 [ 2599.082392] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2599.082942] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2599.083632] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2599.084330] genl_family_rcv_msg_doit+0x22d/0x330 [ 2599.084849] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2599.085544] ? cap_capable+0x1d6/0x240 [ 2599.085969] ? ns_capable+0xe2/0x110 [ 2599.086373] genl_rcv_msg+0x33c/0x5a0 [ 2599.086779] ? genl_get_cmd+0x480/0x480 [ 2599.087210] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2599.087754] ? lock_release+0x680/0x680 [ 2599.088174] ? netlink_deliver_tap+0xf4/0xcd0 [ 2599.088663] netlink_rcv_skb+0x14b/0x430 [ 2599.089090] ? genl_get_cmd+0x480/0x480 [ 2599.089518] ? netlink_ack+0xab0/0xab0 [ 2599.089931] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2599.090409] ? is_vmalloc_addr+0x7b/0xb0 [ 2599.090843] genl_rcv+0x24/0x40 [ 2599.091191] netlink_unicast+0x549/0x7f0 [ 2599.091621] ? netlink_attachskb+0x870/0x870 [ 2599.092081] ? __virt_addr_valid+0x128/0x350 [ 2599.092551] netlink_sendmsg+0x90f/0xdf0 [ 2599.092987] ? netlink_unicast+0x7f0/0x7f0 [ 2599.093442] ? netlink_unicast+0x7f0/0x7f0 [ 2599.093882] sock_sendmsg+0x154/0x190 [ 2599.094281] ____sys_sendmsg+0x70d/0x870 [ 2599.094709] ? kernel_sendmsg+0x50/0x50 [ 2599.095125] ? do_recvmmsg+0x6d0/0x6d0 [ 2599.095539] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2599.096090] ? lock_downgrade+0x6d0/0x6d0 [ 2599.096529] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2599.097096] ___sys_sendmsg+0xf3/0x170 [ 2599.097505] ? sendmsg_copy_msghdr+0x160/0x160 [ 2599.097992] ? lock_downgrade+0x6d0/0x6d0 [ 2599.098433] ? find_held_lock+0x2c/0x110 [ 2599.098864] ? __fget_files+0x296/0x4c0 [ 2599.099290] ? __fget_light+0xea/0x290 [ 2599.099708] __sys_sendmsg+0xe5/0x1b0 [ 2599.100111] ? __sys_sendmsg_sock+0x40/0x40 [ 2599.100573] ? rcu_read_lock_any_held+0x75/0xa0 [ 2599.101089] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2599.101646] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2599.102215] ? trace_hardirqs_on+0x5b/0x180 [ 2599.102673] do_syscall_64+0x33/0x40 [ 2599.103071] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2599.103610] RIP: 0033:0x7f09254a5b19 [ 2599.104003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2599.105942] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2599.106754] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2599.107501] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2599.108250] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2599.109025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2599.109774] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:52:39 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x2000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:39 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000000180), 0x8) 07:52:40 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xa00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2599.236419] device syz_tun entered promiscuous mode [ 2599.248155] device syz_tun left promiscuous mode 07:52:54 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x3000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:54 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 40) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:54 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xb91, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:52:54 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x541b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:54 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x4c00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:54 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 15) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:52:54 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2e7, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:52:54 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r2 = socket$packet(0x11, 0x2, 0x300) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r2, &(0x7f00000001c0)={0x11, 0x19, r4, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r5 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000100)={r8, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f00000000c0)={r8, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r1, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r4}) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000140)=0x1, 0x4) [ 2613.868111] device syz_tun entered promiscuous mode [ 2613.868620] FAULT_INJECTION: forcing a failure. [ 2613.868620] name failslab, interval 1, probability 0, space 0, times 0 [ 2613.872165] CPU: 0 PID: 14295 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2613.873608] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2613.875351] Call Trace: [ 2613.875920] dump_stack+0x107/0x167 [ 2613.876686] should_fail.cold+0x5/0xa [ 2613.877482] ? __d_alloc+0x2a/0x990 [ 2613.878246] should_failslab+0x5/0x20 [ 2613.879043] kmem_cache_alloc+0x5b/0x310 [ 2613.879893] __d_alloc+0x2a/0x990 [ 2613.880624] d_alloc_parallel+0x111/0x1bc0 [ 2613.881513] ? __lock_acquire+0x1657/0x5b00 [ 2613.882411] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2613.883490] ? __d_lookup_rcu+0x6d0/0x6d0 [ 2613.884335] ? mark_lock+0xf5/0x2df0 [ 2613.885114] ? lockdep_init_map_type+0x2c7/0x780 [ 2613.886086] ? lockdep_init_map_type+0x2c7/0x780 [ 2613.887055] __lookup_slow+0x193/0x490 [ 2613.887860] ? lookup_open.isra.0+0x1270/0x1270 [ 2613.888844] ? __d_lookup+0x3bf/0x760 [ 2613.889647] ? d_lookup+0xcc/0x130 [ 2613.890386] lookup_one_len+0x167/0x1a0 [ 2613.891195] ? __lookup_slow+0x490/0x490 [ 2613.892025] ? down_write_killable+0x180/0x180 [ 2613.892969] ? do_raw_spin_unlock+0x4f/0x220 [ 2613.893870] ? mntput+0xc/0x90 [ 2613.894532] start_creating.part.0+0x10a/0x230 [ 2613.895473] __debugfs_create_file+0xdb/0x530 [ 2613.896401] do_blk_trace_setup+0x43c/0xc10 [ 2613.897296] ? _copy_from_user+0xfb/0x1b0 [ 2613.898148] __blk_trace_setup+0xca/0x180 [ 2613.898996] ? do_blk_trace_setup+0xc10/0xc10 [ 2613.899922] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2613.900347] FAULT_INJECTION: forcing a failure. [ 2613.900347] name failslab, interval 1, probability 0, space 0, times 0 [ 2613.901036] blk_trace_ioctl+0x155/0x290 [ 2613.901063] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2613.905143] ? do_vfs_ioctl+0x283/0x10d0 [ 2613.905969] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2613.907029] ? generic_block_fiemap+0x60/0x60 [ 2613.907953] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2613.908952] blkdev_ioctl+0xc1/0x710 [ 2613.909727] ? blkdev_common_ioctl+0x1870/0x1870 [ 2613.910701] ? selinux_file_ioctl+0xb6/0x270 [ 2613.911599] block_ioctl+0xf9/0x140 [ 2613.912350] ? blkdev_read_iter+0x1c0/0x1c0 [ 2613.913257] __x64_sys_ioctl+0x19a/0x210 [ 2613.914098] do_syscall_64+0x33/0x40 [ 2613.914864] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2613.915901] RIP: 0033:0x7fbe5aa67b19 [ 2613.916659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2613.920463] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2613.922025] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2613.923491] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2613.924954] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2613.926388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2613.927834] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2613.929320] CPU: 1 PID: 14291 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2613.930976] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2613.932961] Call Trace: [ 2613.933590] dump_stack+0x107/0x167 [ 2613.934460] should_fail.cold+0x5/0xa [ 2613.935373] should_failslab+0x5/0x20 [ 2613.936275] __kmalloc_track_caller+0x79/0x370 [ 2613.937368] ? kstrdup_const+0x53/0x80 [ 2613.938299] kstrdup+0x36/0x70 [ 2613.939064] kstrdup_const+0x53/0x80 [ 2613.939948] __kernfs_new_node+0x9d/0x850 [ 2613.940959] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2613.942086] ? lock_acquire+0x197/0x470 [ 2613.943025] ? find_held_lock+0x2c/0x110 [ 2613.943990] ? sysfs_do_create_link_sd+0x82/0x140 [ 2613.945159] kernfs_new_node+0x93/0x120 [ 2613.946112] kernfs_create_link+0xcb/0x230 [ 2613.947121] sysfs_do_create_link_sd+0x90/0x140 [ 2613.948222] sysfs_create_link+0x5f/0xc0 [ 2613.949215] device_add+0x703/0x1bc0 [ 2613.950102] ? devlink_add_symlinks+0x970/0x970 [ 2613.951221] device_create_groups_vargs+0x207/0x280 [ 2613.952406] device_create+0xdc/0x120 [ 2613.953318] ? device_create_groups_vargs+0x280/0x280 [ 2613.954539] ? init_timer_key+0x12a/0x240 07:52:54 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x6800000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2613.955539] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2613.956868] mac80211_hwsim_new_radio+0x352/0x4250 [ 2613.958030] ? ____sys_sendmsg+0x70d/0x870 [ 2613.959031] ? ___sys_sendmsg+0xf3/0x170 [ 2613.960005] ? __sys_sendmsg+0xe5/0x1b0 [ 2613.960958] ? do_syscall_64+0x33/0x40 [ 2613.961875] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2613.963139] ? lock_acquire+0x197/0x470 [ 2613.964073] ? create_object.isra.0+0x3ad/0xa20 [ 2613.965197] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2613.966313] hwsim_new_radio_nl+0x991/0x1080 [ 2613.967365] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2613.968603] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2613.970182] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2613.971721] genl_family_rcv_msg_doit+0x22d/0x330 [ 2613.972864] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2613.974404] ? cap_capable+0x1d6/0x240 [ 2613.975334] ? ns_capable+0xe2/0x110 [ 2613.976218] genl_rcv_msg+0x33c/0x5a0 [ 2613.977143] ? genl_get_cmd+0x480/0x480 [ 2613.978083] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2613.979298] ? lock_release+0x680/0x680 [ 2613.980230] ? netlink_deliver_tap+0xf4/0xcd0 [ 2613.981297] netlink_rcv_skb+0x14b/0x430 [ 2613.982253] ? genl_get_cmd+0x480/0x480 [ 2613.983188] ? netlink_ack+0xab0/0xab0 [ 2613.984113] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2613.985193] ? is_vmalloc_addr+0x7b/0xb0 [ 2613.986155] genl_rcv+0x24/0x40 [ 2613.986931] netlink_unicast+0x549/0x7f0 [ 2613.987892] ? netlink_attachskb+0x870/0x870 [ 2613.988940] ? __virt_addr_valid+0x128/0x350 [ 2613.989987] netlink_sendmsg+0x90f/0xdf0 [ 2613.990948] ? netlink_unicast+0x7f0/0x7f0 [ 2613.991952] ? netlink_unicast+0x7f0/0x7f0 [ 2613.992950] sock_sendmsg+0x154/0x190 [ 2613.993843] ____sys_sendmsg+0x70d/0x870 [ 2613.994796] ? kernel_sendmsg+0x50/0x50 [ 2613.995723] ? do_recvmmsg+0x6d0/0x6d0 [ 2613.996639] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2613.997887] ? lock_downgrade+0x6d0/0x6d0 [ 2613.998866] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2614.000097] ___sys_sendmsg+0xf3/0x170 [ 2614.001020] ? sendmsg_copy_msghdr+0x160/0x160 [ 2614.002098] ? lock_downgrade+0x6d0/0x6d0 [ 2614.003070] ? find_held_lock+0x2c/0x110 [ 2614.004032] ? __fget_files+0x296/0x4c0 [ 2614.004985] ? __fget_light+0xea/0x290 [ 2614.005907] __sys_sendmsg+0xe5/0x1b0 [ 2614.006789] ? __sys_sendmsg_sock+0x40/0x40 [ 2614.007787] ? rcu_read_lock_any_held+0x75/0xa0 [ 2614.008902] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2614.010129] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2614.011330] ? trace_hardirqs_on+0x5b/0x180 [ 2614.012321] do_syscall_64+0x33/0x40 [ 2614.013196] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2614.014367] RIP: 0033:0x7f09254a5b19 [ 2614.015232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.019473] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2614.021244] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2614.022898] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2614.024549] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2614.026206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.027856] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2614.092579] device syz_tun left promiscuous mode 07:52:55 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2e8, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:52:55 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000100)={r7, 0x3, 0x6}, 0x10) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f00000000c0)={r7, 0x1, 0x6, @random="b0d3a5574a1e"}, 0x10) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:52:55 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x6c00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:52:55 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5421, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:52:55 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 16) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2614.269618] device syz_tun entered promiscuous mode [ 2614.291454] device syz_tun left promiscuous mode 07:52:55 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 41) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:52:55 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x2000, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2614.334418] FAULT_INJECTION: forcing a failure. [ 2614.334418] name failslab, interval 1, probability 0, space 0, times 0 [ 2614.337009] CPU: 1 PID: 14332 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2614.338453] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2614.340181] Call Trace: [ 2614.340732] dump_stack+0x107/0x167 [ 2614.341512] should_fail.cold+0x5/0xa [ 2614.342307] ? create_object.isra.0+0x3a/0xa20 [ 2614.343240] should_failslab+0x5/0x20 [ 2614.344013] kmem_cache_alloc+0x5b/0x310 [ 2614.344848] create_object.isra.0+0x3a/0xa20 [ 2614.345743] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2614.346783] kmem_cache_alloc+0x159/0x310 [ 2614.347630] __d_alloc+0x2a/0x990 [ 2614.348344] d_alloc_parallel+0x111/0x1bc0 [ 2614.349226] ? __lock_acquire+0x1657/0x5b00 [ 2614.350103] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2614.351171] ? __d_lookup_rcu+0x6d0/0x6d0 [ 2614.352014] ? mark_lock+0xf5/0x2df0 [ 2614.352781] ? lockdep_init_map_type+0x2c7/0x780 [ 2614.353768] ? lockdep_init_map_type+0x2c7/0x780 [ 2614.354748] __lookup_slow+0x193/0x490 [ 2614.355545] ? lookup_open.isra.0+0x1270/0x1270 [ 2614.356506] ? __d_lookup+0x3bf/0x760 [ 2614.357299] ? d_lookup+0xcc/0x130 [ 2614.358032] lookup_one_len+0x167/0x1a0 [ 2614.358841] ? __lookup_slow+0x490/0x490 [ 2614.359666] ? down_write_killable+0x180/0x180 [ 2614.360584] ? do_raw_spin_unlock+0x4f/0x220 [ 2614.361487] ? mntput+0xc/0x90 [ 2614.362134] start_creating.part.0+0x10a/0x230 [ 2614.363059] __debugfs_create_file+0xdb/0x530 [ 2614.363948] do_blk_trace_setup+0x43c/0xc10 [ 2614.364817] ? _copy_from_user+0xfb/0x1b0 [ 2614.365659] __blk_trace_setup+0xca/0x180 [ 2614.366475] ? do_blk_trace_setup+0xc10/0xc10 [ 2614.367381] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2614.368437] blk_trace_ioctl+0x155/0x290 [ 2614.369281] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2614.370243] ? do_vfs_ioctl+0x283/0x10d0 [ 2614.371068] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2614.372105] ? generic_block_fiemap+0x60/0x60 [ 2614.373024] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2614.373976] blkdev_ioctl+0xc1/0x710 [ 2614.374708] ? blkdev_common_ioctl+0x1870/0x1870 [ 2614.375702] ? selinux_file_ioctl+0xb6/0x270 [ 2614.376734] block_ioctl+0xf9/0x140 [ 2614.377612] ? blkdev_read_iter+0x1c0/0x1c0 [ 2614.378634] __x64_sys_ioctl+0x19a/0x210 [ 2614.379602] do_syscall_64+0x33/0x40 [ 2614.380486] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2614.381707] RIP: 0033:0x7fbe5aa67b19 [ 2614.382593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.386951] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2614.388752] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2614.390450] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2614.392128] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2614.393802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.395470] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2614.440876] FAULT_INJECTION: forcing a failure. [ 2614.440876] name failslab, interval 1, probability 0, space 0, times 0 [ 2614.443014] CPU: 0 PID: 14335 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2614.444082] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2614.445356] Call Trace: [ 2614.445772] dump_stack+0x107/0x167 [ 2614.446340] should_fail.cold+0x5/0xa [ 2614.446932] ? create_object.isra.0+0x3a/0xa20 [ 2614.447662] should_failslab+0x5/0x20 [ 2614.448245] kmem_cache_alloc+0x5b/0x310 [ 2614.449014] ? mutex_lock_io_nested+0xf30/0xf30 [ 2614.449743] create_object.isra.0+0x3a/0xa20 [ 2614.450416] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2614.451346] kmem_cache_alloc+0x159/0x310 [ 2614.451997] __kernfs_new_node+0xd4/0x850 [ 2614.452748] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2614.453503] ? lock_acquire+0x197/0x470 [ 2614.454224] ? find_held_lock+0x2c/0x110 [ 2614.454862] ? sysfs_do_create_link_sd+0x82/0x140 [ 2614.455732] kernfs_new_node+0x93/0x120 [ 2614.456349] kernfs_create_link+0xcb/0x230 [ 2614.457134] sysfs_do_create_link_sd+0x90/0x140 [ 2614.457851] sysfs_create_link+0x5f/0xc0 [ 2614.458476] device_add+0x5e1/0x1bc0 [ 2614.459159] ? devlink_add_symlinks+0x970/0x970 [ 2614.459884] device_create_groups_vargs+0x207/0x280 [ 2614.460785] device_create+0xdc/0x120 [ 2614.461386] ? device_create_groups_vargs+0x280/0x280 [ 2614.462315] ? init_timer_key+0x12a/0x240 [ 2614.462971] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2614.463852] mac80211_hwsim_new_radio+0x352/0x4250 [ 2614.464617] ? insn_get_effective_ip+0x133/0x1c0 [ 2614.465488] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2614.466220] hwsim_new_radio_nl+0x991/0x1080 [ 2614.466905] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2614.467845] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2614.468862] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2614.470044] genl_family_rcv_msg_doit+0x22d/0x330 [ 2614.470788] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2614.471964] ? cap_capable+0x1d6/0x240 [ 2614.472586] ? ns_capable+0xe2/0x110 [ 2614.473179] genl_rcv_msg+0x33c/0x5a0 [ 2614.473767] ? genl_get_cmd+0x480/0x480 [ 2614.474375] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2614.475178] ? lock_release+0x680/0x680 [ 2614.475790] ? netlink_deliver_tap+0xf4/0xcd0 [ 2614.476485] netlink_rcv_skb+0x14b/0x430 [ 2614.477121] ? genl_get_cmd+0x480/0x480 [ 2614.477732] ? netlink_ack+0xab0/0xab0 [ 2614.478338] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2614.479043] ? is_vmalloc_addr+0x7b/0xb0 [ 2614.479668] genl_rcv+0x24/0x40 [ 2614.480181] netlink_unicast+0x549/0x7f0 [ 2614.480815] ? netlink_attachskb+0x870/0x870 [ 2614.481496] ? __virt_addr_valid+0x128/0x350 [ 2614.482185] netlink_sendmsg+0x90f/0xdf0 [ 2614.482913] ? netlink_unicast+0x7f0/0x7f0 [ 2614.483566] ? netlink_unicast+0x7f0/0x7f0 [ 2614.484252] sock_sendmsg+0x154/0x190 [ 2614.484840] ____sys_sendmsg+0x70d/0x870 [ 2614.485469] ? kernel_sendmsg+0x50/0x50 [ 2614.486048] ? do_recvmmsg+0x6d0/0x6d0 [ 2614.486641] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2614.487425] ? lock_downgrade+0x6d0/0x6d0 [ 2614.488051] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2614.488853] ___sys_sendmsg+0xf3/0x170 [ 2614.489441] ? sendmsg_copy_msghdr+0x160/0x160 [ 2614.490132] ? lock_downgrade+0x6d0/0x6d0 [ 2614.490758] ? find_held_lock+0x2c/0x110 [ 2614.491372] ? __fget_files+0x296/0x4c0 [ 2614.491982] ? __fget_light+0xea/0x290 [ 2614.492576] __sys_sendmsg+0xe5/0x1b0 [ 2614.493152] ? __sys_sendmsg_sock+0x40/0x40 [ 2614.493793] ? rcu_read_lock_any_held+0x75/0xa0 [ 2614.494503] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2614.495293] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2614.496068] ? trace_hardirqs_on+0x5b/0x180 [ 2614.496724] do_syscall_64+0x33/0x40 [ 2614.497298] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2614.498062] RIP: 0033:0x7f09254a5b19 [ 2614.498631] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2614.501390] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2614.502528] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2614.503618] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2614.504680] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2614.505756] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2614.506818] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:10 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 42) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:10 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x4000, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:53:10 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) r5 = socket$packet(0x11, 0x3, 0x300) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) setsockopt$packet_add_memb(r5, 0x107, 0x1, &(0x7f0000000100)={r7, 0x3, 0x6}, 0x10) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:10 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x7400000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:10 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5450, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:10 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2e9, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:10 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:10 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 17) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2630.030800] FAULT_INJECTION: forcing a failure. [ 2630.030800] name failslab, interval 1, probability 0, space 0, times 0 [ 2630.033271] CPU: 0 PID: 14352 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2630.034702] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2630.036400] Call Trace: [ 2630.036944] dump_stack+0x107/0x167 [ 2630.037711] should_fail.cold+0x5/0xa [ 2630.038492] ? __kernfs_new_node+0xd4/0x850 [ 2630.039372] should_failslab+0x5/0x20 [ 2630.040151] kmem_cache_alloc+0x5b/0x310 [ 2630.040979] __kernfs_new_node+0xd4/0x850 [ 2630.041842] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2630.042812] ? lock_acquire+0x197/0x470 [ 2630.043618] ? find_held_lock+0x2c/0x110 [ 2630.044463] ? sysfs_do_create_link_sd+0x82/0x140 [ 2630.045452] kernfs_new_node+0x93/0x120 [ 2630.046275] kernfs_create_link+0xcb/0x230 [ 2630.047147] sysfs_do_create_link_sd+0x90/0x140 [ 2630.048089] sysfs_create_link+0x5f/0xc0 [ 2630.048911] device_add+0x5e1/0x1bc0 [ 2630.049690] ? devlink_add_symlinks+0x970/0x970 [ 2630.050649] device_create_groups_vargs+0x207/0x280 [ 2630.051661] device_create+0xdc/0x120 [ 2630.052438] ? device_create_groups_vargs+0x280/0x280 [ 2630.053493] ? init_timer_key+0x12a/0x240 [ 2630.054341] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2630.055329] mac80211_hwsim_new_radio+0x352/0x4250 [ 2630.056314] ? ____sys_sendmsg+0x70d/0x870 [ 2630.057182] ? ___sys_sendmsg+0xf3/0x170 [ 2630.058010] ? __sys_sendmsg+0xe5/0x1b0 [ 2630.058803] ? do_syscall_64+0x33/0x40 [ 2630.059583] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2630.060830] ? lock_acquire+0x197/0x470 [ 2630.061633] ? create_object.isra.0+0x3ad/0xa20 [ 2630.062573] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2630.063513] hwsim_new_radio_nl+0x991/0x1080 [ 2630.064397] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2630.065460] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2630.066779] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2630.068090] genl_family_rcv_msg_doit+0x22d/0x330 [ 2630.069081] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2630.070403] ? cap_capable+0x1d6/0x240 [ 2630.071195] ? ns_capable+0xe2/0x110 [ 2630.071948] genl_rcv_msg+0x33c/0x5a0 [ 2630.072718] ? genl_get_cmd+0x480/0x480 [ 2630.073525] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2630.074561] ? lock_release+0x680/0x680 [ 2630.075362] ? netlink_deliver_tap+0xf4/0xcd0 [ 2630.076267] netlink_rcv_skb+0x14b/0x430 [ 2630.077088] ? genl_get_cmd+0x480/0x480 [ 2630.077888] ? netlink_ack+0xab0/0xab0 [ 2630.078681] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2630.079594] ? is_vmalloc_addr+0x7b/0xb0 [ 2630.080411] genl_rcv+0x24/0x40 [ 2630.081092] netlink_unicast+0x549/0x7f0 [ 2630.081915] ? netlink_attachskb+0x870/0x870 [ 2630.082797] ? __virt_addr_valid+0x128/0x350 [ 2630.083691] netlink_sendmsg+0x90f/0xdf0 [ 2630.084514] ? netlink_unicast+0x7f0/0x7f0 [ 2630.085381] ? netlink_unicast+0x7f0/0x7f0 [ 2630.086227] sock_sendmsg+0x154/0x190 [ 2630.086989] ____sys_sendmsg+0x70d/0x870 [ 2630.087804] ? kernel_sendmsg+0x50/0x50 [ 2630.088597] ? do_recvmmsg+0x6d0/0x6d0 [ 2630.089386] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2630.090434] ? lock_downgrade+0x6d0/0x6d0 [ 2630.091288] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2630.092343] ___sys_sendmsg+0xf3/0x170 [ 2630.093146] ? sendmsg_copy_msghdr+0x160/0x160 [ 2630.094066] ? lock_downgrade+0x6d0/0x6d0 [ 2630.095047] ? find_held_lock+0x2c/0x110 [ 2630.096090] ? __fget_files+0x296/0x4c0 [ 2630.097133] ? __fget_light+0xea/0x290 [ 2630.098139] __sys_sendmsg+0xe5/0x1b0 [ 2630.098964] ? __sys_sendmsg_sock+0x40/0x40 [ 2630.099870] ? rcu_read_lock_any_held+0x75/0xa0 [ 2630.100899] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2630.102018] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2630.103087] ? trace_hardirqs_on+0x5b/0x180 [ 2630.103968] do_syscall_64+0x33/0x40 [ 2630.104717] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2630.105767] RIP: 0033:0x7f09254a5b19 [ 2630.106521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2630.110200] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2630.111721] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2630.113164] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2630.114588] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2630.116049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2630.117485] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x7800000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2630.166917] FAULT_INJECTION: forcing a failure. [ 2630.166917] name failslab, interval 1, probability 0, space 0, times 0 [ 2630.169503] CPU: 0 PID: 14370 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2630.170896] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2630.172618] Call Trace: [ 2630.173181] dump_stack+0x107/0x167 [ 2630.173923] should_fail.cold+0x5/0xa [ 2630.174691] ? alloc_inode+0x171/0x240 [ 2630.175489] should_failslab+0x5/0x20 [ 2630.176257] kmem_cache_alloc+0x5b/0x310 [ 2630.177084] ? __lookup_slow+0x490/0x490 [ 2630.177918] alloc_inode+0x171/0x240 [ 2630.178685] new_inode+0x23/0x250 [ 2630.179390] debugfs_get_inode+0x1a/0x130 [ 2630.180222] __debugfs_create_file+0x14e/0x530 [ 2630.181170] do_blk_trace_setup+0x43c/0xc10 [ 2630.182039] ? _copy_from_user+0xfb/0x1b0 [ 2630.182060] __blk_trace_setup+0xca/0x180 [ 2630.182077] ? do_blk_trace_setup+0xc10/0xc10 [ 2630.182098] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2630.182136] blk_trace_ioctl+0x155/0x290 [ 2630.182154] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2630.182169] ? do_vfs_ioctl+0x283/0x10d0 [ 2630.182186] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2630.182203] ? generic_block_fiemap+0x60/0x60 [ 2630.182224] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2630.182246] blkdev_ioctl+0xc1/0x710 [ 2630.182264] ? blkdev_common_ioctl+0x1870/0x1870 [ 2630.182285] ? selinux_file_ioctl+0xb6/0x270 [ 2630.182310] block_ioctl+0xf9/0x140 [ 2630.182335] ? blkdev_read_iter+0x1c0/0x1c0 [ 2630.195477] __x64_sys_ioctl+0x19a/0x210 [ 2630.196302] do_syscall_64+0x33/0x40 [ 2630.197199] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2630.198496] RIP: 0033:0x7fbe5aa67b19 [ 2630.199419] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2630.203686] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2630.205297] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2630.206796] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2630.208229] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2630.209674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2630.211107] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2630.213492] debugfs: out of free dentries, can not create file 'msg' 07:53:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x7a00000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2630.221418] device syz_tun entered promiscuous mode 07:53:11 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5451, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2630.250617] device syz_tun left promiscuous mode 07:53:11 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2ea, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x8102000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:11 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) socket$packet(0x11, 0x3, 0x300) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x8cffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:11 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x4800, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2644.295475] FAULT_INJECTION: forcing a failure. [ 2644.295475] name failslab, interval 1, probability 0, space 0, times 0 [ 2644.297175] CPU: 1 PID: 14408 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2644.298030] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2644.299045] Call Trace: [ 2644.299380] dump_stack+0x107/0x167 [ 2644.299819] should_fail.cold+0x5/0xa [ 2644.300290] ? create_object.isra.0+0x3a/0xa20 [ 2644.300857] should_failslab+0x5/0x20 [ 2644.301327] kmem_cache_alloc+0x5b/0x310 [ 2644.301824] create_object.isra.0+0x3a/0xa20 07:53:25 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 43) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:25 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5452, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:25 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) socket$packet(0x11, 0x3, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xea2f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:25 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2eb, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:25 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 18) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:53:25 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x5000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:25 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x4c00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2644.302347] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2644.303097] kmem_cache_alloc+0x159/0x310 [ 2644.303597] alloc_inode+0x171/0x240 [ 2644.304044] new_inode+0x23/0x250 [ 2644.304472] debugfs_get_inode+0x1a/0x130 [ 2644.304977] __debugfs_create_file+0x14e/0x530 [ 2644.305579] do_blk_trace_setup+0x43c/0xc10 [ 2644.306122] ? _copy_from_user+0xfb/0x1b0 [ 2644.306647] __blk_trace_setup+0xca/0x180 [ 2644.307172] ? do_blk_trace_setup+0xc10/0xc10 [ 2644.307739] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2644.308392] blk_trace_ioctl+0x155/0x290 [ 2644.308905] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2644.309534] ? do_vfs_ioctl+0x283/0x10d0 [ 2644.310059] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2644.310723] ? generic_block_fiemap+0x60/0x60 [ 2644.311292] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2644.311892] blkdev_ioctl+0xc1/0x710 [ 2644.312369] ? blkdev_common_ioctl+0x1870/0x1870 [ 2644.312966] ? selinux_file_ioctl+0xb6/0x270 [ 2644.313539] block_ioctl+0xf9/0x140 [ 2644.313998] ? blkdev_read_iter+0x1c0/0x1c0 [ 2644.314550] __x64_sys_ioctl+0x19a/0x210 [ 2644.315066] do_syscall_64+0x33/0x40 [ 2644.315533] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2644.316178] RIP: 0033:0x7fbe5aa67b19 [ 2644.316622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2644.318934] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2644.319887] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2644.320788] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2644.321694] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2644.322604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2644.323496] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2644.333015] FAULT_INJECTION: forcing a failure. [ 2644.333015] name failslab, interval 1, probability 0, space 0, times 0 [ 2644.334533] CPU: 1 PID: 14422 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2644.335346] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2644.336323] Call Trace: [ 2644.336638] dump_stack+0x107/0x167 [ 2644.337071] should_fail.cold+0x5/0xa [ 2644.337534] ? create_object.isra.0+0x3a/0xa20 [ 2644.338089] should_failslab+0x5/0x20 [ 2644.338542] kmem_cache_alloc+0x5b/0x310 [ 2644.339025] ? mutex_lock_io_nested+0xf30/0xf30 [ 2644.339587] create_object.isra.0+0x3a/0xa20 [ 2644.340104] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2644.340711] kmem_cache_alloc+0x159/0x310 [ 2644.341214] __kernfs_new_node+0xd4/0x850 [ 2644.341731] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2644.342310] ? lock_acquire+0x197/0x470 [ 2644.342802] ? find_held_lock+0x2c/0x110 [ 2644.343314] ? sysfs_do_create_link_sd+0x82/0x140 [ 2644.343923] kernfs_new_node+0x93/0x120 [ 2644.344422] kernfs_create_link+0xcb/0x230 [ 2644.344950] sysfs_do_create_link_sd+0x90/0x140 [ 2644.345516] sysfs_create_link+0x5f/0xc0 [ 2644.346022] device_add+0x5e1/0x1bc0 [ 2644.346486] ? devlink_add_symlinks+0x970/0x970 [ 2644.347072] device_create_groups_vargs+0x207/0x280 [ 2644.347665] device_create+0xdc/0x120 [ 2644.348138] ? device_create_groups_vargs+0x280/0x280 [ 2644.348745] ? init_timer_key+0x12a/0x240 [ 2644.349272] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2644.349846] mac80211_hwsim_new_radio+0x352/0x4250 [ 2644.350450] ? ____sys_sendmsg+0x70d/0x870 [ 2644.350968] ? ___sys_sendmsg+0xf3/0x170 [ 2644.351475] ? __sys_sendmsg+0xe5/0x1b0 [ 2644.351965] ? do_syscall_64+0x33/0x40 [ 2644.352443] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2644.353099] ? lock_acquire+0x197/0x470 [ 2644.353582] ? create_object.isra.0+0x3ad/0xa20 [ 2644.354154] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2644.354732] hwsim_new_radio_nl+0x991/0x1080 [ 2644.355277] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2644.355917] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2644.356734] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2644.357556] genl_family_rcv_msg_doit+0x22d/0x330 [ 2644.358153] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2644.358964] ? cap_capable+0x1d6/0x240 [ 2644.359448] ? ns_capable+0xe2/0x110 [ 2644.359907] genl_rcv_msg+0x33c/0x5a0 [ 2644.360385] ? genl_get_cmd+0x480/0x480 [ 2644.360881] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2644.361534] ? lock_release+0x680/0x680 [ 2644.362024] ? netlink_deliver_tap+0xf4/0xcd0 [ 2644.362585] netlink_rcv_skb+0x14b/0x430 [ 2644.363068] ? genl_get_cmd+0x480/0x480 [ 2644.363563] ? netlink_ack+0xab0/0xab0 [ 2644.364048] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2644.364610] ? is_vmalloc_addr+0x7b/0xb0 [ 2644.365112] genl_rcv+0x24/0x40 [ 2644.365522] netlink_unicast+0x549/0x7f0 [ 2644.366022] ? netlink_attachskb+0x870/0x870 [ 2644.366569] ? __virt_addr_valid+0x128/0x350 [ 2644.367113] netlink_sendmsg+0x90f/0xdf0 [ 2644.367611] ? netlink_unicast+0x7f0/0x7f0 [ 2644.368135] ? netlink_unicast+0x7f0/0x7f0 [ 2644.368654] sock_sendmsg+0x154/0x190 [ 2644.369117] ____sys_sendmsg+0x70d/0x870 [ 2644.369601] ? kernel_sendmsg+0x50/0x50 [ 2644.370089] ? do_recvmmsg+0x6d0/0x6d0 [ 2644.370548] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2644.371190] ? lock_downgrade+0x6d0/0x6d0 [ 2644.371677] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2644.372324] ___sys_sendmsg+0xf3/0x170 [ 2644.372779] ? sendmsg_copy_msghdr+0x160/0x160 [ 2644.373353] ? lock_downgrade+0x6d0/0x6d0 [ 2644.373841] ? find_held_lock+0x2c/0x110 [ 2644.374340] ? __fget_files+0x296/0x4c0 [ 2644.374800] ? __fget_light+0xea/0x290 [ 2644.375261] __sys_sendmsg+0xe5/0x1b0 [ 2644.375721] ? __sys_sendmsg_sock+0x40/0x40 [ 2644.376223] ? rcu_read_lock_any_held+0x75/0xa0 [ 2644.376795] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2644.377415] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2644.378038] ? trace_hardirqs_on+0x5b/0x180 [ 2644.378540] do_syscall_64+0x33/0x40 [ 2644.378990] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2644.379585] RIP: 0033:0x7f09254a5b19 [ 2644.380033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2644.382159] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2644.383072] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2644.383939] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2644.384804] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2644.385682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2644.386537] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:25 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2ec, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:25 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:25 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5460, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf02f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:25 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r4, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x3003}, 0x4) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:25 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf0ffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:25 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 19) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:53:25 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x5201, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2644.725892] FAULT_INJECTION: forcing a failure. [ 2644.725892] name failslab, interval 1, probability 0, space 0, times 0 [ 2644.727161] CPU: 1 PID: 14452 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2644.727890] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2644.728788] Call Trace: [ 2644.729079] dump_stack+0x107/0x167 [ 2644.729472] should_fail.cold+0x5/0xa [ 2644.729880] ? security_inode_alloc+0x34/0x160 [ 2644.730369] should_failslab+0x5/0x20 [ 2644.730771] kmem_cache_alloc+0x5b/0x310 [ 2644.731207] security_inode_alloc+0x34/0x160 [ 2644.731676] inode_init_always+0xa4e/0xd10 [ 2644.732134] alloc_inode+0x84/0x240 [ 2644.732517] new_inode+0x23/0x250 [ 2644.732889] debugfs_get_inode+0x1a/0x130 [ 2644.733359] __debugfs_create_file+0x14e/0x530 [ 2644.733852] do_blk_trace_setup+0x43c/0xc10 [ 2644.734306] ? _copy_from_user+0xfb/0x1b0 [ 2644.734755] __blk_trace_setup+0xca/0x180 [ 2644.735199] ? do_blk_trace_setup+0xc10/0xc10 [ 2644.735677] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2644.736241] blk_trace_ioctl+0x155/0x290 [ 2644.736666] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2644.737182] ? do_vfs_ioctl+0x283/0x10d0 [ 2644.737626] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2644.738184] ? generic_block_fiemap+0x60/0x60 [ 2644.738659] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2644.739170] blkdev_ioctl+0xc1/0x710 [ 2644.739563] ? blkdev_common_ioctl+0x1870/0x1870 [ 2644.740060] ? selinux_file_ioctl+0xb6/0x270 [ 2644.740529] block_ioctl+0xf9/0x140 [ 2644.740918] ? blkdev_read_iter+0x1c0/0x1c0 [ 2644.741378] __x64_sys_ioctl+0x19a/0x210 [ 2644.741808] do_syscall_64+0x33/0x40 [ 2644.742208] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2644.742755] RIP: 0033:0x7fbe5aa67b19 [ 2644.743150] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2644.745078] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2644.745888] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2644.746638] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2644.747392] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2644.748149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2644.748901] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2644.749865] debugfs: out of free dentries, can not create file 'msg' 07:53:40 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 20) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:53:40 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 44) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:40 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2ed, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:40 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) socket$packet(0x11, 0x2, 0x300) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:40 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf103000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:40 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:40 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x6800, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:53:40 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40049409, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2659.870682] FAULT_INJECTION: forcing a failure. [ 2659.870682] name failslab, interval 1, probability 0, space 0, times 0 [ 2659.873270] CPU: 1 PID: 14467 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2659.874679] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2659.876373] Call Trace: [ 2659.876920] dump_stack+0x107/0x167 [ 2659.877683] should_fail.cold+0x5/0xa [ 2659.878454] ? create_object.isra.0+0x3a/0xa20 [ 2659.879386] should_failslab+0x5/0x20 [ 2659.880175] kmem_cache_alloc+0x5b/0x310 [ 2659.881009] create_object.isra.0+0x3a/0xa20 [ 2659.881911] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2659.882944] kmem_cache_alloc+0x159/0x310 [ 2659.883792] __kernfs_new_node+0xd4/0x850 [ 2659.884639] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2659.885632] ? lock_acquire+0x197/0x470 [ 2659.886429] ? find_held_lock+0x2c/0x110 [ 2659.887254] ? sysfs_do_create_link_sd+0x82/0x140 [ 2659.887701] FAULT_INJECTION: forcing a failure. [ 2659.887701] name failslab, interval 1, probability 0, space 0, times 0 [ 2659.888220] kernfs_new_node+0x93/0x120 [ 2659.888253] kernfs_create_link+0xcb/0x230 [ 2659.892085] sysfs_do_create_link_sd+0x90/0x140 [ 2659.893030] sysfs_create_link+0x5f/0xc0 [ 2659.893862] device_add+0x703/0x1bc0 [ 2659.894621] ? devlink_add_symlinks+0x970/0x970 [ 2659.895569] device_create_groups_vargs+0x207/0x280 [ 2659.896587] device_create+0xdc/0x120 [ 2659.897349] ? device_create_groups_vargs+0x280/0x280 [ 2659.898400] ? init_timer_key+0x12a/0x240 [ 2659.899246] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2659.900222] mac80211_hwsim_new_radio+0x352/0x4250 [ 2659.901207] ? ____sys_sendmsg+0x70d/0x870 [ 2659.902067] ? ___sys_sendmsg+0xf3/0x170 [ 2659.902880] ? __sys_sendmsg+0xe5/0x1b0 [ 2659.903685] ? do_syscall_64+0x33/0x40 [ 2659.904468] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2659.905560] ? lock_acquire+0x197/0x470 [ 2659.906355] ? create_object.isra.0+0x3ad/0xa20 [ 2659.907401] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2659.908326] hwsim_new_radio_nl+0x991/0x1080 [ 2659.909196] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2659.910236] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2659.911524] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2659.912804] genl_family_rcv_msg_doit+0x22d/0x330 [ 2659.913770] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2659.915068] ? cap_capable+0x1d6/0x240 [ 2659.915842] ? ns_capable+0xe2/0x110 [ 2659.916575] genl_rcv_msg+0x33c/0x5a0 [ 2659.917325] ? genl_get_cmd+0x480/0x480 [ 2659.918114] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2659.919124] ? lock_release+0x680/0x680 [ 2659.919899] ? netlink_deliver_tap+0xf4/0xcd0 [ 2659.920785] netlink_rcv_skb+0x14b/0x430 [ 2659.921596] ? genl_get_cmd+0x480/0x480 [ 2659.922378] ? netlink_ack+0xab0/0xab0 [ 2659.923152] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2659.924046] ? is_vmalloc_addr+0x7b/0xb0 [ 2659.924852] genl_rcv+0x24/0x40 [ 2659.925503] netlink_unicast+0x549/0x7f0 [ 2659.926335] ? netlink_attachskb+0x870/0x870 [ 2659.927191] ? __virt_addr_valid+0x128/0x350 [ 2659.928091] netlink_sendmsg+0x90f/0xdf0 [ 2659.928901] ? netlink_unicast+0x7f0/0x7f0 [ 2659.929747] ? netlink_unicast+0x7f0/0x7f0 [ 2659.930577] sock_sendmsg+0x154/0x190 [ 2659.931324] ____sys_sendmsg+0x70d/0x870 [ 2659.932118] ? kernel_sendmsg+0x50/0x50 [ 2659.932890] ? do_recvmmsg+0x6d0/0x6d0 [ 2659.933670] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2659.934703] ? lock_downgrade+0x6d0/0x6d0 [ 2659.935520] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2659.936556] ___sys_sendmsg+0xf3/0x170 [ 2659.937322] ? sendmsg_copy_msghdr+0x160/0x160 [ 2659.938230] ? lock_downgrade+0x6d0/0x6d0 [ 2659.939048] ? find_held_lock+0x2c/0x110 [ 2659.939853] ? __fget_files+0x296/0x4c0 [ 2659.940644] ? __fget_light+0xea/0x290 [ 2659.941414] __sys_sendmsg+0xe5/0x1b0 [ 2659.942178] ? __sys_sendmsg_sock+0x40/0x40 [ 2659.943022] ? rcu_read_lock_any_held+0x75/0xa0 [ 2659.943951] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2659.944979] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2659.945996] ? trace_hardirqs_on+0x5b/0x180 [ 2659.946845] do_syscall_64+0x33/0x40 [ 2659.947577] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2659.948581] RIP: 0033:0x7f09254a5b19 [ 2659.949316] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2659.952926] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2659.954422] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2659.955827] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2659.957229] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2659.958630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2659.960025] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2659.961471] CPU: 0 PID: 14476 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2659.962846] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2659.964481] Call Trace: [ 2659.965004] dump_stack+0x107/0x167 [ 2659.965758] should_fail.cold+0x5/0xa [ 2659.966516] ? create_object.isra.0+0x3a/0xa20 [ 2659.967413] should_failslab+0x5/0x20 [ 2659.968159] kmem_cache_alloc+0x5b/0x310 [ 2659.968962] create_object.isra.0+0x3a/0xa20 [ 2659.969832] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2659.970833] kmem_cache_alloc+0x159/0x310 [ 2659.971656] security_inode_alloc+0x34/0x160 [ 2659.972524] inode_init_always+0xa4e/0xd10 [ 2659.973361] alloc_inode+0x84/0x240 [ 2659.974110] new_inode+0x23/0x250 [ 2659.974796] debugfs_get_inode+0x1a/0x130 [ 2659.975610] __debugfs_create_file+0x14e/0x530 [ 2659.976512] do_blk_trace_setup+0x43c/0xc10 [ 2659.977365] ? _copy_from_user+0xfb/0x1b0 [ 2659.978197] __blk_trace_setup+0xca/0x180 [ 2659.979012] ? do_blk_trace_setup+0xc10/0xc10 [ 2659.979892] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2659.980941] blk_trace_ioctl+0x155/0x290 [ 2659.981749] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2659.982710] ? do_vfs_ioctl+0x283/0x10d0 [ 2659.983504] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2659.984530] ? generic_block_fiemap+0x60/0x60 [ 2659.985420] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2659.986373] blkdev_ioctl+0xc1/0x710 [ 2659.987102] ? blkdev_common_ioctl+0x1870/0x1870 [ 2659.988032] ? selinux_file_ioctl+0xb6/0x270 [ 2659.988910] block_ioctl+0xf9/0x140 [ 2659.989633] ? blkdev_read_iter+0x1c0/0x1c0 [ 2659.990478] __x64_sys_ioctl+0x19a/0x210 [ 2659.991277] do_syscall_64+0x33/0x40 [ 2659.992009] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2659.993010] RIP: 0033:0x7fbe5aa67b19 [ 2659.993745] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2659.997335] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2659.998834] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2660.000228] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2660.001629] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2660.003020] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2660.004414] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:53:40 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) bind$packet(r1, &(0x7f00000001c0)={0x11, 0x19, r3, 0x1, 0x0, 0x6, @random="2729c72b7f49"}, 0x14) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r3}) 07:53:40 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf40f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:41 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40081271, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2ee, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf5ffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:41 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:53:41 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 45) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2660.385694] FAULT_INJECTION: forcing a failure. [ 2660.385694] name failslab, interval 1, probability 0, space 0, times 0 [ 2660.387929] CPU: 0 PID: 14509 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2660.389246] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2660.390753] Call Trace: [ 2660.391263] dump_stack+0x107/0x167 [ 2660.391920] should_fail.cold+0x5/0xa [ 2660.392647] ? create_object.isra.0+0x3a/0xa20 [ 2660.393523] should_failslab+0x5/0x20 [ 2660.394251] kmem_cache_alloc+0x5b/0x310 [ 2660.395022] ? kernfs_activate+0x2c/0x1d0 [ 2660.395821] create_object.isra.0+0x3a/0xa20 [ 2660.396649] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2660.397643] kmem_cache_alloc+0x159/0x310 [ 2660.398422] __kernfs_new_node+0xd4/0x850 [ 2660.399213] ? find_held_lock+0x2c/0x110 [ 2660.399953] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2660.400837] ? kernfs_add_one+0x36e/0x4d0 [ 2660.401617] ? mutex_lock_io_nested+0xf30/0xf30 [ 2660.402461] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2660.403354] kernfs_create_dir_ns+0x9c/0x230 [ 2660.404164] internal_create_group+0x793/0xb30 [ 2660.404977] ? sysfs_remove_group+0x170/0x170 [ 2660.405833] ? kernfs_put+0x31/0x50 [ 2660.406513] dpm_sysfs_add+0x82/0x290 [ 2660.407217] device_add+0x9b7/0x1bc0 [ 2660.407912] ? devlink_add_symlinks+0x970/0x970 [ 2660.408787] device_create_groups_vargs+0x207/0x280 [ 2660.409733] device_create+0xdc/0x120 [ 2660.410446] ? device_create_groups_vargs+0x280/0x280 [ 2660.411402] ? init_timer_key+0x12a/0x240 [ 2660.412181] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2660.413046] mac80211_hwsim_new_radio+0x352/0x4250 [ 2660.413913] ? ____sys_sendmsg+0x70d/0x870 [ 2660.414662] ? ___sys_sendmsg+0xf3/0x170 [ 2660.415371] ? __sys_sendmsg+0xe5/0x1b0 [ 2660.416063] ? do_syscall_64+0x33/0x40 [ 2660.416753] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2660.417692] ? lock_acquire+0x197/0x470 [ 2660.418383] ? create_object.isra.0+0x3ad/0xa20 [ 2660.419206] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2660.420030] hwsim_new_radio_nl+0x991/0x1080 [ 2660.420804] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2660.421739] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2660.422905] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2660.424047] genl_family_rcv_msg_doit+0x22d/0x330 [ 2660.424895] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2660.426074] ? cap_capable+0x1d6/0x240 [ 2660.426797] ? ns_capable+0xe2/0x110 [ 2660.427457] genl_rcv_msg+0x33c/0x5a0 [ 2660.428130] ? genl_get_cmd+0x480/0x480 [ 2660.428836] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2660.429755] ? lock_release+0x680/0x680 [ 2660.430451] ? netlink_deliver_tap+0xf4/0xcd0 [ 2660.431261] netlink_rcv_skb+0x14b/0x430 [ 2660.431972] ? genl_get_cmd+0x480/0x480 [ 2660.432673] ? netlink_ack+0xab0/0xab0 [ 2660.433359] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2660.434167] ? is_vmalloc_addr+0x7b/0xb0 [ 2660.434890] genl_rcv+0x24/0x40 [ 2660.435465] netlink_unicast+0x549/0x7f0 [ 2660.436195] ? netlink_attachskb+0x870/0x870 [ 2660.436967] ? __virt_addr_valid+0x128/0x350 [ 2660.437763] netlink_sendmsg+0x90f/0xdf0 [ 2660.438473] ? netlink_unicast+0x7f0/0x7f0 [ 2660.439218] ? netlink_unicast+0x7f0/0x7f0 [ 2660.439967] sock_sendmsg+0x154/0x190 [ 2660.440634] ____sys_sendmsg+0x70d/0x870 [ 2660.441338] ? kernel_sendmsg+0x50/0x50 [ 2660.442041] ? do_recvmmsg+0x6d0/0x6d0 [ 2660.442720] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2660.443628] ? lock_downgrade+0x6d0/0x6d0 [ 2660.444348] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2660.445261] ___sys_sendmsg+0xf3/0x170 [ 2660.445954] ? sendmsg_copy_msghdr+0x160/0x160 [ 2660.446748] ? lock_downgrade+0x6d0/0x6d0 [ 2660.447468] ? find_held_lock+0x2c/0x110 [ 2660.448180] ? __fget_files+0x296/0x4c0 [ 2660.448878] ? __fget_light+0xea/0x290 [ 2660.449572] __sys_sendmsg+0xe5/0x1b0 [ 2660.450233] ? __sys_sendmsg_sock+0x40/0x40 [ 2660.450997] ? rcu_read_lock_any_held+0x75/0xa0 [ 2660.451816] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2660.452715] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2660.453641] ? trace_hardirqs_on+0x5b/0x180 [ 2660.454383] do_syscall_64+0x33/0x40 [ 2660.455036] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2660.455932] RIP: 0033:0x7f09254a5b19 [ 2660.456569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2660.459754] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2660.461092] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2660.462346] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2660.463566] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2660.464789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2660.466043] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:57 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2ef, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:57 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40086602, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:57 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 46) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:53:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf6ffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:57 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 21) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:53:57 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x6c00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:53:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:53:57 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2676.245457] FAULT_INJECTION: forcing a failure. [ 2676.245457] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2676.248209] CPU: 1 PID: 14535 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2676.249598] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2676.251263] Call Trace: [ 2676.251805] dump_stack+0x107/0x167 [ 2676.252532] should_fail.cold+0x5/0xa [ 2676.253305] __alloc_pages_nodemask+0x182/0x600 [ 2676.254261] ? lock_acquire+0x197/0x470 [ 2676.255057] ? lockref_get+0x11/0x50 [ 2676.255439] FAULT_INJECTION: forcing a failure. [ 2676.255439] name failslab, interval 1, probability 0, space 0, times 0 [ 2676.255807] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2676.255836] ? lock_downgrade+0x6d0/0x6d0 [ 2676.260042] ? do_raw_spin_lock+0x121/0x260 [ 2676.260904] ? rwlock_bug.part.0+0x90/0x90 [ 2676.261760] alloc_pages_current+0x187/0x280 [ 2676.262669] __get_free_pages+0xc/0xa0 [ 2676.263465] inode_doinit_with_dentry+0x8f1/0x1240 [ 2676.264457] ? hrtimer_start_range_ns+0x6d7/0xae0 [ 2676.265421] ? hrtimers_resume+0x10/0xf0 [ 2676.266263] ? selinux_file_lock+0x280/0x280 [ 2676.267144] ? current_time+0x1e6/0x2c0 [ 2676.267942] ? igrab+0xc0/0xc0 [ 2676.268597] selinux_d_instantiate+0x23/0x30 [ 2676.269475] security_d_instantiate+0x56/0xe0 [ 2676.270376] d_instantiate+0x5a/0x90 [ 2676.271128] __debugfs_create_file+0x246/0x530 [ 2676.272042] do_blk_trace_setup+0x43c/0xc10 [ 2676.272927] ? _copy_from_user+0xfb/0x1b0 [ 2676.273785] __blk_trace_setup+0xca/0x180 [ 2676.274613] ? do_blk_trace_setup+0xc10/0xc10 [ 2676.275508] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2676.276580] blk_trace_ioctl+0x155/0x290 [ 2676.277387] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2676.278379] ? do_vfs_ioctl+0x283/0x10d0 [ 2676.279185] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2676.280226] ? generic_block_fiemap+0x60/0x60 [ 2676.281125] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2676.282093] blkdev_ioctl+0xc1/0x710 [ 2676.282835] ? blkdev_common_ioctl+0x1870/0x1870 [ 2676.283784] ? selinux_file_ioctl+0xb6/0x270 [ 2676.284664] block_ioctl+0xf9/0x140 [ 2676.285389] ? blkdev_read_iter+0x1c0/0x1c0 [ 2676.286255] __x64_sys_ioctl+0x19a/0x210 [ 2676.287065] do_syscall_64+0x33/0x40 [ 2676.287808] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2676.288828] RIP: 0033:0x7fbe5aa67b19 [ 2676.289576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2676.293631] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2676.295355] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2676.296958] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2676.298597] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2676.300200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2676.301626] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2676.303968] CPU: 0 PID: 14536 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2676.305407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2676.307112] Call Trace: [ 2676.307662] dump_stack+0x107/0x167 [ 2676.308425] should_fail.cold+0x5/0xa [ 2676.309199] ? __kernfs_new_node+0xd4/0x850 [ 2676.310104] should_failslab+0x5/0x20 [ 2676.310870] kmem_cache_alloc+0x5b/0x310 [ 2676.311695] __kernfs_new_node+0xd4/0x850 [ 2676.312532] ? kernfs_add_one+0x36e/0x4d0 [ 2676.313372] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2676.314349] ? find_held_lock+0x2c/0x110 [ 2676.315176] ? kernfs_find_and_get_ns+0x55/0x70 [ 2676.316137] ? lock_downgrade+0x6d0/0x6d0 [ 2676.316991] ? kernfs_find_and_get_ns+0x21/0x70 [ 2676.317961] kernfs_new_node+0x93/0x120 [ 2676.318784] __kernfs_create_file+0x51/0x350 [ 2676.319679] sysfs_add_file_mode_ns+0x221/0x560 [ 2676.320631] sysfs_merge_group+0x198/0x320 [ 2676.321491] ? sysfs_update_group+0x30/0x30 [ 2676.322387] ? kernfs_put+0x31/0x50 [ 2676.323132] dpm_sysfs_add+0x249/0x290 [ 2676.323922] device_add+0x9b7/0x1bc0 [ 2676.324681] ? devlink_add_symlinks+0x970/0x970 [ 2676.325633] device_create_groups_vargs+0x207/0x280 [ 2676.326673] device_create+0xdc/0x120 [ 2676.327462] ? device_create_groups_vargs+0x280/0x280 [ 2676.328508] ? init_timer_key+0x12a/0x240 [ 2676.329375] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2676.330378] mac80211_hwsim_new_radio+0x352/0x4250 [ 2676.331378] ? ____sys_sendmsg+0x70d/0x870 [ 2676.332226] ? ___sys_sendmsg+0xf3/0x170 [ 2676.333041] ? __sys_sendmsg+0xe5/0x1b0 [ 2676.333858] ? do_syscall_64+0x33/0x40 [ 2676.334657] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2676.335734] ? lock_acquire+0x197/0x470 [ 2676.336543] ? create_object.isra.0+0x3ad/0xa20 [ 2676.337499] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2676.338472] hwsim_new_radio_nl+0x991/0x1080 [ 2676.339373] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2676.340438] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2676.341785] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2676.343108] genl_family_rcv_msg_doit+0x22d/0x330 [ 2676.344109] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2676.345434] ? cap_capable+0x1d6/0x240 [ 2676.346254] ? ns_capable+0xe2/0x110 [ 2676.347014] genl_rcv_msg+0x33c/0x5a0 [ 2676.347792] ? genl_get_cmd+0x480/0x480 [ 2676.348604] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2676.349649] ? lock_release+0x680/0x680 [ 2676.350476] ? netlink_deliver_tap+0xf4/0xcd0 [ 2676.351393] netlink_rcv_skb+0x14b/0x430 [ 2676.352214] ? genl_get_cmd+0x480/0x480 [ 2676.353022] ? netlink_ack+0xab0/0xab0 [ 2676.353830] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2676.354752] ? is_vmalloc_addr+0x7b/0xb0 [ 2676.355578] genl_rcv+0x24/0x40 [ 2676.356249] netlink_unicast+0x549/0x7f0 [ 2676.357074] ? netlink_attachskb+0x870/0x870 [ 2676.357967] ? __virt_addr_valid+0x128/0x350 [ 2676.358866] netlink_sendmsg+0x90f/0xdf0 [ 2676.359702] ? netlink_unicast+0x7f0/0x7f0 [ 2676.360574] ? netlink_unicast+0x7f0/0x7f0 [ 2676.361427] sock_sendmsg+0x154/0x190 [ 2676.362211] ____sys_sendmsg+0x70d/0x870 [ 2676.363027] ? kernel_sendmsg+0x50/0x50 [ 2676.363827] ? do_recvmmsg+0x6d0/0x6d0 [ 2676.364623] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2676.365685] ? lock_downgrade+0x6d0/0x6d0 [ 2676.366529] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2676.367590] ___sys_sendmsg+0xf3/0x170 [ 2676.368380] ? sendmsg_copy_msghdr+0x160/0x160 [ 2676.369312] ? lock_downgrade+0x6d0/0x6d0 [ 2676.370172] ? find_held_lock+0x2c/0x110 [ 2676.371005] ? __fget_files+0x296/0x4c0 [ 2676.371822] ? __fget_light+0xea/0x290 [ 2676.372619] __sys_sendmsg+0xe5/0x1b0 [ 2676.373387] ? __sys_sendmsg_sock+0x40/0x40 [ 2676.374272] ? rcu_read_lock_any_held+0x75/0xa0 [ 2676.375228] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2676.376292] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2676.377345] ? trace_hardirqs_on+0x5b/0x180 [ 2676.378229] do_syscall_64+0x33/0x40 [ 2676.378985] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2676.380041] RIP: 0033:0x7f09254a5b19 [ 2676.380804] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2676.384531] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2676.386073] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2676.387515] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2676.388955] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2676.390422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2676.391874] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:53:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf92f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:57 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2f0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:53:57 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40087602, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:53:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:53:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xf9fdffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:53:57 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 47) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2676.743937] FAULT_INJECTION: forcing a failure. [ 2676.743937] name failslab, interval 1, probability 0, space 0, times 0 07:53:57 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x8000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2676.746803] CPU: 1 PID: 14565 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2676.748405] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2676.750195] Call Trace: [ 2676.750768] dump_stack+0x107/0x167 [ 2676.751551] should_fail.cold+0x5/0xa [ 2676.752371] ? __kernfs_new_node+0xd4/0x850 [ 2676.753300] should_failslab+0x5/0x20 [ 2676.754129] kmem_cache_alloc+0x5b/0x310 [ 2676.755013] __kernfs_new_node+0xd4/0x850 [ 2676.755905] ? kernfs_add_one+0x36e/0x4d0 [ 2676.756801] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2676.757843] ? find_held_lock+0x2c/0x110 [ 2676.758721] ? kernfs_find_and_get_ns+0x55/0x70 [ 2676.759721] ? lock_downgrade+0x6d0/0x6d0 [ 2676.760613] ? kernfs_find_and_get_ns+0x21/0x70 [ 2676.761625] kernfs_new_node+0x93/0x120 [ 2676.762495] __kernfs_create_file+0x51/0x350 [ 2676.763451] sysfs_add_file_mode_ns+0x221/0x560 [ 2676.764459] sysfs_merge_group+0x198/0x320 [ 2676.765370] ? sysfs_update_group+0x30/0x30 [ 2676.766314] ? kernfs_put+0x31/0x50 [ 2676.767106] dpm_sysfs_add+0x249/0x290 [ 2676.767945] device_add+0x9b7/0x1bc0 [ 2676.768752] ? devlink_add_symlinks+0x970/0x970 [ 2676.769781] device_create_groups_vargs+0x207/0x280 [ 2676.770851] device_create+0xdc/0x120 [ 2676.771671] ? device_create_groups_vargs+0x280/0x280 [ 2676.772776] ? init_timer_key+0x12a/0x240 [ 2676.773682] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2676.774731] mac80211_hwsim_new_radio+0x352/0x4250 [ 2676.775777] ? ____sys_sendmsg+0x70d/0x870 [ 2676.776679] ? ___sys_sendmsg+0xf3/0x170 [ 2676.777545] ? __sys_sendmsg+0xe5/0x1b0 [ 2676.778415] ? do_syscall_64+0x33/0x40 [ 2676.779252] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2676.780392] ? lock_acquire+0x197/0x470 [ 2676.781242] ? create_object.isra.0+0x3ad/0xa20 [ 2676.782258] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2676.783266] hwsim_new_radio_nl+0x991/0x1080 [ 2676.784216] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2676.785338] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2676.786754] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2676.788154] genl_family_rcv_msg_doit+0x22d/0x330 [ 2676.789197] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2676.790634] ? cap_capable+0x1d6/0x240 [ 2676.791490] ? ns_capable+0xe2/0x110 [ 2676.792297] genl_rcv_msg+0x33c/0x5a0 [ 2676.793119] ? genl_get_cmd+0x480/0x480 [ 2676.793982] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2676.795091] ? lock_release+0x680/0x680 [ 2676.795940] ? netlink_deliver_tap+0xf4/0xcd0 [ 2676.796955] netlink_rcv_skb+0x14b/0x430 [ 2676.797841] ? genl_get_cmd+0x480/0x480 [ 2676.798690] ? netlink_ack+0xab0/0xab0 [ 2676.799531] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2676.800501] ? is_vmalloc_addr+0x7b/0xb0 [ 2676.801371] genl_rcv+0x24/0x40 [ 2676.802081] netlink_unicast+0x549/0x7f0 [ 2676.802953] ? netlink_attachskb+0x870/0x870 [ 2676.803886] ? __virt_addr_valid+0x128/0x350 [ 2676.804835] netlink_sendmsg+0x90f/0xdf0 [ 2676.805714] ? netlink_unicast+0x7f0/0x7f0 [ 2676.806629] ? netlink_unicast+0x7f0/0x7f0 [ 2676.807526] sock_sendmsg+0x154/0x190 [ 2676.808335] ____sys_sendmsg+0x70d/0x870 [ 2676.809200] ? kernel_sendmsg+0x50/0x50 [ 2676.810056] ? do_recvmmsg+0x6d0/0x6d0 [ 2676.810887] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2676.812000] ? lock_downgrade+0x6d0/0x6d0 [ 2676.812888] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2676.814018] ___sys_sendmsg+0xf3/0x170 [ 2676.814846] ? sendmsg_copy_msghdr+0x160/0x160 [ 2676.815825] ? lock_downgrade+0x6d0/0x6d0 [ 2676.816707] ? find_held_lock+0x2c/0x110 [ 2676.817580] ? __fget_files+0x296/0x4c0 [ 2676.818451] ? __fget_light+0xea/0x290 [ 2676.819285] __sys_sendmsg+0xe5/0x1b0 [ 2676.820094] ? __sys_sendmsg_sock+0x40/0x40 [ 2676.821009] ? rcu_read_lock_any_held+0x75/0xa0 [ 2676.822027] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2676.823164] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2676.824273] ? trace_hardirqs_on+0x5b/0x180 [ 2676.825244] do_syscall_64+0x33/0x40 [ 2676.826068] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2676.827238] RIP: 0033:0x7f09254a5b19 [ 2676.828036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2676.832270] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2676.833897] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2676.835421] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2676.836936] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2676.838473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2676.839992] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:53:57 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x7400, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:53:57 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2f1, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:12 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 48) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:12 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4020940d, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:12 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:12 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 22) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:12 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:54:12 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfc2f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:12 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1f2f2, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:12 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x7a00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2691.929935] FAULT_INJECTION: forcing a failure. [ 2691.929935] name failslab, interval 1, probability 0, space 0, times 0 [ 2691.932561] CPU: 1 PID: 14592 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2691.933959] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2691.935621] Call Trace: 07:54:12 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) [ 2691.936158] dump_stack+0x107/0x167 [ 2691.936988] should_fail.cold+0x5/0xa [ 2691.937748] ? __kernfs_new_node+0xd4/0x850 [ 2691.938625] should_failslab+0x5/0x20 [ 2691.939409] kmem_cache_alloc+0x5b/0x310 [ 2691.940206] __kernfs_new_node+0xd4/0x850 [ 2691.941021] ? find_held_lock+0x2c/0x110 [ 2691.941848] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2691.942793] ? kernfs_add_one+0x36e/0x4d0 [ 2691.943631] ? mutex_lock_io_nested+0xf30/0xf30 [ 2691.944532] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2691.945467] kernfs_create_dir_ns+0x9c/0x230 [ 2691.946350] internal_create_group+0x793/0xb30 [ 2691.947258] ? sysfs_remove_group+0x170/0x170 [ 2691.948139] ? kernfs_put+0x31/0x50 [ 2691.948849] dpm_sysfs_add+0x82/0x290 [ 2691.949582] device_add+0x9b7/0x1bc0 [ 2691.950341] ? devlink_add_symlinks+0x970/0x970 [ 2691.951251] device_create_groups_vargs+0x207/0x280 [ 2691.952252] device_create+0xdc/0x120 [ 2691.953015] ? device_create_groups_vargs+0x280/0x280 [ 2691.954015] ? init_timer_key+0x12a/0x240 [ 2691.954851] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2691.955836] mac80211_hwsim_new_radio+0x352/0x4250 [ 2691.956821] ? ____sys_sendmsg+0x70d/0x870 [ 2691.957670] ? ___sys_sendmsg+0xf3/0x170 [ 2691.958499] ? __sys_sendmsg+0xe5/0x1b0 [ 2691.959301] ? do_syscall_64+0x33/0x40 [ 2691.960082] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2691.961155] ? lock_acquire+0x197/0x470 [ 2691.961961] ? create_object.isra.0+0x3ad/0xa20 [ 2691.962908] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2691.963856] hwsim_new_radio_nl+0x991/0x1080 [ 2691.964761] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2691.965817] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2691.967176] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2691.968496] genl_family_rcv_msg_doit+0x22d/0x330 [ 2691.969486] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2691.970843] ? cap_capable+0x1d6/0x240 [ 2691.971642] ? ns_capable+0xe2/0x110 [ 2691.972403] genl_rcv_msg+0x33c/0x5a0 [ 2691.973178] ? genl_get_cmd+0x480/0x480 [ 2691.973991] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2691.975035] ? lock_release+0x680/0x680 [ 2691.975836] ? netlink_deliver_tap+0xf4/0xcd0 [ 2691.976747] netlink_rcv_skb+0x14b/0x430 [ 2691.977572] ? genl_get_cmd+0x480/0x480 [ 2691.978392] ? netlink_ack+0xab0/0xab0 [ 2691.979191] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2691.980124] ? is_vmalloc_addr+0x7b/0xb0 [ 2691.980975] genl_rcv+0x24/0x40 [ 2691.981655] netlink_unicast+0x549/0x7f0 [ 2691.982498] ? netlink_attachskb+0x870/0x870 [ 2691.983386] ? __virt_addr_valid+0x128/0x350 [ 2691.984294] netlink_sendmsg+0x90f/0xdf0 [ 2691.985122] ? netlink_unicast+0x7f0/0x7f0 [ 2691.986010] ? netlink_unicast+0x7f0/0x7f0 [ 2691.986871] sock_sendmsg+0x154/0x190 [ 2691.987648] ____sys_sendmsg+0x70d/0x870 [ 2691.988471] ? kernel_sendmsg+0x50/0x50 [ 2691.989268] ? do_recvmmsg+0x6d0/0x6d0 [ 2691.990068] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2691.991127] ? lock_downgrade+0x6d0/0x6d0 [ 2691.991966] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2691.993026] ___sys_sendmsg+0xf3/0x170 [ 2691.993813] ? sendmsg_copy_msghdr+0x160/0x160 [ 2691.994750] ? lock_downgrade+0x6d0/0x6d0 [ 2691.995590] ? find_held_lock+0x2c/0x110 [ 2691.996428] ? __fget_files+0x296/0x4c0 [ 2691.997244] ? __fget_light+0xea/0x290 [ 2691.998050] __sys_sendmsg+0xe5/0x1b0 [ 2691.998819] ? __sys_sendmsg_sock+0x40/0x40 [ 2691.999689] ? rcu_read_lock_any_held+0x75/0xa0 [ 2692.000647] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2692.001716] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2692.002778] ? trace_hardirqs_on+0x5b/0x180 [ 2692.003651] do_syscall_64+0x33/0x40 [ 2692.004411] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2692.005447] RIP: 0033:0x7f09254a5b19 [ 2692.006218] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2692.009929] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2692.011466] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2692.012904] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2692.014353] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2692.015792] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2692.017233] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2692.035862] FAULT_INJECTION: forcing a failure. [ 2692.035862] name failslab, interval 1, probability 0, space 0, times 0 [ 2692.037788] CPU: 0 PID: 14602 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2692.038893] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2692.039985] Call Trace: [ 2692.040331] dump_stack+0x107/0x167 [ 2692.040783] should_fail.cold+0x5/0xa [ 2692.041277] ? relay_open+0xb3/0xa10 [ 2692.041747] should_failslab+0x5/0x20 [ 2692.042218] kmem_cache_alloc_trace+0x55/0x320 [ 2692.042764] ? do_raw_spin_unlock+0x4f/0x220 [ 2692.043290] relay_open+0xb3/0xa10 [ 2692.043723] do_blk_trace_setup+0x4cf/0xc10 [ 2692.044251] ? _copy_from_user+0xfb/0x1b0 [ 2692.044747] __blk_trace_setup+0xca/0x180 [ 2692.045244] ? do_blk_trace_setup+0xc10/0xc10 [ 2692.045776] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2692.046419] blk_trace_ioctl+0x155/0x290 [ 2692.046915] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2692.047501] ? do_vfs_ioctl+0x283/0x10d0 [ 2692.047987] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2692.048612] ? generic_block_fiemap+0x60/0x60 [ 2692.049149] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2692.049725] blkdev_ioctl+0xc1/0x710 [ 2692.050194] ? blkdev_common_ioctl+0x1870/0x1870 [ 2692.050764] ? selinux_file_ioctl+0xb6/0x270 [ 2692.051302] block_ioctl+0xf9/0x140 [ 2692.051736] ? blkdev_read_iter+0x1c0/0x1c0 [ 2692.052249] __x64_sys_ioctl+0x19a/0x210 [ 2692.052739] do_syscall_64+0x33/0x40 [ 2692.053189] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2692.053796] RIP: 0033:0x7fbe5aa67b19 [ 2692.054251] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2692.056372] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2692.057291] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2692.058147] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2692.058993] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2692.059841] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2692.060692] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:54:13 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfcfdffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:13 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80081270, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:13 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:54:13 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x910b, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:13 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 23) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:13 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 49) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:13 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:13 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x30000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2692.310983] FAULT_INJECTION: forcing a failure. [ 2692.310983] name failslab, interval 1, probability 0, space 0, times 0 [ 2692.312244] CPU: 0 PID: 14627 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2692.312997] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2692.313901] Call Trace: [ 2692.314191] dump_stack+0x107/0x167 [ 2692.314580] should_fail.cold+0x5/0xa [ 2692.314986] ? create_object.isra.0+0x3a/0xa20 [ 2692.315478] should_failslab+0x5/0x20 [ 2692.315890] kmem_cache_alloc+0x5b/0x310 [ 2692.316338] create_object.isra.0+0x3a/0xa20 [ 2692.316817] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2692.317375] kmem_cache_alloc+0x159/0x310 [ 2692.317833] __kernfs_new_node+0xd4/0x850 [ 2692.318299] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2692.318793] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2692.319315] ? wait_for_completion_io+0x270/0x270 [ 2692.319830] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2692.320356] kernfs_new_node+0x93/0x120 [ 2692.320815] __kernfs_create_file+0x51/0x350 [ 2692.321322] sysfs_add_file_mode_ns+0x221/0x560 [ 2692.321854] sysfs_merge_group+0x198/0x320 [ 2692.322348] ? sysfs_update_group+0x30/0x30 [ 2692.322844] ? kernfs_put+0x31/0x50 [ 2692.323259] dpm_sysfs_add+0x249/0x290 [ 2692.323697] device_add+0x9b7/0x1bc0 [ 2692.324121] ? devlink_add_symlinks+0x970/0x970 [ 2692.324659] device_create_groups_vargs+0x207/0x280 [ 2692.325227] device_create+0xdc/0x120 [ 2692.325665] ? device_create_groups_vargs+0x280/0x280 [ 2692.326264] ? init_timer_key+0x12a/0x240 [ 2692.326744] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2692.327301] mac80211_hwsim_new_radio+0x352/0x4250 [ 2692.327859] ? ____sys_sendmsg+0x70d/0x870 [ 2692.328332] ? ___sys_sendmsg+0xf3/0x170 [ 2692.328790] ? __sys_sendmsg+0xe5/0x1b0 [ 2692.329241] ? do_syscall_64+0x33/0x40 [ 2692.329689] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2692.330308] ? lock_acquire+0x197/0x470 [ 2692.330768] ? create_object.isra.0+0x3ad/0xa20 [ 2692.331309] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2692.331846] hwsim_new_radio_nl+0x991/0x1080 [ 2692.332351] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2692.332949] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2692.333708] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2692.334462] genl_family_rcv_msg_doit+0x22d/0x330 [ 2692.335018] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2692.335765] ? cap_capable+0x1d6/0x240 [ 2692.336216] ? ns_capable+0xe2/0x110 [ 2692.336643] genl_rcv_msg+0x33c/0x5a0 [ 2692.337079] ? genl_get_cmd+0x480/0x480 [ 2692.337529] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2692.338132] ? lock_release+0x680/0x680 [ 2692.338595] ? netlink_deliver_tap+0xf4/0xcd0 [ 2692.339110] netlink_rcv_skb+0x14b/0x430 [ 2692.339575] ? genl_get_cmd+0x480/0x480 [ 2692.340024] ? netlink_ack+0xab0/0xab0 [ 2692.340478] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2692.341001] ? is_vmalloc_addr+0x7b/0xb0 [ 2692.341468] genl_rcv+0x24/0x40 [ 2692.341848] netlink_unicast+0x549/0x7f0 [ 2692.342316] ? netlink_attachskb+0x870/0x870 [ 2692.342817] ? __virt_addr_valid+0x128/0x350 [ 2692.343257] netlink_sendmsg+0x90f/0xdf0 [ 2692.343735] ? netlink_unicast+0x7f0/0x7f0 [ 2692.344213] ? netlink_unicast+0x7f0/0x7f0 [ 2692.344698] sock_sendmsg+0x154/0x190 [ 2692.345139] ____sys_sendmsg+0x70d/0x870 [ 2692.345606] ? kernel_sendmsg+0x50/0x50 [ 2692.346063] ? do_recvmmsg+0x6d0/0x6d0 [ 2692.346507] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2692.347110] ? lock_downgrade+0x6d0/0x6d0 [ 2692.347579] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2692.348180] ___sys_sendmsg+0xf3/0x170 [ 2692.348625] ? sendmsg_copy_msghdr+0x160/0x160 [ 2692.349146] ? lock_downgrade+0x6d0/0x6d0 [ 2692.349616] ? find_held_lock+0x2c/0x110 [ 2692.350094] ? __fget_files+0x296/0x4c0 [ 2692.350547] ? __fget_light+0xea/0x290 [ 2692.350990] __sys_sendmsg+0xe5/0x1b0 [ 2692.351418] ? __sys_sendmsg_sock+0x40/0x40 [ 2692.351911] ? rcu_read_lock_any_held+0x75/0xa0 [ 2692.352448] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2692.353043] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2692.353630] ? trace_hardirqs_on+0x5b/0x180 [ 2692.354124] do_syscall_64+0x33/0x40 [ 2692.354552] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2692.355127] RIP: 0033:0x7f09254a5b19 [ 2692.355547] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2692.357660] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2692.358529] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2692.359347] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2692.360052] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2692.360865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2692.361573] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2692.393676] FAULT_INJECTION: forcing a failure. [ 2692.393676] name failslab, interval 1, probability 0, space 0, times 0 [ 2692.395064] CPU: 0 PID: 14632 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2692.395853] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2692.396795] Call Trace: [ 2692.397100] dump_stack+0x107/0x167 [ 2692.397517] should_fail.cold+0x5/0xa [ 2692.397982] ? create_object.isra.0+0x3a/0xa20 [ 2692.398506] should_failslab+0x5/0x20 [ 2692.398946] kmem_cache_alloc+0x5b/0x310 [ 2692.399410] create_object.isra.0+0x3a/0xa20 [ 2692.399907] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2692.400484] kmem_cache_alloc_trace+0x151/0x320 [ 2692.401012] relay_open+0xb3/0xa10 [ 2692.401415] do_blk_trace_setup+0x4cf/0xc10 [ 2692.401910] ? _copy_from_user+0xfb/0x1b0 [ 2692.402377] __blk_trace_setup+0xca/0x180 [ 2692.402843] ? do_blk_trace_setup+0xc10/0xc10 [ 2692.403358] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2692.403887] blk_trace_ioctl+0x155/0x290 [ 2692.404361] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2692.404921] ? do_vfs_ioctl+0x283/0x10d0 [ 2692.405382] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2692.405986] ? generic_block_fiemap+0x60/0x60 [ 2692.406488] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2692.407036] blkdev_ioctl+0xc1/0x710 [ 2692.407458] ? blkdev_common_ioctl+0x1870/0x1870 [ 2692.407990] ? selinux_file_ioctl+0xb6/0x270 [ 2692.408497] block_ioctl+0xf9/0x140 [ 2692.408911] ? blkdev_read_iter+0x1c0/0x1c0 [ 2692.409397] __x64_sys_ioctl+0x19a/0x210 [ 2692.409858] do_syscall_64+0x33/0x40 [ 2692.410294] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2692.410863] RIP: 0033:0x7fbe5aa67b19 [ 2692.411283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2692.413092] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2692.413848] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2692.414556] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2692.415324] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2692.416035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2692.416736] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:54:27 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfd2f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:27 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:27 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 24) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:27 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xcd03, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:27 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80081272, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:27 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x34000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:27 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 50) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:27 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfdfdffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2706.587522] FAULT_INJECTION: forcing a failure. [ 2706.587522] name failslab, interval 1, probability 0, space 0, times 0 [ 2706.590348] CPU: 1 PID: 14669 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2706.591752] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2706.593418] Call Trace: [ 2706.593955] dump_stack+0x107/0x167 [ 2706.594702] should_fail.cold+0x5/0xa [ 2706.595474] ? create_object.isra.0+0x3a/0xa20 [ 2706.596417] should_failslab+0x5/0x20 [ 2706.597196] kmem_cache_alloc+0x5b/0x310 [ 2706.598030] create_object.isra.0+0x3a/0xa20 [ 2706.598972] kmemleak_alloc_percpu+0xa0/0x100 [ 2706.599902] pcpu_alloc+0x4e2/0x1240 [ 2706.600694] relay_open+0xd8/0xa10 [ 2706.601442] do_blk_trace_setup+0x4cf/0xc10 [ 2706.602350] ? _copy_from_user+0xfb/0x1b0 [ 2706.603203] __blk_trace_setup+0xca/0x180 [ 2706.604042] ? do_blk_trace_setup+0xc10/0xc10 [ 2706.604964] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2706.606043] blk_trace_ioctl+0x155/0x290 [ 2706.606900] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2706.607893] ? do_vfs_ioctl+0x283/0x10d0 [ 2706.608725] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2706.609785] ? generic_block_fiemap+0x60/0x60 [ 2706.610722] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2706.611707] blkdev_ioctl+0xc1/0x710 [ 2706.612471] ? blkdev_common_ioctl+0x1870/0x1870 [ 2706.613432] ? selinux_file_ioctl+0xb6/0x270 [ 2706.614348] block_ioctl+0xf9/0x140 [ 2706.615082] ? blkdev_read_iter+0x1c0/0x1c0 [ 2706.615946] __x64_sys_ioctl+0x19a/0x210 [ 2706.616777] do_syscall_64+0x33/0x40 [ 2706.617534] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2706.618585] RIP: 0033:0x7fbe5aa67b19 [ 2706.619357] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2706.623103] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2706.624645] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2706.626104] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2706.627550] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2706.628990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2706.630442] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2706.644485] FAULT_INJECTION: forcing a failure. [ 2706.644485] name failslab, interval 1, probability 0, space 0, times 0 [ 2706.646899] CPU: 1 PID: 14667 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2706.648324] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2706.650023] Call Trace: [ 2706.650572] dump_stack+0x107/0x167 [ 2706.651319] should_fail.cold+0x5/0xa [ 2706.652106] ? __kernfs_new_node+0xd4/0x850 [ 2706.652987] should_failslab+0x5/0x20 [ 2706.653771] kmem_cache_alloc+0x5b/0x310 [ 2706.654637] __kernfs_new_node+0xd4/0x850 [ 2706.655491] ? kernfs_add_one+0x36e/0x4d0 [ 2706.656341] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2706.657297] ? find_held_lock+0x2c/0x110 [ 2706.658135] ? kernfs_find_and_get_ns+0x55/0x70 [ 2706.659076] ? lock_downgrade+0x6d0/0x6d0 [ 2706.659913] ? kernfs_find_and_get_ns+0x21/0x70 [ 2706.660867] kernfs_new_node+0x93/0x120 [ 2706.661679] __kernfs_create_file+0x51/0x350 [ 2706.662597] sysfs_add_file_mode_ns+0x221/0x560 [ 2706.663544] sysfs_merge_group+0x198/0x320 [ 2706.664413] ? sysfs_update_group+0x30/0x30 [ 2706.665301] ? kernfs_put+0x31/0x50 [ 2706.666045] dpm_sysfs_add+0x249/0x290 [ 2706.666846] device_add+0x9b7/0x1bc0 [ 2706.667619] ? devlink_add_symlinks+0x970/0x970 [ 2706.668580] device_create_groups_vargs+0x207/0x280 [ 2706.669602] device_create+0xdc/0x120 [ 2706.670406] ? device_create_groups_vargs+0x280/0x280 [ 2706.671464] ? init_timer_key+0x12a/0x240 [ 2706.672320] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2706.673313] mac80211_hwsim_new_radio+0x352/0x4250 [ 2706.674310] ? ____sys_sendmsg+0x70d/0x870 [ 2706.675164] ? ___sys_sendmsg+0xf3/0x170 [ 2706.675982] ? __sys_sendmsg+0xe5/0x1b0 [ 2706.676789] ? do_syscall_64+0x33/0x40 [ 2706.677581] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2706.678659] ? lock_acquire+0x197/0x470 [ 2706.679466] ? create_object.isra.0+0x3ad/0xa20 [ 2706.680425] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2706.681385] hwsim_new_radio_nl+0x991/0x1080 [ 2706.682301] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2706.683372] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2706.684709] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2706.686036] genl_family_rcv_msg_doit+0x22d/0x330 [ 2706.687025] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2706.688358] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2706.689417] ? cap_capable+0x1d6/0x240 [ 2706.690237] ? ns_capable+0xe2/0x110 [ 2706.690999] genl_rcv_msg+0x33c/0x5a0 [ 2706.691779] ? genl_get_cmd+0x480/0x480 [ 2706.692591] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2706.693641] ? lock_release+0x680/0x680 [ 2706.694452] ? netlink_deliver_tap+0xf4/0xcd0 [ 2706.695366] netlink_rcv_skb+0x14b/0x430 [ 2706.696190] ? genl_get_cmd+0x480/0x480 [ 2706.696998] ? netlink_ack+0xab0/0xab0 [ 2706.697798] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2706.698735] ? is_vmalloc_addr+0x7b/0xb0 [ 2706.699564] genl_rcv+0x24/0x40 [ 2706.700235] netlink_unicast+0x549/0x7f0 [ 2706.701066] ? netlink_attachskb+0x870/0x870 [ 2706.701950] ? __virt_addr_valid+0x128/0x350 [ 2706.702866] netlink_sendmsg+0x90f/0xdf0 [ 2706.703694] ? netlink_unicast+0x7f0/0x7f0 [ 2706.704558] ? netlink_unicast+0x7f0/0x7f0 [ 2706.705407] sock_sendmsg+0x154/0x190 [ 2706.706179] ____sys_sendmsg+0x70d/0x870 [ 2706.706996] ? kernel_sendmsg+0x50/0x50 [ 2706.707789] ? do_recvmmsg+0x6d0/0x6d0 [ 2706.708576] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2706.709628] ? lock_downgrade+0x6d0/0x6d0 [ 2706.710486] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2706.711534] ___sys_sendmsg+0xf3/0x170 [ 2706.712333] ? sendmsg_copy_msghdr+0x160/0x160 [ 2706.713250] ? lock_downgrade+0x6d0/0x6d0 [ 2706.714095] ? find_held_lock+0x2c/0x110 [ 2706.714922] ? __fget_files+0x296/0x4c0 [ 2706.715741] ? __fget_light+0xea/0x290 [ 2706.716523] __sys_sendmsg+0xe5/0x1b0 [ 2706.717295] ? __sys_sendmsg_sock+0x40/0x40 [ 2706.718180] ? rcu_read_lock_any_held+0x75/0xa0 [ 2706.719143] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2706.720186] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2706.721226] ? trace_hardirqs_on+0x5b/0x180 [ 2706.722100] do_syscall_64+0x33/0x40 [ 2706.722871] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2706.723897] RIP: 0033:0x7f09254a5b19 [ 2706.724659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2706.728323] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2706.729848] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2706.731292] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2706.732730] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2706.734174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2706.735607] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:54:27 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x80000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:27 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xda01, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:27 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80086601, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:27 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x400300, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:27 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 25) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:27 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) [ 2707.001970] FAULT_INJECTION: forcing a failure. [ 2707.001970] name failslab, interval 1, probability 0, space 0, times 0 [ 2707.004360] CPU: 1 PID: 14696 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2707.005708] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2707.007342] Call Trace: [ 2707.007871] dump_stack+0x107/0x167 [ 2707.008595] should_fail.cold+0x5/0xa [ 2707.009342] ? create_object.isra.0+0x3a/0xa20 [ 2707.010244] should_failslab+0x5/0x20 [ 2707.010986] kmem_cache_alloc+0x5b/0x310 [ 2707.011784] ? mark_held_locks+0x9e/0xe0 [ 2707.012589] create_object.isra.0+0x3a/0xa20 [ 2707.013454] kmemleak_alloc_percpu+0xa0/0x100 [ 2707.014390] pcpu_alloc+0x4e2/0x1240 [ 2707.015141] relay_open+0xd8/0xa10 [ 2707.015849] do_blk_trace_setup+0x4cf/0xc10 [ 2707.016743] ? _copy_from_user+0xfb/0x1b0 [ 2707.017557] __blk_trace_setup+0xca/0x180 [ 2707.018409] ? do_blk_trace_setup+0xc10/0xc10 [ 2707.019322] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2707.020404] blk_trace_ioctl+0x155/0x290 [ 2707.021231] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2707.022238] ? do_vfs_ioctl+0x283/0x10d0 [ 2707.023062] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2707.024119] ? generic_block_fiemap+0x60/0x60 [ 2707.025032] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2707.026010] blkdev_ioctl+0xc1/0x710 [ 2707.026772] ? blkdev_common_ioctl+0x1870/0x1870 [ 2707.027732] ? selinux_file_ioctl+0xb6/0x270 [ 2707.028632] block_ioctl+0xf9/0x140 [ 2707.029368] ? blkdev_read_iter+0x1c0/0x1c0 [ 2707.030246] __x64_sys_ioctl+0x19a/0x210 [ 2707.031071] do_syscall_64+0x33/0x40 [ 2707.031828] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2707.032863] RIP: 0033:0x7fbe5aa67b19 [ 2707.033619] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2707.037341] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2707.038887] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2707.040333] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2707.041772] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2707.043227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2707.044669] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:54:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfe2f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:41 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xf403, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:41 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x20000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:41 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:41 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 51) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:41 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf0ffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:41 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80087601, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:41 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 26) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2720.603850] FAULT_INJECTION: forcing a failure. [ 2720.603850] name failslab, interval 1, probability 0, space 0, times 0 [ 2720.606487] CPU: 1 PID: 14728 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2720.607905] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2720.609608] Call Trace: [ 2720.610159] dump_stack+0x107/0x167 [ 2720.610923] should_fail.cold+0x5/0xa [ 2720.611703] ? relay_open_buf.part.0+0x91/0xc00 [ 2720.612662] should_failslab+0x5/0x20 [ 2720.613446] kmem_cache_alloc_trace+0x55/0x320 [ 2720.614403] relay_open_buf.part.0+0x91/0xc00 [ 2720.615315] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 2720.616369] relay_open+0x531/0xa10 [ 2720.617114] do_blk_trace_setup+0x4cf/0xc10 [ 2720.617986] ? _copy_from_user+0xfb/0x1b0 [ 2720.618834] __blk_trace_setup+0xca/0x180 [ 2720.619674] ? do_blk_trace_setup+0xc10/0xc10 [ 2720.620588] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2720.621660] blk_trace_ioctl+0x155/0x290 [ 2720.622498] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2720.623484] ? do_vfs_ioctl+0x283/0x10d0 [ 2720.624310] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2720.625374] ? generic_block_fiemap+0x60/0x60 [ 2720.626299] ? __mutex_unlock_slowpath+0xe1/0x600 07:54:41 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) [ 2720.627315] blkdev_ioctl+0xc1/0x710 [ 2720.628227] ? blkdev_common_ioctl+0x1870/0x1870 [ 2720.629191] ? selinux_file_ioctl+0xb6/0x270 [ 2720.630082] block_ioctl+0xf9/0x140 [ 2720.630831] ? blkdev_read_iter+0x1c0/0x1c0 [ 2720.631700] __x64_sys_ioctl+0x19a/0x210 [ 2720.632523] do_syscall_64+0x33/0x40 [ 2720.633281] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2720.634319] RIP: 0033:0x7fbe5aa67b19 [ 2720.635074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2720.638801] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2720.640355] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2720.641808] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2720.643281] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2720.644720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2720.646160] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:54:41 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfeffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2720.706989] FAULT_INJECTION: forcing a failure. [ 2720.706989] name failslab, interval 1, probability 0, space 0, times 0 [ 2720.709606] CPU: 1 PID: 14731 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2720.711010] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2720.712697] Call Trace: [ 2720.713237] dump_stack+0x107/0x167 [ 2720.713973] should_fail.cold+0x5/0xa [ 2720.714749] ? create_object.isra.0+0x3a/0xa20 [ 2720.715674] should_failslab+0x5/0x20 [ 2720.716448] kmem_cache_alloc+0x5b/0x310 [ 2720.717280] create_object.isra.0+0x3a/0xa20 [ 2720.718191] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2720.719248] kmem_cache_alloc+0x159/0x310 [ 2720.720091] __kernfs_new_node+0xd4/0x850 [ 2720.720937] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2720.721907] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2720.722893] ? wait_for_completion_io+0x270/0x270 [ 2720.723889] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2720.724975] kernfs_new_node+0x93/0x120 [ 2720.725777] __kernfs_create_file+0x51/0x350 [ 2720.726658] sysfs_add_file_mode_ns+0x221/0x560 [ 2720.727583] sysfs_merge_group+0x198/0x320 [ 2720.728426] ? sysfs_update_group+0x30/0x30 [ 2720.729309] ? kernfs_put+0x31/0x50 [ 2720.730034] dpm_sysfs_add+0x249/0x290 [ 2720.730830] device_add+0x9b7/0x1bc0 [ 2720.731578] ? devlink_add_symlinks+0x970/0x970 [ 2720.732505] device_create_groups_vargs+0x207/0x280 [ 2720.733491] device_create+0xdc/0x120 [ 2720.734246] ? device_create_groups_vargs+0x280/0x280 [ 2720.735271] ? init_timer_key+0x12a/0x240 [ 2720.736097] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2720.737063] mac80211_hwsim_new_radio+0x352/0x4250 [ 2720.738022] ? ____sys_sendmsg+0x70d/0x870 [ 2720.738895] ? ___sys_sendmsg+0xf3/0x170 [ 2720.739695] ? __sys_sendmsg+0xe5/0x1b0 [ 2720.740483] ? do_syscall_64+0x33/0x40 [ 2720.741264] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2720.742332] ? lock_acquire+0x197/0x470 [ 2720.743113] ? create_object.isra.0+0x3ad/0xa20 [ 2720.744041] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2720.744984] hwsim_new_radio_nl+0x991/0x1080 [ 2720.745862] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2720.746907] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2720.748209] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2720.749503] genl_family_rcv_msg_doit+0x22d/0x330 [ 2720.750484] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2720.751783] ? cap_capable+0x1d6/0x240 [ 2720.752573] ? ns_capable+0xe2/0x110 [ 2720.753333] genl_rcv_msg+0x33c/0x5a0 [ 2720.754102] ? genl_get_cmd+0x480/0x480 [ 2720.754910] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2720.755936] ? lock_release+0x680/0x680 [ 2720.756738] ? netlink_deliver_tap+0xf4/0xcd0 [ 2720.757636] netlink_rcv_skb+0x14b/0x430 [ 2720.758484] ? genl_get_cmd+0x480/0x480 [ 2720.759284] ? netlink_ack+0xab0/0xab0 [ 2720.760119] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2720.761035] ? is_vmalloc_addr+0x7b/0xb0 [ 2720.761883] genl_rcv+0x24/0x40 [ 2720.762563] netlink_unicast+0x549/0x7f0 [ 2720.763386] ? netlink_attachskb+0x870/0x870 [ 2720.764302] ? __virt_addr_valid+0x128/0x350 [ 2720.765200] netlink_sendmsg+0x90f/0xdf0 [ 2720.766052] ? netlink_unicast+0x7f0/0x7f0 [ 2720.766930] ? netlink_unicast+0x7f0/0x7f0 [ 2720.767798] sock_sendmsg+0x154/0x190 [ 2720.768568] ____sys_sendmsg+0x70d/0x870 [ 2720.769412] ? kernel_sendmsg+0x50/0x50 [ 2720.770211] ? do_recvmmsg+0x6d0/0x6d0 [ 2720.771031] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2720.772092] ? lock_downgrade+0x6d0/0x6d0 [ 2720.772931] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2720.773992] ___sys_sendmsg+0xf3/0x170 [ 2720.774793] ? sendmsg_copy_msghdr+0x160/0x160 [ 2720.775719] ? lock_downgrade+0x6d0/0x6d0 [ 2720.776556] ? find_held_lock+0x2c/0x110 [ 2720.777384] ? __fget_files+0x296/0x4c0 [ 2720.778193] ? __fget_light+0xea/0x290 [ 2720.778991] __sys_sendmsg+0xe5/0x1b0 [ 2720.779758] ? __sys_sendmsg_sock+0x40/0x40 [ 2720.780632] ? rcu_read_lock_any_held+0x75/0xa0 [ 2720.781586] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2720.782648] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2720.783687] ? trace_hardirqs_on+0x5b/0x180 [ 2720.784562] do_syscall_64+0x33/0x40 [ 2720.785319] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2720.786374] RIP: 0033:0x7f09254a5b19 [ 2720.787126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2720.790842] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2720.792376] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2720.793812] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2720.795270] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2720.796704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2720.798141] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:54:57 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x2aeae28a, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:57 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xf503, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:57 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x1000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:57 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 27) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:57 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0045878, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2736.603248] FAULT_INJECTION: forcing a failure. [ 2736.603248] name failslab, interval 1, probability 0, space 0, times 0 [ 2736.604898] CPU: 0 PID: 14762 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2736.605709] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2736.606689] Call Trace: [ 2736.607009] dump_stack+0x107/0x167 [ 2736.607447] should_fail.cold+0x5/0xa [ 2736.607912] ? create_object.isra.0+0x3a/0xa20 [ 2736.608461] should_failslab+0x5/0x20 [ 2736.608917] kmem_cache_alloc+0x5b/0x310 [ 2736.609421] create_object.isra.0+0x3a/0xa20 [ 2736.609945] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2736.610566] kmem_cache_alloc_trace+0x151/0x320 [ 2736.611129] relay_open_buf.part.0+0x91/0xc00 [ 2736.611662] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 2736.612286] relay_open+0x531/0xa10 [ 2736.612717] do_blk_trace_setup+0x4cf/0xc10 [ 2736.613236] ? _copy_from_user+0xfb/0x1b0 [ 2736.613733] __blk_trace_setup+0xca/0x180 [ 2736.614224] ? do_blk_trace_setup+0xc10/0xc10 [ 2736.614771] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2736.615401] blk_trace_ioctl+0x155/0x290 [ 2736.615885] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2736.616461] ? do_vfs_ioctl+0x283/0x10d0 [ 2736.616937] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2736.617543] ? generic_block_fiemap+0x60/0x60 [ 2736.618068] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2736.618642] blkdev_ioctl+0xc1/0x710 [ 2736.619081] ? blkdev_common_ioctl+0x1870/0x1870 [ 2736.619638] ? selinux_file_ioctl+0xb6/0x270 [ 2736.620160] block_ioctl+0xf9/0x140 [ 2736.620616] ? blkdev_read_iter+0x1c0/0x1c0 [ 2736.621125] __x64_sys_ioctl+0x19a/0x210 [ 2736.621620] do_syscall_64+0x33/0x40 [ 2736.622065] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2736.622708] RIP: 0033:0x7fbe5aa67b19 [ 2736.623156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2736.625367] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2736.626271] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2736.627142] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2736.627981] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2736.628818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2736.629684] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2736.639882] FAULT_INJECTION: forcing a failure. [ 2736.639882] name failslab, interval 1, probability 0, space 0, times 0 [ 2736.641302] CPU: 0 PID: 14769 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2736.642109] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2736.643088] Call Trace: [ 2736.643399] dump_stack+0x107/0x167 [ 2736.643820] should_fail.cold+0x5/0xa [ 2736.644276] ? __kernfs_new_node+0xd4/0x850 [ 2736.644777] should_failslab+0x5/0x20 [ 2736.645224] kmem_cache_alloc+0x5b/0x310 [ 2736.645703] __kernfs_new_node+0xd4/0x850 [ 2736.646207] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2736.646789] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2736.647368] ? wait_for_completion_io+0x270/0x270 [ 2736.647938] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2736.648553] kernfs_new_node+0x93/0x120 [ 2736.649052] __kernfs_create_file+0x51/0x350 [ 2736.649576] sysfs_add_file_mode_ns+0x221/0x560 [ 2736.650149] sysfs_merge_group+0x198/0x320 [ 2736.650681] ? sysfs_update_group+0x30/0x30 [ 2736.651206] ? kernfs_put+0x31/0x50 [ 2736.651652] dpm_sysfs_add+0x249/0x290 [ 2736.652125] device_add+0x9b7/0x1bc0 [ 2736.652589] ? devlink_add_symlinks+0x970/0x970 [ 2736.653165] device_create_groups_vargs+0x207/0x280 [ 2736.653775] device_create+0xdc/0x120 [ 2736.654239] ? device_create_groups_vargs+0x280/0x280 [ 2736.654892] ? init_timer_key+0x12a/0x240 [ 2736.655425] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2736.656000] mac80211_hwsim_new_radio+0x352/0x4250 [ 2736.656573] ? ____sys_sendmsg+0x70d/0x870 [ 2736.657062] ? ___sys_sendmsg+0xf3/0x170 [ 2736.657527] ? __sys_sendmsg+0xe5/0x1b0 [ 2736.657989] ? do_syscall_64+0x33/0x40 [ 2736.658435] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2736.659059] ? lock_acquire+0x197/0x470 [ 2736.659525] ? create_object.isra.0+0x3ad/0xa20 [ 2736.660073] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2736.660623] hwsim_new_radio_nl+0x991/0x1080 [ 2736.661136] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2736.661756] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2736.662539] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2736.663299] genl_family_rcv_msg_doit+0x22d/0x330 [ 2736.663856] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2736.664615] ? cap_capable+0x1d6/0x240 [ 2736.665068] ? ns_capable+0xe2/0x110 [ 2736.665543] genl_rcv_msg+0x33c/0x5a0 [ 2736.666021] ? genl_get_cmd+0x480/0x480 [ 2736.666529] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2736.667157] ? lock_release+0x680/0x680 [ 2736.667644] ? netlink_deliver_tap+0xf4/0xcd0 [ 2736.668212] netlink_rcv_skb+0x14b/0x430 [ 2736.668725] ? genl_get_cmd+0x480/0x480 [ 2736.669231] ? netlink_ack+0xab0/0xab0 [ 2736.669736] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2736.670320] ? is_vmalloc_addr+0x7b/0xb0 [ 2736.670845] genl_rcv+0x24/0x40 [ 2736.671273] netlink_unicast+0x549/0x7f0 [ 2736.671776] ? netlink_attachskb+0x870/0x870 [ 2736.672339] ? __virt_addr_valid+0x128/0x350 [ 2736.672899] netlink_sendmsg+0x90f/0xdf0 [ 2736.673421] ? netlink_unicast+0x7f0/0x7f0 [ 2736.673964] ? netlink_unicast+0x7f0/0x7f0 [ 2736.674507] sock_sendmsg+0x154/0x190 [ 2736.675005] ____sys_sendmsg+0x70d/0x870 [ 2736.675534] ? kernel_sendmsg+0x50/0x50 [ 2736.676022] ? do_recvmmsg+0x6d0/0x6d0 [ 2736.676516] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2736.677194] ? lock_downgrade+0x6d0/0x6d0 [ 2736.677697] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2736.678375] ___sys_sendmsg+0xf3/0x170 [ 2736.678847] ? sendmsg_copy_msghdr+0x160/0x160 [ 2736.679451] ? lock_downgrade+0x6d0/0x6d0 [ 2736.679969] ? find_held_lock+0x2c/0x110 [ 2736.680500] ? __fget_files+0x296/0x4c0 [ 2736.680991] ? __fget_light+0xea/0x290 [ 2736.681495] __sys_sendmsg+0xe5/0x1b0 [ 2736.681958] ? __sys_sendmsg_sock+0x40/0x40 [ 2736.682469] ? rcu_read_lock_any_held+0x75/0xa0 [ 2736.683030] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2736.683637] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2736.684232] ? trace_hardirqs_on+0x5b/0x180 [ 2736.684734] do_syscall_64+0x33/0x40 [ 2736.685170] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2736.685767] RIP: 0033:0x7f09254a5b19 [ 2736.686220] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2736.688362] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2736.689244] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2736.690077] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2736.690922] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2736.691780] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2736.692641] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:54:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xff0f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:57 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 52) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xff2f000000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:57 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0045878, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:57 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x2000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:54:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xfffdffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:57 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 28) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:54:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) [ 2736.959861] FAULT_INJECTION: forcing a failure. [ 2736.959861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2736.962792] CPU: 1 PID: 14801 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2736.964251] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2736.965985] Call Trace: [ 2736.966567] dump_stack+0x107/0x167 [ 2736.967342] should_fail.cold+0x5/0xa [ 2736.968154] __alloc_pages_nodemask+0x182/0x600 [ 2736.969142] ? lock_release+0x680/0x680 [ 2736.969984] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2736.971288] alloc_pages_current+0x187/0x280 [ 2736.972266] kmalloc_order+0x35/0x160 [ 2736.973091] kmalloc_order_trace+0x14/0xa0 [ 2736.974034] relay_open_buf.part.0+0xf9/0xc00 [ 2736.975025] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 2736.976180] relay_open+0x531/0xa10 [ 2736.976978] do_blk_trace_setup+0x4cf/0xc10 [ 2736.977908] ? _copy_from_user+0xfb/0x1b0 [ 2736.978841] __blk_trace_setup+0xca/0x180 [ 2736.979737] ? do_blk_trace_setup+0xc10/0xc10 [ 2736.980678] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2736.981831] blk_trace_ioctl+0x155/0x290 [ 2736.982694] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2736.983760] ? do_vfs_ioctl+0x283/0x10d0 [ 2736.984623] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2736.985753] ? generic_block_fiemap+0x60/0x60 [ 2736.986715] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2736.987728] blkdev_ioctl+0xc1/0x710 [ 2736.988509] ? blkdev_common_ioctl+0x1870/0x1870 [ 2736.989505] ? selinux_file_ioctl+0xb6/0x270 [ 2736.990451] block_ioctl+0xf9/0x140 [ 2736.991230] ? blkdev_read_iter+0x1c0/0x1c0 [ 2736.992167] __x64_sys_ioctl+0x19a/0x210 [ 2736.993024] do_syscall_64+0x33/0x40 [ 2736.993839] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2736.994927] RIP: 0033:0x7fbe5aa67b19 [ 2736.995730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2736.999585] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2737.001172] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2737.002668] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2737.004159] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2737.005647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2737.007156] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:54:57 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xffff1f0000000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:54:57 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xfa03, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:54:57 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x3f000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:54:57 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0189436, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:54:57 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:54:58 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x3000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:54:58 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc020660b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2750.560965] FAULT_INJECTION: forcing a failure. [ 2750.560965] name failslab, interval 1, probability 0, space 0, times 0 [ 2750.563997] CPU: 0 PID: 14840 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2750.565377] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2750.567038] Call Trace: [ 2750.567571] dump_stack+0x107/0x167 [ 2750.568303] should_fail.cold+0x5/0xa [ 2750.569065] ? create_object.isra.0+0x3a/0xa20 [ 2750.569976] should_failslab+0x5/0x20 [ 2750.570742] kmem_cache_alloc+0x5b/0x310 [ 2750.571584] create_object.isra.0+0x3a/0xa20 [ 2750.572480] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2750.573503] kmem_cache_alloc+0x159/0x310 [ 2750.574344] __kernfs_new_node+0xd4/0x850 [ 2750.575201] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2750.576150] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2750.577144] ? wait_for_completion_io+0x270/0x270 [ 2750.578106] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2750.579214] kernfs_new_node+0x93/0x120 [ 2750.580019] __kernfs_create_file+0x51/0x350 [ 2750.580944] sysfs_add_file_mode_ns+0x221/0x560 [ 2750.581873] sysfs_merge_group+0x198/0x320 [ 2750.582745] ? sysfs_update_group+0x30/0x30 [ 2750.583647] ? kernfs_put+0x31/0x50 [ 2750.584409] dpm_sysfs_add+0x249/0x290 [ 2750.585226] device_add+0x9b7/0x1bc0 [ 2750.586006] ? devlink_add_symlinks+0x970/0x970 [ 2750.587021] device_create_groups_vargs+0x207/0x280 [ 2750.588077] device_create+0xdc/0x120 [ 2750.588867] ? device_create_groups_vargs+0x280/0x280 [ 2750.589936] ? init_timer_key+0x12a/0x240 [ 2750.590796] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2750.591787] mac80211_hwsim_new_radio+0x352/0x4250 [ 2750.592771] ? ____sys_sendmsg+0x70d/0x870 [ 2750.593635] ? ___sys_sendmsg+0xf3/0x170 [ 2750.594448] ? __sys_sendmsg+0xe5/0x1b0 [ 2750.595299] ? do_syscall_64+0x33/0x40 [ 2750.596075] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2750.597184] ? lock_acquire+0x197/0x470 [ 2750.597975] ? create_object.isra.0+0x3ad/0xa20 [ 2750.598962] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2750.599910] hwsim_new_radio_nl+0x991/0x1080 [ 2750.600840] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2750.601888] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2750.603318] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2750.604623] genl_family_rcv_msg_doit+0x22d/0x330 [ 2750.605602] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2750.606914] ? cap_capable+0x1d6/0x240 [ 2750.607718] ? ns_capable+0xe2/0x110 [ 2750.608475] genl_rcv_msg+0x33c/0x5a0 [ 2750.609255] ? genl_get_cmd+0x480/0x480 [ 2750.610055] ? lock_acquire+0x1b9/0x470 [ 2750.610870] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2750.611912] ? lock_release+0x680/0x680 [ 2750.612719] ? netlink_deliver_tap+0xf4/0xcd0 [ 2750.613635] netlink_rcv_skb+0x14b/0x430 [ 2750.614457] ? genl_get_cmd+0x480/0x480 [ 2750.615278] ? netlink_ack+0xab0/0xab0 [ 2750.616069] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2750.616986] ? is_vmalloc_addr+0x7b/0xb0 [ 2750.617810] genl_rcv+0x24/0x40 [ 2750.618481] netlink_unicast+0x549/0x7f0 [ 2750.619315] ? netlink_attachskb+0x870/0x870 [ 2750.620193] ? __virt_addr_valid+0x128/0x350 [ 2750.621087] netlink_sendmsg+0x90f/0xdf0 [ 2750.621912] ? netlink_unicast+0x7f0/0x7f0 [ 2750.622779] ? netlink_unicast+0x7f0/0x7f0 [ 2750.623634] sock_sendmsg+0x154/0x190 [ 2750.624398] ____sys_sendmsg+0x70d/0x870 [ 2750.625214] ? kernel_sendmsg+0x50/0x50 [ 2750.626011] ? do_recvmmsg+0x6d0/0x6d0 [ 2750.626813] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2750.627896] ? lock_downgrade+0x6d0/0x6d0 [ 2750.628770] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2750.629909] ___sys_sendmsg+0xf3/0x170 [ 2750.630718] ? sendmsg_copy_msghdr+0x160/0x160 [ 2750.631647] ? lock_downgrade+0x6d0/0x6d0 [ 2750.632490] ? find_held_lock+0x2c/0x110 [ 2750.633322] ? __fget_files+0x296/0x4c0 [ 2750.634130] ? __fget_light+0xea/0x290 [ 2750.634944] __sys_sendmsg+0xe5/0x1b0 [ 2750.635723] ? __sys_sendmsg_sock+0x40/0x40 [ 2750.636593] ? rcu_read_lock_any_held+0x75/0xa0 [ 2750.637564] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2750.638625] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2750.639674] ? trace_hardirqs_on+0x5b/0x180 [ 2750.640550] do_syscall_64+0x33/0x40 [ 2750.641303] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2750.642340] RIP: 0033:0x7f09254a5b19 [ 2750.643123] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2750.646960] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2750.648491] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2750.649980] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2750.651443] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2750.652875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2750.654312] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:55:11 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 29) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:55:11 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 53) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:11 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x48000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xffffff7f00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:11 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:55:11 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:55:11 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x3, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:55:11 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:55:11 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xffffffff00000000, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2750.711420] FAULT_INJECTION: forcing a failure. [ 2750.711420] name failslab, interval 1, probability 0, space 0, times 0 [ 2750.714425] CPU: 0 PID: 14853 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2750.715884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2750.717656] Call Trace: [ 2750.718206] dump_stack+0x107/0x167 [ 2750.718990] should_fail.cold+0x5/0xa [ 2750.719792] ? create_object.isra.0+0x3a/0xa20 [ 2750.720757] should_failslab+0x5/0x20 [ 2750.721539] kmem_cache_alloc+0x5b/0x310 [ 2750.722357] create_object.isra.0+0x3a/0xa20 [ 2750.723249] ? kasan_unpoison_shadow+0x33/0x50 [ 2750.724165] kmalloc_order+0xfe/0x160 [ 2750.724940] kmalloc_order_trace+0x14/0xa0 [ 2750.725816] relay_open_buf.part.0+0xf9/0xc00 [ 2750.726739] ? _find_next_bit.constprop.0+0x1a3/0x200 [ 2750.727805] relay_open+0x531/0xa10 [ 2750.728546] do_blk_trace_setup+0x4cf/0xc10 [ 2750.729431] ? _copy_from_user+0xfb/0x1b0 [ 2750.730275] __blk_trace_setup+0xca/0x180 [ 2750.731146] ? do_blk_trace_setup+0xc10/0xc10 [ 2750.732063] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2750.733156] blk_trace_ioctl+0x155/0x290 [ 2750.733984] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2750.735018] ? do_vfs_ioctl+0x283/0x10d0 [ 2750.735834] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2750.736906] ? generic_block_fiemap+0x60/0x60 [ 2750.737805] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2750.738800] blkdev_ioctl+0xc1/0x710 [ 2750.739560] ? blkdev_common_ioctl+0x1870/0x1870 [ 2750.740529] ? selinux_file_ioctl+0xb6/0x270 [ 2750.741420] block_ioctl+0xf9/0x140 [ 2750.742160] ? blkdev_read_iter+0x1c0/0x1c0 [ 2750.743047] __x64_sys_ioctl+0x19a/0x210 [ 2750.743883] do_syscall_64+0x33/0x40 [ 2750.744637] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2750.745681] RIP: 0033:0x7fbe5aa67b19 [ 2750.746436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2750.750191] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2750.751732] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2750.753196] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2750.754665] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2750.756121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2750.757600] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:55:24 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:24 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4c000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:24 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 30) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:55:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481223, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:55:24 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x14, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:55:24 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 54) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x5000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2763.418996] FAULT_INJECTION: forcing a failure. [ 2763.418996] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.421403] FAULT_INJECTION: forcing a failure. [ 2763.421403] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.422440] CPU: 0 PID: 14879 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2763.425582] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.427225] Call Trace: [ 2763.427762] dump_stack+0x107/0x167 [ 2763.428533] should_fail.cold+0x5/0xa [ 2763.429294] ? __kernfs_new_node+0xd4/0x850 [ 2763.430153] should_failslab+0x5/0x20 [ 2763.430917] kmem_cache_alloc+0x5b/0x310 [ 2763.431751] __kernfs_new_node+0xd4/0x850 [ 2763.432575] ? mark_held_locks+0x9e/0xe0 [ 2763.433406] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2763.434342] ? trace_hardirqs_on+0x5b/0x180 [ 2763.435240] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2763.436322] kernfs_new_node+0x93/0x120 [ 2763.437132] __kernfs_create_file+0x51/0x350 [ 2763.438004] sysfs_add_file_mode_ns+0x221/0x560 [ 2763.438962] sysfs_merge_group+0x198/0x320 [ 2763.439805] ? sysfs_update_group+0x30/0x30 [ 2763.440688] ? kernfs_put+0x31/0x50 [ 2763.441421] dpm_sysfs_add+0x249/0x290 [ 2763.442216] device_add+0x9b7/0x1bc0 [ 2763.442965] ? devlink_add_symlinks+0x970/0x970 [ 2763.443919] device_create_groups_vargs+0x207/0x280 [ 2763.444906] device_create+0xdc/0x120 [ 2763.445692] ? device_create_groups_vargs+0x280/0x280 [ 2763.446716] ? init_timer_key+0x12a/0x240 [ 2763.447581] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2763.448543] mac80211_hwsim_new_radio+0x352/0x4250 [ 2763.449540] ? ____sys_sendmsg+0x70d/0x870 [ 2763.450376] ? ___sys_sendmsg+0xf3/0x170 [ 2763.451205] ? __sys_sendmsg+0xe5/0x1b0 [ 2763.451977] ? do_syscall_64+0x33/0x40 [ 2763.452766] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2763.453812] ? lock_acquire+0x197/0x470 [ 2763.454624] ? create_object.isra.0+0x3ad/0xa20 [ 2763.455580] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2763.456538] hwsim_new_radio_nl+0x991/0x1080 [ 2763.457421] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2763.458482] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2763.459781] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2763.461109] genl_family_rcv_msg_doit+0x22d/0x330 [ 2763.462068] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2763.463414] ? cap_capable+0x1d6/0x240 [ 2763.464203] ? ns_capable+0xe2/0x110 [ 2763.464968] genl_rcv_msg+0x33c/0x5a0 [ 2763.465727] ? genl_get_cmd+0x480/0x480 [ 2763.466538] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2763.467580] ? lock_release+0x680/0x680 [ 2763.468392] ? netlink_deliver_tap+0xf4/0xcd0 [ 2763.469281] netlink_rcv_skb+0x14b/0x430 [ 2763.470106] ? genl_get_cmd+0x480/0x480 [ 2763.470904] ? netlink_ack+0xab0/0xab0 [ 2763.471689] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2763.472612] ? is_vmalloc_addr+0x7b/0xb0 [ 2763.473424] genl_rcv+0x24/0x40 [ 2763.474089] netlink_unicast+0x549/0x7f0 [ 2763.474899] ? netlink_attachskb+0x870/0x870 [ 2763.475790] ? __virt_addr_valid+0x128/0x350 [ 2763.476683] netlink_sendmsg+0x90f/0xdf0 [ 2763.477490] ? netlink_unicast+0x7f0/0x7f0 [ 2763.478338] ? netlink_unicast+0x7f0/0x7f0 [ 2763.479193] sock_sendmsg+0x154/0x190 [ 2763.479938] ____sys_sendmsg+0x70d/0x870 [ 2763.480751] ? kernel_sendmsg+0x50/0x50 [ 2763.481542] ? do_recvmmsg+0x6d0/0x6d0 [ 2763.482340] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2763.483376] ? lock_downgrade+0x6d0/0x6d0 [ 2763.484221] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2763.485259] ___sys_sendmsg+0xf3/0x170 [ 2763.486050] ? sendmsg_copy_msghdr+0x160/0x160 [ 2763.486975] ? lock_downgrade+0x6d0/0x6d0 [ 2763.487820] ? find_held_lock+0x2c/0x110 [ 2763.488625] ? __fget_files+0x296/0x4c0 [ 2763.489440] ? __fget_light+0xea/0x290 [ 2763.490222] __sys_sendmsg+0xe5/0x1b0 [ 2763.490996] ? __sys_sendmsg_sock+0x40/0x40 [ 2763.491872] ? rcu_read_lock_any_held+0x75/0xa0 [ 2763.492806] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2763.493868] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2763.494890] ? trace_hardirqs_on+0x5b/0x180 [ 2763.495774] do_syscall_64+0x33/0x40 [ 2763.496511] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2763.497553] RIP: 0033:0x7f09254a5b19 [ 2763.498294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.502013] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2763.503540] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2763.504976] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2763.506422] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2763.507878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2763.509326] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 [ 2763.510806] CPU: 1 PID: 14874 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2763.512309] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.514047] Call Trace: [ 2763.514611] dump_stack+0x107/0x167 [ 2763.515401] should_fail.cold+0x5/0xa [ 2763.516210] ? relay_open_buf.part.0+0x472/0xc00 [ 2763.517213] should_failslab+0x5/0x20 [ 2763.518013] __kmalloc+0x72/0x390 [ 2763.518752] relay_open_buf.part.0+0x472/0xc00 [ 2763.519736] relay_open+0x531/0xa10 [ 2763.520519] do_blk_trace_setup+0x4cf/0xc10 [ 2763.521440] ? _copy_from_user+0xfb/0x1b0 [ 2763.522315] __blk_trace_setup+0xca/0x180 [ 2763.523223] ? do_blk_trace_setup+0xc10/0xc10 [ 2763.524180] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2763.525311] blk_trace_ioctl+0x155/0x290 [ 2763.526167] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2763.527213] ? do_vfs_ioctl+0x283/0x10d0 [ 2763.528070] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2763.529171] ? generic_block_fiemap+0x60/0x60 [ 2763.530127] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2763.531159] blkdev_ioctl+0xc1/0x710 [ 2763.531948] ? blkdev_common_ioctl+0x1870/0x1870 [ 2763.532953] ? selinux_file_ioctl+0xb6/0x270 [ 2763.533891] block_ioctl+0xf9/0x140 [ 2763.534654] ? blkdev_read_iter+0x1c0/0x1c0 [ 2763.535590] __x64_sys_ioctl+0x19a/0x210 [ 2763.536459] do_syscall_64+0x33/0x40 [ 2763.537255] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2763.538338] RIP: 0033:0x7fbe5aa67b19 [ 2763.539143] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.543031] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2763.544646] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2763.546152] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2763.547670] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2763.549175] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2763.550683] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:55:24 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481225, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:55:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:24 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 31) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2763.713964] FAULT_INJECTION: forcing a failure. [ 2763.713964] name failslab, interval 1, probability 0, space 0, times 0 [ 2763.716559] CPU: 1 PID: 14906 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2763.717998] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2763.719687] Call Trace: [ 2763.720230] dump_stack+0x107/0x167 [ 2763.720982] should_fail.cold+0x5/0xa [ 2763.721772] ? create_object.isra.0+0x3a/0xa20 [ 2763.722703] should_failslab+0x5/0x20 [ 2763.723480] kmem_cache_alloc+0x5b/0x310 [ 2763.724307] create_object.isra.0+0x3a/0xa20 [ 2763.725236] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2763.726308] __kmalloc+0x16e/0x390 [ 2763.727101] relay_open_buf.part.0+0x472/0xc00 [ 2763.728086] relay_open+0x531/0xa10 [ 2763.728886] do_blk_trace_setup+0x4cf/0xc10 [ 2763.729807] ? _copy_from_user+0xfb/0x1b0 [ 2763.730710] __blk_trace_setup+0xca/0x180 [ 2763.731610] ? do_blk_trace_setup+0xc10/0xc10 [ 2763.732589] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2763.733726] blk_trace_ioctl+0x155/0x290 [ 2763.734600] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2763.735661] ? do_vfs_ioctl+0x283/0x10d0 [ 2763.736544] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2763.737660] ? generic_block_fiemap+0x60/0x60 [ 2763.738633] ? error_entry+0x113/0x120 [ 2763.739484] blkdev_ioctl+0xc1/0x710 [ 2763.740292] ? blkdev_common_ioctl+0x1870/0x1870 [ 2763.741305] ? selinux_file_ioctl+0xb6/0x270 [ 2763.742276] block_ioctl+0xf9/0x140 [ 2763.743074] ? blkdev_read_iter+0x1c0/0x1c0 [ 2763.743998] __x64_sys_ioctl+0x19a/0x210 [ 2763.744874] do_syscall_64+0x33/0x40 [ 2763.745676] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2763.746768] RIP: 0033:0x7fbe5aa67b19 [ 2763.747586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2763.751479] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2763.753112] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2763.754621] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2763.756164] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2763.757670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2763.759224] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:55:24 executing program 4: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:24 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122a, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:55:24 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:55:24 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:24 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x5, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:43 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:55:43 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:55:43 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 32) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:55:43 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x68000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 55) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:43 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:43 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x15, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2782.313450] FAULT_INJECTION: forcing a failure. [ 2782.313450] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2782.316576] CPU: 0 PID: 14943 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2782.318317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2782.320406] Call Trace: [ 2782.321099] dump_stack+0x107/0x167 [ 2782.322028] should_fail.cold+0x5/0xa [ 2782.323033] __alloc_pages_nodemask+0x182/0x600 [ 2782.324003] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2782.325086] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2782.326282] alloc_pages_current+0x187/0x280 [ 2782.327177] relay_open_buf.part.0+0x2a5/0xc00 [ 2782.328109] relay_open+0x531/0xa10 [ 2782.328845] do_blk_trace_setup+0x4cf/0xc10 [ 2782.329694] ? _copy_from_user+0xfb/0x1b0 [ 2782.330525] __blk_trace_setup+0xca/0x180 [ 2782.331348] ? do_blk_trace_setup+0xc10/0xc10 [ 2782.332245] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.333302] blk_trace_ioctl+0x155/0x290 [ 2782.334110] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2782.335070] ? do_vfs_ioctl+0x283/0x10d0 [ 2782.335900] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2782.336901] FAULT_INJECTION: forcing a failure. [ 2782.336901] name failslab, interval 1, probability 0, space 0, times 0 [ 2782.336930] ? generic_block_fiemap+0x60/0x60 [ 2782.340032] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2782.341021] blkdev_ioctl+0xc1/0x710 [ 2782.341746] ? blkdev_common_ioctl+0x1870/0x1870 [ 2782.342677] ? selinux_file_ioctl+0xb6/0x270 [ 2782.343560] block_ioctl+0xf9/0x140 [ 2782.344283] ? blkdev_read_iter+0x1c0/0x1c0 [ 2782.345197] __x64_sys_ioctl+0x19a/0x210 [ 2782.346072] do_syscall_64+0x33/0x40 [ 2782.346870] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.347919] RIP: 0033:0x7fbe5aa67b19 [ 2782.348713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2782.352629] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2782.354253] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2782.355799] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2782.357332] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2782.358864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2782.360375] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 [ 2782.361930] CPU: 1 PID: 14949 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2782.363406] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2782.365128] Call Trace: [ 2782.365692] dump_stack+0x107/0x167 [ 2782.366457] should_fail.cold+0x5/0xa [ 2782.367272] ? __kernfs_new_node+0xd4/0x850 [ 2782.368197] should_failslab+0x5/0x20 [ 2782.368996] kmem_cache_alloc+0x5b/0x310 [ 2782.369895] __kernfs_new_node+0xd4/0x850 [ 2782.370782] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2782.371792] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2782.372818] ? wait_for_completion_io+0x270/0x270 [ 2782.373847] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2782.374912] kernfs_new_node+0x93/0x120 [ 2782.375753] __kernfs_create_file+0x51/0x350 [ 2782.376644] sysfs_add_file_mode_ns+0x221/0x560 [ 2782.377584] sysfs_merge_group+0x198/0x320 [ 2782.378435] ? sysfs_update_group+0x30/0x30 [ 2782.379301] ? kernfs_put+0x31/0x50 [ 2782.380022] dpm_sysfs_add+0x249/0x290 [ 2782.380791] device_add+0x9b7/0x1bc0 [ 2782.381522] ? devlink_add_symlinks+0x970/0x970 [ 2782.382438] device_create_groups_vargs+0x207/0x280 [ 2782.383426] device_create+0xdc/0x120 [ 2782.384172] ? device_create_groups_vargs+0x280/0x280 [ 2782.385216] ? init_timer_key+0x12a/0x240 [ 2782.386060] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2782.387042] mac80211_hwsim_new_radio+0x352/0x4250 [ 2782.388042] ? ____sys_sendmsg+0x70d/0x870 [ 2782.388892] ? ___sys_sendmsg+0xf3/0x170 [ 2782.389704] ? __sys_sendmsg+0xe5/0x1b0 [ 2782.390510] ? do_syscall_64+0x33/0x40 [ 2782.391304] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.392375] ? lock_acquire+0x197/0x470 [ 2782.393169] ? create_object.isra.0+0x3ad/0xa20 [ 2782.394111] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2782.395054] hwsim_new_radio_nl+0x991/0x1080 [ 2782.395951] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2782.397012] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2782.398334] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2782.399663] genl_family_rcv_msg_doit+0x22d/0x330 [ 2782.400638] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2782.401954] ? cap_capable+0x1d6/0x240 [ 2782.402749] ? ns_capable+0xe2/0x110 [ 2782.403516] genl_rcv_msg+0x33c/0x5a0 [ 2782.404288] ? genl_get_cmd+0x480/0x480 [ 2782.405114] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2782.406169] ? lock_release+0x680/0x680 [ 2782.406948] ? netlink_deliver_tap+0xf4/0xcd0 [ 2782.407872] netlink_rcv_skb+0x14b/0x430 [ 2782.408714] ? genl_get_cmd+0x480/0x480 [ 2782.409516] ? netlink_ack+0xab0/0xab0 [ 2782.410292] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2782.411214] ? is_vmalloc_addr+0x7b/0xb0 [ 2782.412021] genl_rcv+0x24/0x40 [ 2782.412688] netlink_unicast+0x549/0x7f0 [ 2782.413559] ? netlink_attachskb+0x870/0x870 [ 2782.414444] ? __virt_addr_valid+0x128/0x350 [ 2782.415454] netlink_sendmsg+0x90f/0xdf0 [ 2782.416476] ? netlink_unicast+0x7f0/0x7f0 [ 2782.417512] ? netlink_unicast+0x7f0/0x7f0 [ 2782.418524] sock_sendmsg+0x154/0x190 [ 2782.419459] ____sys_sendmsg+0x70d/0x870 [ 2782.420327] ? kernel_sendmsg+0x50/0x50 [ 2782.421326] ? do_recvmmsg+0x6d0/0x6d0 [ 2782.422316] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.423405] ? lock_downgrade+0x6d0/0x6d0 [ 2782.424254] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.425357] ___sys_sendmsg+0xf3/0x170 [ 2782.426160] ? sendmsg_copy_msghdr+0x160/0x160 [ 2782.427087] ? lock_downgrade+0x6d0/0x6d0 [ 2782.427966] ? find_held_lock+0x2c/0x110 [ 2782.428800] ? __fget_files+0x296/0x4c0 [ 2782.429629] ? __fget_light+0xea/0x290 [ 2782.430418] __sys_sendmsg+0xe5/0x1b0 [ 2782.431208] ? __sys_sendmsg_sock+0x40/0x40 [ 2782.432070] ? rcu_read_lock_any_held+0x75/0xa0 [ 2782.433030] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2782.434080] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2782.435138] ? trace_hardirqs_on+0x5b/0x180 [ 2782.436009] do_syscall_64+0x33/0x40 [ 2782.436775] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.437811] RIP: 0033:0x7f09254a5b19 [ 2782.438576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2782.442245] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2782.443857] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2782.445307] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2782.446769] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2782.448221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2782.449662] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:55:43 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 33) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:55:43 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(0xffffffffffffffff, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:43 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122d, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 2782.643582] FAULT_INJECTION: forcing a failure. [ 2782.643582] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2782.646369] CPU: 1 PID: 14967 Comm: syz-executor.3 Not tainted 5.10.176 #1 [ 2782.647821] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2782.649500] Call Trace: [ 2782.650058] dump_stack+0x107/0x167 [ 2782.650809] should_fail.cold+0x5/0xa [ 2782.651633] __alloc_pages_nodemask+0x182/0x600 [ 2782.652594] ? __kmalloc+0x16e/0x390 [ 2782.653377] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 2782.654631] ? trace_hardirqs_on+0x5b/0x180 [ 2782.655536] alloc_pages_current+0x187/0x280 [ 2782.656450] relay_open_buf.part.0+0x2a5/0xc00 [ 2782.657404] relay_open+0x531/0xa10 [ 2782.658153] do_blk_trace_setup+0x4cf/0xc10 [ 2782.659044] ? _copy_from_user+0xfb/0x1b0 [ 2782.659907] __blk_trace_setup+0xca/0x180 [ 2782.660762] ? do_blk_trace_setup+0xc10/0xc10 [ 2782.661687] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.662783] blk_trace_ioctl+0x155/0x290 [ 2782.663617] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 2782.664628] ? do_vfs_ioctl+0x283/0x10d0 [ 2782.665457] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 2782.666521] ? generic_block_fiemap+0x60/0x60 [ 2782.667469] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2782.668455] blkdev_ioctl+0xc1/0x710 [ 2782.669241] ? blkdev_common_ioctl+0x1870/0x1870 [ 2782.670209] ? selinux_file_ioctl+0xb6/0x270 [ 2782.671109] block_ioctl+0xf9/0x140 [ 2782.671862] ? blkdev_read_iter+0x1c0/0x1c0 [ 2782.672752] __x64_sys_ioctl+0x19a/0x210 [ 2782.673590] do_syscall_64+0x33/0x40 [ 2782.674346] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.675408] RIP: 0033:0x7fbe5aa67b19 [ 2782.676175] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2782.679941] RSP: 002b:00007fbe57fdd188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2782.681495] RAX: ffffffffffffffda RBX: 00007fbe5ab7af60 RCX: 00007fbe5aa67b19 [ 2782.682958] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 2782.684427] RBP: 00007fbe57fdd1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2782.685892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2782.687358] R13: 00007ffc7b2f6adf R14: 00007fbe57fdd300 R15: 0000000000022000 07:55:43 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 56) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:55:43 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:55:43 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:55:43 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x16, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:55:43 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) (fail_nth: 34) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:55:43 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x8000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2782.883951] FAULT_INJECTION: forcing a failure. [ 2782.883951] name failslab, interval 1, probability 0, space 0, times 0 [ 2782.886494] CPU: 0 PID: 14982 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2782.887916] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2782.889584] Call Trace: [ 2782.890125] dump_stack+0x107/0x167 [ 2782.890872] should_fail.cold+0x5/0xa [ 2782.891652] ? kobject_uevent_env+0x22b/0xf90 [ 2782.892559] ? dev_uevent_filter+0xd0/0xd0 [ 2782.893425] should_failslab+0x5/0x20 [ 2782.894204] kmem_cache_alloc_trace+0x55/0x320 [ 2782.895145] ? dev_uevent_filter+0xd0/0xd0 [ 2782.895997] kobject_uevent_env+0x22b/0xf90 [ 2782.896880] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2782.897913] device_add+0xaaf/0x1bc0 [ 2782.898676] ? devlink_add_symlinks+0x970/0x970 [ 2782.899640] device_create_groups_vargs+0x207/0x280 [ 2782.900651] device_create+0xdc/0x120 [ 2782.901418] ? device_create_groups_vargs+0x280/0x280 [ 2782.902447] ? init_timer_key+0x12a/0x240 [ 2782.903301] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2782.904290] mac80211_hwsim_new_radio+0x352/0x4250 [ 2782.905270] ? ____sys_sendmsg+0x70d/0x870 [ 2782.906125] ? ___sys_sendmsg+0xf3/0x170 [ 2782.906937] ? __sys_sendmsg+0xe5/0x1b0 [ 2782.907737] ? do_syscall_64+0x33/0x40 [ 2782.908525] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.909606] ? lock_acquire+0x197/0x470 [ 2782.910415] ? create_object.isra.0+0x3ad/0xa20 [ 2782.911384] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2782.912340] hwsim_new_radio_nl+0x991/0x1080 [ 2782.913237] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2782.914297] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2782.915638] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2782.916958] genl_family_rcv_msg_doit+0x22d/0x330 [ 2782.917927] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2782.919257] ? cap_capable+0x1d6/0x240 [ 2782.920059] ? ns_capable+0xe2/0x110 [ 2782.920811] genl_rcv_msg+0x33c/0x5a0 [ 2782.921580] ? genl_get_cmd+0x480/0x480 [ 2782.922387] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2782.923439] ? lock_release+0x680/0x680 [ 2782.924229] ? netlink_deliver_tap+0xf4/0xcd0 [ 2782.925129] netlink_rcv_skb+0x14b/0x430 [ 2782.925944] ? genl_get_cmd+0x480/0x480 [ 2782.926752] ? netlink_ack+0xab0/0xab0 [ 2782.927571] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2782.928498] ? is_vmalloc_addr+0x7b/0xb0 [ 2782.929318] genl_rcv+0x24/0x40 [ 2782.929992] netlink_unicast+0x549/0x7f0 [ 2782.930823] ? netlink_attachskb+0x870/0x870 [ 2782.931718] ? __virt_addr_valid+0x128/0x350 [ 2782.932627] netlink_sendmsg+0x90f/0xdf0 [ 2782.933460] ? netlink_unicast+0x7f0/0x7f0 [ 2782.934342] ? netlink_unicast+0x7f0/0x7f0 [ 2782.935222] sock_sendmsg+0x154/0x190 [ 2782.936012] ____sys_sendmsg+0x70d/0x870 [ 2782.936826] ? kernel_sendmsg+0x50/0x50 [ 2782.937620] ? do_recvmmsg+0x6d0/0x6d0 [ 2782.938407] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.939460] ? lock_downgrade+0x6d0/0x6d0 [ 2782.940294] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2782.941342] ___sys_sendmsg+0xf3/0x170 [ 2782.942126] ? sendmsg_copy_msghdr+0x160/0x160 [ 2782.943042] ? lock_downgrade+0x6d0/0x6d0 [ 2782.943893] ? find_held_lock+0x2c/0x110 [ 2782.944722] ? __fget_files+0x296/0x4c0 [ 2782.945533] ? __fget_light+0xea/0x290 [ 2782.946317] __sys_sendmsg+0xe5/0x1b0 [ 2782.947085] ? __sys_sendmsg_sock+0x40/0x40 [ 2782.947952] ? rcu_read_lock_any_held+0x75/0xa0 [ 2782.948903] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2782.949949] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2782.950993] ? trace_hardirqs_on+0x5b/0x180 [ 2782.951871] do_syscall_64+0x33/0x40 [ 2782.952617] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2782.953646] RIP: 0033:0x7f09254a5b19 [ 2782.954394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2782.958062] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2782.959594] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2782.961016] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2782.962431] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2782.963866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2782.965284] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:01 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 57) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:01 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2800.187702] FAULT_INJECTION: forcing a failure. [ 2800.187702] name failslab, interval 1, probability 0, space 0, times 0 [ 2800.189213] CPU: 0 PID: 15004 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2800.190078] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2800.191108] Call Trace: [ 2800.191457] dump_stack+0x107/0x167 [ 2800.191937] should_fail.cold+0x5/0xa [ 2800.192417] ? create_object.isra.0+0x3a/0xa20 [ 2800.193003] should_failslab+0x5/0x20 [ 2800.193471] kmem_cache_alloc+0x5b/0x310 [ 2800.193996] create_object.isra.0+0x3a/0xa20 [ 2800.194562] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2800.195212] kmem_cache_alloc+0x159/0x310 [ 2800.195787] __kernfs_new_node+0xd4/0x850 [ 2800.196323] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2800.196928] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2800.197540] ? wait_for_completion_io+0x270/0x270 [ 2800.198166] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2800.198840] kernfs_new_node+0x93/0x120 [ 2800.199392] __kernfs_create_file+0x51/0x350 [ 2800.200004] sysfs_add_file_mode_ns+0x221/0x560 [ 2800.200609] sysfs_merge_group+0x198/0x320 [ 2800.201183] ? sysfs_update_group+0x30/0x30 [ 2800.201744] ? kernfs_put+0x31/0x50 [ 2800.202246] dpm_sysfs_add+0x249/0x290 [ 2800.202788] device_add+0x9b7/0x1bc0 [ 2800.203302] ? devlink_add_symlinks+0x970/0x970 [ 2800.203946] device_create_groups_vargs+0x207/0x280 [ 2800.204626] device_create+0xdc/0x120 [ 2800.205157] ? device_create_groups_vargs+0x280/0x280 [ 2800.205822] ? init_timer_key+0x12a/0x240 [ 2800.206367] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2800.207022] mac80211_hwsim_new_radio+0x352/0x4250 [ 2800.207716] ? ____sys_sendmsg+0x70d/0x870 [ 2800.208300] ? ___sys_sendmsg+0xf3/0x170 [ 2800.208858] ? __sys_sendmsg+0xe5/0x1b0 [ 2800.209396] ? do_syscall_64+0x33/0x40 [ 2800.209917] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2800.210634] ? lock_acquire+0x197/0x470 [ 2800.211168] ? create_object.isra.0+0x3ad/0xa20 [ 2800.211822] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2800.212447] hwsim_new_radio_nl+0x991/0x1080 [ 2800.213049] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2800.213774] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2800.214660] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2800.215547] genl_family_rcv_msg_doit+0x22d/0x330 [ 2800.216213] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2800.217125] ? cap_capable+0x1d6/0x240 [ 2800.217671] ? ns_capable+0xe2/0x110 [ 2800.218187] genl_rcv_msg+0x33c/0x5a0 [ 2800.218721] ? genl_get_cmd+0x480/0x480 [ 2800.219265] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2800.219986] ? lock_release+0x680/0x680 [ 2800.220540] ? netlink_deliver_tap+0xf4/0xcd0 [ 2800.221157] netlink_rcv_skb+0x14b/0x430 [ 2800.221720] ? genl_get_cmd+0x480/0x480 [ 2800.222257] ? netlink_ack+0xab0/0xab0 [ 2800.222801] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2800.223432] ? is_vmalloc_addr+0x7b/0xb0 [ 2800.223984] genl_rcv+0x24/0x40 [ 2800.224437] netlink_unicast+0x549/0x7f0 [ 2800.225000] ? netlink_attachskb+0x870/0x870 [ 2800.225607] ? __virt_addr_valid+0x128/0x350 [ 2800.226218] netlink_sendmsg+0x90f/0xdf0 [ 2800.226783] ? netlink_unicast+0x7f0/0x7f0 [ 2800.227378] ? netlink_unicast+0x7f0/0x7f0 [ 2800.227960] sock_sendmsg+0x154/0x190 [ 2800.228485] ____sys_sendmsg+0x70d/0x870 [ 2800.229058] ? kernel_sendmsg+0x50/0x50 [ 2800.229597] ? do_recvmmsg+0x6d0/0x6d0 [ 2800.230128] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2800.230791] ? lock_downgrade+0x6d0/0x6d0 [ 2800.231320] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2800.232049] ___sys_sendmsg+0xf3/0x170 [ 2800.232584] ? sendmsg_copy_msghdr+0x160/0x160 [ 2800.233222] ? lock_downgrade+0x6d0/0x6d0 [ 2800.233785] ? find_held_lock+0x2c/0x110 [ 2800.234351] ? __fget_files+0x296/0x4c0 [ 2800.234903] ? __fget_light+0xea/0x290 [ 2800.235426] __sys_sendmsg+0xe5/0x1b0 [ 2800.235951] ? __sys_sendmsg_sock+0x40/0x40 [ 2800.236509] ? rcu_read_lock_any_held+0x75/0xa0 [ 2800.237157] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2800.237870] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2800.238579] ? trace_hardirqs_on+0x5b/0x180 [ 2800.239167] do_syscall_64+0x33/0x40 [ 2800.239675] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2800.240375] RIP: 0033:0x7f09254a5b19 [ 2800.240884] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2800.243416] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2800.244461] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2800.245433] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2800.246403] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2800.247398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2800.248347] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:01 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6c000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:01 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:56:01 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x17, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:01 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122e, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0xf, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x10, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:01 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, 0x0, 0x0) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:01 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122f, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:01 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x14, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:01 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 58) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:01 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2800.501884] FAULT_INJECTION: forcing a failure. [ 2800.501884] name failslab, interval 1, probability 0, space 0, times 0 [ 2800.504592] CPU: 1 PID: 15041 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2800.506021] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2800.507704] Call Trace: [ 2800.508252] dump_stack+0x107/0x167 [ 2800.509016] should_fail.cold+0x5/0xa [ 2800.509789] ? kobject_uevent_env+0x22b/0xf90 [ 2800.510701] ? dev_uevent_filter+0xd0/0xd0 [ 2800.511575] should_failslab+0x5/0x20 [ 2800.512339] kmem_cache_alloc_trace+0x55/0x320 [ 2800.513266] ? dev_uevent_filter+0xd0/0xd0 [ 2800.514117] kobject_uevent_env+0x22b/0xf90 [ 2800.514991] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2800.516024] device_add+0xaaf/0x1bc0 [ 2800.516774] ? devlink_add_symlinks+0x970/0x970 [ 2800.517723] device_create_groups_vargs+0x207/0x280 [ 2800.518724] device_create+0xdc/0x120 [ 2800.519514] ? device_create_groups_vargs+0x280/0x280 [ 2800.520556] ? init_timer_key+0x12a/0x240 [ 2800.521405] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2800.522390] mac80211_hwsim_new_radio+0x352/0x4250 [ 2800.523390] ? ____sys_sendmsg+0x70d/0x870 [ 2800.524250] ? ___sys_sendmsg+0xf3/0x170 [ 2800.525073] ? __sys_sendmsg+0xe5/0x1b0 [ 2800.525876] ? do_syscall_64+0x33/0x40 [ 2800.526670] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2800.527773] ? lock_acquire+0x197/0x470 [ 2800.528582] ? create_object.isra.0+0x3ad/0xa20 [ 2800.529537] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2800.530494] hwsim_new_radio_nl+0x991/0x1080 [ 2800.531399] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2800.532461] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2800.533796] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2800.535125] genl_family_rcv_msg_doit+0x22d/0x330 [ 2800.536137] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2800.537468] ? cap_capable+0x1d6/0x240 [ 2800.538273] ? ns_capable+0xe2/0x110 [ 2800.539036] genl_rcv_msg+0x33c/0x5a0 [ 2800.539822] ? genl_get_cmd+0x480/0x480 [ 2800.540632] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2800.541684] ? lock_release+0x680/0x680 [ 2800.542488] ? netlink_deliver_tap+0xf4/0xcd0 [ 2800.543410] netlink_rcv_skb+0x14b/0x430 [ 2800.544234] ? genl_get_cmd+0x480/0x480 [ 2800.545043] ? netlink_ack+0xab0/0xab0 [ 2800.545846] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2800.546770] ? is_vmalloc_addr+0x7b/0xb0 [ 2800.547623] genl_rcv+0x24/0x40 [ 2800.548293] netlink_unicast+0x549/0x7f0 [ 2800.549120] ? netlink_attachskb+0x870/0x870 [ 2800.550012] ? __virt_addr_valid+0x128/0x350 [ 2800.550916] netlink_sendmsg+0x90f/0xdf0 [ 2800.551751] ? netlink_unicast+0x7f0/0x7f0 [ 2800.552623] ? netlink_unicast+0x7f0/0x7f0 [ 2800.553474] sock_sendmsg+0x154/0x190 [ 2800.554246] ____sys_sendmsg+0x70d/0x870 [ 2800.555067] ? kernel_sendmsg+0x50/0x50 [ 2800.555878] ? do_recvmmsg+0x6d0/0x6d0 [ 2800.556669] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2800.557729] ? lock_downgrade+0x6d0/0x6d0 [ 2800.558570] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2800.559650] ___sys_sendmsg+0xf3/0x170 [ 2800.560440] ? sendmsg_copy_msghdr+0x160/0x160 [ 2800.561366] ? lock_downgrade+0x6d0/0x6d0 [ 2800.562205] ? find_held_lock+0x2c/0x110 [ 2800.563035] ? __fget_files+0x296/0x4c0 [ 2800.563842] ? __fget_light+0xea/0x290 [ 2800.564636] __sys_sendmsg+0xe5/0x1b0 [ 2800.565401] ? __sys_sendmsg_sock+0x40/0x40 [ 2800.566273] ? rcu_read_lock_any_held+0x75/0xa0 [ 2800.567231] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2800.568303] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2800.569345] ? trace_hardirqs_on+0x5b/0x180 [ 2800.570219] do_syscall_64+0x33/0x40 [ 2800.570991] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2800.572047] RIP: 0033:0x7f09254a5b19 [ 2800.572797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2800.576521] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2800.578054] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2800.579491] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2800.580926] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2800.582355] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2800.583804] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:01 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2e, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:01 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481230, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:01 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x18, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:17 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 59) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:17 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:17 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x19, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:17 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x74000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:17 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481258, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:17 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x2, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:56:17 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x20000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:56:17 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0xff0f, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2816.171003] FAULT_INJECTION: forcing a failure. [ 2816.171003] name failslab, interval 1, probability 0, space 0, times 0 [ 2816.174613] CPU: 0 PID: 15068 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2816.176404] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2816.178188] Call Trace: [ 2816.178871] dump_stack+0x107/0x167 [ 2816.179677] should_fail.cold+0x5/0xa [ 2816.180652] ? __kernfs_new_node+0xd4/0x850 [ 2816.181596] should_failslab+0x5/0x20 [ 2816.182565] kmem_cache_alloc+0x5b/0x310 [ 2816.183460] __kernfs_new_node+0xd4/0x850 [ 2816.184385] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2816.185420] ? __mutex_unlock_slowpath+0xe1/0x600 [ 2816.186470] ? wait_for_completion_io+0x270/0x270 [ 2816.187520] ? kernfs_next_descendant_post+0x1a7/0x2a0 [ 2816.188701] kernfs_new_node+0x93/0x120 [ 2816.189579] __kernfs_create_file+0x51/0x350 [ 2816.190544] sysfs_add_file_mode_ns+0x221/0x560 [ 2816.191566] sysfs_merge_group+0x198/0x320 [ 2816.192499] ? sysfs_update_group+0x30/0x30 [ 2816.193445] ? kernfs_put+0x31/0x50 [ 2816.194245] dpm_sysfs_add+0x249/0x290 [ 2816.195093] device_add+0x9b7/0x1bc0 [ 2816.195931] ? devlink_add_symlinks+0x970/0x970 [ 2816.196964] device_create_groups_vargs+0x207/0x280 [ 2816.198051] device_create+0xdc/0x120 [ 2816.198886] ? device_create_groups_vargs+0x280/0x280 [ 2816.200014] ? init_timer_key+0x12a/0x240 [ 2816.200931] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2816.201988] mac80211_hwsim_new_radio+0x352/0x4250 [ 2816.203049] ? ____sys_sendmsg+0x70d/0x870 [ 2816.203974] ? ___sys_sendmsg+0xf3/0x170 [ 2816.204857] ? __sys_sendmsg+0xe5/0x1b0 [ 2816.205718] ? do_syscall_64+0x33/0x40 [ 2816.206566] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2816.207740] ? lock_acquire+0x197/0x470 [ 2816.208604] ? create_object.isra.0+0x3ad/0xa20 [ 2816.209625] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2816.210653] hwsim_new_radio_nl+0x991/0x1080 [ 2816.211629] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2816.212777] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2816.214207] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2816.215623] genl_family_rcv_msg_doit+0x22d/0x330 [ 2816.216865] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2816.218276] ? cap_capable+0x1d6/0x240 [ 2816.219132] ? ns_capable+0xe2/0x110 [ 2816.219971] genl_rcv_msg+0x33c/0x5a0 [ 2816.220797] ? genl_get_cmd+0x480/0x480 [ 2816.221656] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2816.222770] ? lock_release+0x680/0x680 [ 2816.223636] ? netlink_deliver_tap+0xf4/0xcd0 [ 2816.224599] netlink_rcv_skb+0x14b/0x430 [ 2816.225470] ? genl_get_cmd+0x480/0x480 [ 2816.226330] ? netlink_ack+0xab0/0xab0 [ 2816.227179] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2816.228173] ? is_vmalloc_addr+0x7b/0xb0 [ 2816.229049] genl_rcv+0x24/0x40 [ 2816.229763] netlink_unicast+0x549/0x7f0 [ 2816.230641] ? netlink_attachskb+0x870/0x870 [ 2816.231593] ? __virt_addr_valid+0x128/0x350 [ 2816.232564] netlink_sendmsg+0x90f/0xdf0 [ 2816.233447] ? netlink_unicast+0x7f0/0x7f0 [ 2816.234371] ? netlink_unicast+0x7f0/0x7f0 [ 2816.235280] sock_sendmsg+0x154/0x190 [ 2816.236103] ____sys_sendmsg+0x70d/0x870 [ 2816.236979] ? kernel_sendmsg+0x50/0x50 [ 2816.237819] ? do_recvmmsg+0x6d0/0x6d0 [ 2816.238660] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2816.239794] ? lock_downgrade+0x6d0/0x6d0 [ 2816.240690] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2816.241827] ___sys_sendmsg+0xf3/0x170 [ 2816.242656] ? sendmsg_copy_msghdr+0x160/0x160 [ 2816.243655] ? lock_downgrade+0x6d0/0x6d0 [ 2816.244540] ? find_held_lock+0x2c/0x110 [ 2816.245425] ? __fget_files+0x296/0x4c0 [ 2816.246281] ? __fget_light+0xea/0x290 [ 2816.247130] __sys_sendmsg+0xe5/0x1b0 [ 2816.247959] ? __sys_sendmsg_sock+0x40/0x40 [ 2816.248898] ? rcu_read_lock_any_held+0x75/0xa0 [ 2816.249925] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2816.251037] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2816.252166] ? trace_hardirqs_on+0x5b/0x180 [ 2816.253087] do_syscall_64+0x33/0x40 [ 2816.253915] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2816.254994] RIP: 0033:0x7f09254a5b19 [ 2816.255814] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2816.259686] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2816.261314] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2816.262822] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2816.264349] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2816.265853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2816.267355] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:17 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:17 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:17 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 60) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2816.524881] FAULT_INJECTION: forcing a failure. [ 2816.524881] name failslab, interval 1, probability 0, space 0, times 0 [ 2816.526461] CPU: 1 PID: 15097 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2816.527220] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2816.528127] Call Trace: [ 2816.528417] dump_stack+0x107/0x167 [ 2816.528804] should_fail.cold+0x5/0xa [ 2816.529192] ? __alloc_skb+0x6d/0x5b0 [ 2816.529585] should_failslab+0x5/0x20 [ 2816.529976] kmem_cache_alloc_node+0x55/0x330 [ 2816.530435] __alloc_skb+0x6d/0x5b0 [ 2816.530813] alloc_uevent_skb+0x7b/0x210 [ 2816.531229] kobject_uevent_env+0x99a/0xf90 [ 2816.531698] device_add+0xaaf/0x1bc0 [ 2816.532119] ? devlink_add_symlinks+0x970/0x970 [ 2816.532600] device_create_groups_vargs+0x207/0x280 [ 2816.533107] device_create+0xdc/0x120 [ 2816.533496] ? device_create_groups_vargs+0x280/0x280 [ 2816.534024] ? init_timer_key+0x12a/0x240 [ 2816.534498] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2816.535024] mac80211_hwsim_new_radio+0x352/0x4250 [ 2816.535543] ? ____sys_sendmsg+0x70d/0x870 [ 2816.536016] ? ___sys_sendmsg+0xf3/0x170 [ 2816.536457] ? __sys_sendmsg+0xe5/0x1b0 [ 2816.536894] ? do_syscall_64+0x33/0x40 [ 2816.537319] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2816.537895] ? lock_acquire+0x197/0x470 [ 2816.538321] ? create_object.isra.0+0x3ad/0xa20 [ 2816.538822] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2816.539329] hwsim_new_radio_nl+0x991/0x1080 [ 2816.539827] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2816.540406] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2816.541121] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2816.541819] genl_family_rcv_msg_doit+0x22d/0x330 [ 2816.542341] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2816.543048] ? cap_capable+0x1d6/0x240 [ 2816.543479] ? ns_capable+0xe2/0x110 [ 2816.543897] genl_rcv_msg+0x33c/0x5a0 [ 2816.544312] ? genl_get_cmd+0x480/0x480 [ 2816.544742] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2816.545301] ? lock_release+0x680/0x680 [ 2816.545728] ? netlink_deliver_tap+0xf4/0xcd0 [ 2816.546210] netlink_rcv_skb+0x14b/0x430 [ 2816.546645] ? genl_get_cmd+0x480/0x480 [ 2816.547078] ? netlink_ack+0xab0/0xab0 [ 2816.547506] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2816.548022] ? is_vmalloc_addr+0x7b/0xb0 [ 2816.548461] genl_rcv+0x24/0x40 [ 2816.548820] netlink_unicast+0x549/0x7f0 [ 2816.549263] ? netlink_attachskb+0x870/0x870 [ 2816.549738] ? __virt_addr_valid+0x128/0x350 [ 2816.550222] netlink_sendmsg+0x90f/0xdf0 [ 2816.550663] ? netlink_unicast+0x7f0/0x7f0 [ 2816.551132] ? netlink_unicast+0x7f0/0x7f0 [ 2816.551603] sock_sendmsg+0x154/0x190 [ 2816.552021] ____sys_sendmsg+0x70d/0x870 [ 2816.552463] ? kernel_sendmsg+0x50/0x50 [ 2816.552898] ? do_recvmmsg+0x6d0/0x6d0 [ 2816.553319] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2816.553895] ? lock_downgrade+0x6d0/0x6d0 [ 2816.554346] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2816.554918] ___sys_sendmsg+0xf3/0x170 [ 2816.555349] ? sendmsg_copy_msghdr+0x160/0x160 [ 2816.555873] ? lock_downgrade+0x6d0/0x6d0 [ 2816.556328] ? find_held_lock+0x2c/0x110 [ 2816.556777] ? __fget_files+0x296/0x4c0 [ 2816.557214] ? __fget_light+0xea/0x290 [ 2816.557644] __sys_sendmsg+0xe5/0x1b0 [ 2816.558055] ? __sys_sendmsg_sock+0x40/0x40 [ 2816.558522] ? rcu_read_lock_any_held+0x75/0xa0 [ 2816.559045] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2816.559660] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2816.560220] ? trace_hardirqs_on+0x5b/0x180 [ 2816.560707] do_syscall_64+0x33/0x40 [ 2816.561112] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2816.561670] RIP: 0033:0x7f09254a5b19 [ 2816.562070] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2816.564075] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2816.564908] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2816.565686] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2816.566457] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2816.567228] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2816.568011] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:33 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x1000a, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:33 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7a000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:33 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:33 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481263, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:33 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1a, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:33 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x2aeae28a, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:56:33 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x301, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:56:33 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 61) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2832.580434] FAULT_INJECTION: forcing a failure. [ 2832.580434] name failslab, interval 1, probability 0, space 0, times 0 [ 2832.582264] CPU: 1 PID: 15123 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2832.583313] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2832.584547] Call Trace: [ 2832.584958] dump_stack+0x107/0x167 [ 2832.585495] should_fail.cold+0x5/0xa [ 2832.586069] ? create_object.isra.0+0x3a/0xa20 [ 2832.586756] should_failslab+0x5/0x20 [ 2832.587319] kmem_cache_alloc+0x5b/0x310 [ 2832.587938] create_object.isra.0+0x3a/0xa20 [ 2832.588568] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2832.589331] kmem_cache_alloc_trace+0x151/0x320 [ 2832.590031] ? dev_uevent_filter+0xd0/0xd0 [ 2832.590647] kobject_uevent_env+0x22b/0xf90 [ 2832.591304] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 2832.592079] device_add+0xaaf/0x1bc0 [ 2832.592618] ? devlink_add_symlinks+0x970/0x970 [ 2832.593328] device_create_groups_vargs+0x207/0x280 [ 2832.594067] device_create+0xdc/0x120 [ 2832.594627] ? device_create_groups_vargs+0x280/0x280 [ 2832.595384] ? init_timer_key+0x12a/0x240 [ 2832.596031] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2832.596747] mac80211_hwsim_new_radio+0x352/0x4250 [ 2832.597467] ? ____sys_sendmsg+0x70d/0x870 [ 2832.598088] ? ___sys_sendmsg+0xf3/0x170 [ 2832.598689] ? __sys_sendmsg+0xe5/0x1b0 [ 2832.599291] ? do_syscall_64+0x33/0x40 [ 2832.599888] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2832.600667] ? lock_acquire+0x197/0x470 [ 2832.601260] ? create_object.isra.0+0x3ad/0xa20 [ 2832.601959] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2832.602654] hwsim_new_radio_nl+0x991/0x1080 [ 2832.603325] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2832.604126] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2832.605085] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2832.606064] genl_family_rcv_msg_doit+0x22d/0x330 [ 2832.606784] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2832.607756] ? cap_capable+0x1d6/0x240 [ 2832.608351] ? ns_capable+0xe2/0x110 [ 2832.608910] genl_rcv_msg+0x33c/0x5a0 [ 2832.609457] ? genl_get_cmd+0x480/0x480 [ 2832.610054] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2832.610838] ? lock_release+0x680/0x680 [ 2832.611426] ? netlink_deliver_tap+0xf4/0xcd0 [ 2832.612101] netlink_rcv_skb+0x14b/0x430 [ 2832.612706] ? genl_get_cmd+0x480/0x480 [ 2832.613302] ? netlink_ack+0xab0/0xab0 [ 2832.613916] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2832.614591] ? is_vmalloc_addr+0x7b/0xb0 [ 2832.615211] genl_rcv+0x24/0x40 [ 2832.615708] netlink_unicast+0x549/0x7f0 [ 2832.616370] ? netlink_attachskb+0x870/0x870 [ 2832.617033] ? __virt_addr_valid+0x128/0x350 [ 2832.617719] netlink_sendmsg+0x90f/0xdf0 [ 2832.618338] ? netlink_unicast+0x7f0/0x7f0 [ 2832.619008] ? netlink_unicast+0x7f0/0x7f0 [ 2832.619632] sock_sendmsg+0x154/0x190 [ 2832.620231] ____sys_sendmsg+0x70d/0x870 [ 2832.620828] ? kernel_sendmsg+0x50/0x50 [ 2832.621421] ? do_recvmmsg+0x6d0/0x6d0 [ 2832.622005] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2832.622816] ? lock_downgrade+0x6d0/0x6d0 [ 2832.623419] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2832.624284] ___sys_sendmsg+0xf3/0x170 [ 2832.624916] ? sendmsg_copy_msghdr+0x160/0x160 [ 2832.625583] ? lock_downgrade+0x6d0/0x6d0 [ 2832.626260] ? find_held_lock+0x2c/0x110 [ 2832.626885] ? __fget_files+0x296/0x4c0 [ 2832.627528] ? __fget_light+0xea/0x290 [ 2832.628166] __sys_sendmsg+0xe5/0x1b0 [ 2832.628793] ? __sys_sendmsg_sock+0x40/0x40 [ 2832.629478] ? rcu_read_lock_any_held+0x75/0xa0 [ 2832.630189] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2832.631056] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2832.631896] ? trace_hardirqs_on+0x5b/0x180 [ 2832.632572] do_syscall_64+0x33/0x40 [ 2832.633158] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2832.633974] RIP: 0033:0x7f09254a5b19 [ 2832.634573] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2832.637564] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2832.638791] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2832.639944] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2832.641089] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2832.642222] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2832.643383] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:33 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:33 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481264, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:33 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:33 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1260, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:56:33 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1b, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:33 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 62) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:33 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x3f000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) [ 2832.941402] FAULT_INJECTION: forcing a failure. [ 2832.941402] name failslab, interval 1, probability 0, space 0, times 0 [ 2832.944429] CPU: 1 PID: 15150 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2832.945914] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2832.947665] Call Trace: [ 2832.948233] dump_stack+0x107/0x167 [ 2832.949014] should_fail.cold+0x5/0xa [ 2832.949811] ? create_object.isra.0+0x3a/0xa20 [ 2832.950753] should_failslab+0x5/0x20 [ 2832.951562] kmem_cache_alloc+0x5b/0x310 [ 2832.952409] create_object.isra.0+0x3a/0xa20 [ 2832.953313] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2832.954342] kmem_cache_alloc_node+0x169/0x330 [ 2832.955290] __alloc_skb+0x6d/0x5b0 [ 2832.956047] alloc_uevent_skb+0x7b/0x210 [ 2832.956887] kobject_uevent_env+0x99a/0xf90 [ 2832.957779] device_add+0xaaf/0x1bc0 [ 2832.958552] ? devlink_add_symlinks+0x970/0x970 [ 2832.959512] device_create_groups_vargs+0x207/0x280 [ 2832.960558] device_create+0xdc/0x120 [ 2832.961340] ? device_create_groups_vargs+0x280/0x280 [ 2832.962407] ? init_timer_key+0x12a/0x240 [ 2832.963279] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2832.964288] mac80211_hwsim_new_radio+0x352/0x4250 [ 2832.965301] ? ____sys_sendmsg+0x70d/0x870 [ 2832.966163] ? ___sys_sendmsg+0xf3/0x170 [ 2832.966986] ? __sys_sendmsg+0xe5/0x1b0 [ 2832.967821] ? do_syscall_64+0x33/0x40 [ 2832.968622] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2832.969714] ? lock_acquire+0x197/0x470 [ 2832.970528] ? create_object.isra.0+0x3ad/0xa20 [ 2832.971474] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2832.972460] hwsim_new_radio_nl+0x991/0x1080 [ 2832.973346] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2832.974426] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2832.975751] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2832.977116] genl_family_rcv_msg_doit+0x22d/0x330 [ 2832.978106] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2832.979446] ? cap_capable+0x1d6/0x240 [ 2832.980274] ? ns_capable+0xe2/0x110 [ 2832.981047] genl_rcv_msg+0x33c/0x5a0 [ 2832.981835] ? genl_get_cmd+0x480/0x480 [ 2832.982645] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2832.983715] ? lock_release+0x680/0x680 [ 2832.984549] ? netlink_deliver_tap+0xf4/0xcd0 [ 2832.985471] netlink_rcv_skb+0x14b/0x430 [ 2832.986303] ? genl_get_cmd+0x480/0x480 [ 2832.987118] ? netlink_ack+0xab0/0xab0 [ 2832.987951] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2832.988885] ? is_vmalloc_addr+0x7b/0xb0 [ 2832.989724] genl_rcv+0x24/0x40 [ 2832.990401] netlink_unicast+0x549/0x7f0 [ 2832.991241] ? netlink_attachskb+0x870/0x870 [ 2832.992160] ? __virt_addr_valid+0x128/0x350 [ 2832.993073] netlink_sendmsg+0x90f/0xdf0 [ 2832.993917] ? netlink_unicast+0x7f0/0x7f0 [ 2832.994806] ? netlink_unicast+0x7f0/0x7f0 [ 2832.995671] sock_sendmsg+0x154/0x190 [ 2832.996466] ____sys_sendmsg+0x70d/0x870 [ 2832.997294] ? kernel_sendmsg+0x50/0x50 [ 2832.998104] ? do_recvmmsg+0x6d0/0x6d0 [ 2832.998893] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2832.999992] ? lock_downgrade+0x6d0/0x6d0 [ 2833.000846] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2833.001927] ___sys_sendmsg+0xf3/0x170 [ 2833.002737] ? sendmsg_copy_msghdr+0x160/0x160 [ 2833.003680] ? lock_downgrade+0x6d0/0x6d0 [ 2833.004554] ? find_held_lock+0x2c/0x110 [ 2833.005402] ? __fget_files+0x296/0x4c0 [ 2833.006230] ? __fget_light+0xea/0x290 [ 2833.007034] __sys_sendmsg+0xe5/0x1b0 [ 2833.007835] ? __sys_sendmsg_sock+0x40/0x40 [ 2833.008721] ? rcu_read_lock_any_held+0x75/0xa0 [ 2833.009688] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2833.010757] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2833.011836] ? trace_hardirqs_on+0x5b/0x180 [ 2833.012730] do_syscall_64+0x33/0x40 [ 2833.013498] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2833.014545] RIP: 0033:0x7f09254a5b19 [ 2833.015310] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2833.019096] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2833.020732] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2833.022261] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2833.023824] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2833.025382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2833.026896] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:33 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:49 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 63) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:49 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x48000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:56:49 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2e800, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:56:49 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1263, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:56:49 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481269, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:49 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:49 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x84400000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:49 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1c, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2848.252477] FAULT_INJECTION: forcing a failure. [ 2848.252477] name failslab, interval 1, probability 0, space 0, times 0 [ 2848.255421] CPU: 1 PID: 15174 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2848.256803] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2848.258434] Call Trace: [ 2848.258962] dump_stack+0x107/0x167 [ 2848.259703] should_fail.cold+0x5/0xa [ 2848.260472] ? kobject_get_path+0xc4/0x1d0 [ 2848.261342] should_failslab+0x5/0x20 [ 2848.262090] __kmalloc+0x72/0x390 [ 2848.262797] ? trace_hardirqs_on+0x5b/0x180 [ 2848.263663] kobject_get_path+0xc4/0x1d0 [ 2848.264508] kobject_uevent_env+0x251/0xf90 [ 2848.265367] device_add+0xaaf/0x1bc0 [ 2848.266128] ? devlink_add_symlinks+0x970/0x970 [ 2848.267079] device_create_groups_vargs+0x207/0x280 [ 2848.268093] device_create+0xdc/0x120 [ 2848.268863] ? device_create_groups_vargs+0x280/0x280 [ 2848.269901] ? init_timer_key+0x12a/0x240 [ 2848.270746] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2848.271727] mac80211_hwsim_new_radio+0x352/0x4250 [ 2848.272698] ? ____sys_sendmsg+0x70d/0x870 [ 2848.273515] ? ___sys_sendmsg+0xf3/0x170 [ 2848.274327] ? __sys_sendmsg+0xe5/0x1b0 [ 2848.275124] ? do_syscall_64+0x33/0x40 [ 2848.275918] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2848.277009] ? lock_acquire+0x197/0x470 [ 2848.277805] ? create_object.isra.0+0x3ad/0xa20 [ 2848.278749] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2848.279677] hwsim_new_radio_nl+0x991/0x1080 [ 2848.280573] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2848.281626] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2848.282950] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2848.284270] genl_family_rcv_msg_doit+0x22d/0x330 [ 2848.285246] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2848.286567] ? cap_capable+0x1d6/0x240 [ 2848.287364] ? ns_capable+0xe2/0x110 [ 2848.288136] genl_rcv_msg+0x33c/0x5a0 [ 2848.288907] ? genl_get_cmd+0x480/0x480 [ 2848.289712] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2848.290754] ? lock_release+0x680/0x680 [ 2848.291552] ? netlink_deliver_tap+0xf4/0xcd0 [ 2848.292465] netlink_rcv_skb+0x14b/0x430 [ 2848.293286] ? genl_get_cmd+0x480/0x480 [ 2848.294087] ? netlink_ack+0xab0/0xab0 [ 2848.294884] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2848.295812] ? is_vmalloc_addr+0x7b/0xb0 [ 2848.296640] genl_rcv+0x24/0x40 [ 2848.297314] netlink_unicast+0x549/0x7f0 [ 2848.298138] ? netlink_attachskb+0x870/0x870 [ 2848.299044] ? __virt_addr_valid+0x128/0x350 [ 2848.299944] netlink_sendmsg+0x90f/0xdf0 [ 2848.300797] ? netlink_unicast+0x7f0/0x7f0 [ 2848.301665] ? netlink_unicast+0x7f0/0x7f0 [ 2848.302524] sock_sendmsg+0x154/0x190 [ 2848.303292] ____sys_sendmsg+0x70d/0x870 [ 2848.304140] ? kernel_sendmsg+0x50/0x50 [ 2848.304949] ? do_recvmmsg+0x6d0/0x6d0 [ 2848.305734] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2848.306787] ? lock_downgrade+0x6d0/0x6d0 [ 2848.307626] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2848.308700] ___sys_sendmsg+0xf3/0x170 [ 2848.309480] ? sendmsg_copy_msghdr+0x160/0x160 [ 2848.310404] ? lock_downgrade+0x6d0/0x6d0 [ 2848.311244] ? find_held_lock+0x2c/0x110 [ 2848.312083] ? __fget_files+0x296/0x4c0 [ 2848.312899] ? __fget_light+0xea/0x290 [ 2848.313696] __sys_sendmsg+0xe5/0x1b0 [ 2848.314467] ? __sys_sendmsg_sock+0x40/0x40 [ 2848.315352] ? rcu_read_lock_any_held+0x75/0xa0 [ 2848.316342] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2848.317403] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2848.318438] ? trace_hardirqs_on+0x5b/0x180 [ 2848.319310] do_syscall_64+0x33/0x40 [ 2848.320075] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2848.321110] RIP: 0033:0x7f09254a5b19 [ 2848.321862] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2848.325579] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2848.327127] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2848.328580] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2848.330017] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2848.331450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2848.332890] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:56:49 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:49 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048126c, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:49 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:49 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1265, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:56:49 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1d, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:56:49 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x4c000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:56:49 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 64) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:56:49 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:56:49 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048126f, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:56:49 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x8ae2ea2a, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2848.777398] FAULT_INJECTION: forcing a failure. [ 2848.777398] name failslab, interval 1, probability 0, space 0, times 0 [ 2848.779991] CPU: 0 PID: 15215 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2848.781739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2848.783713] Call Trace: [ 2848.784388] dump_stack+0x107/0x167 [ 2848.785262] should_fail.cold+0x5/0xa [ 2848.786165] ? skb_clone+0x14f/0x3d0 [ 2848.787052] should_failslab+0x5/0x20 [ 2848.787998] kmem_cache_alloc+0x5b/0x310 [ 2848.789071] skb_clone+0x14f/0x3d0 [ 2848.790058] netlink_broadcast_filtered+0xa08/0xdc0 [ 2848.791410] netlink_broadcast+0x35/0x50 [ 2848.792529] kobject_uevent_env+0x93d/0xf90 [ 2848.793521] device_add+0xaaf/0x1bc0 [ 2848.794396] ? devlink_add_symlinks+0x970/0x970 [ 2848.795460] device_create_groups_vargs+0x207/0x280 [ 2848.796605] device_create+0xdc/0x120 [ 2848.797474] ? device_create_groups_vargs+0x280/0x280 [ 2848.798647] ? init_timer_key+0x12a/0x240 [ 2848.799579] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2848.800669] mac80211_hwsim_new_radio+0x352/0x4250 [ 2848.801754] ? ____sys_sendmsg+0x70d/0x870 [ 2848.802690] ? ___sys_sendmsg+0xf3/0x170 [ 2848.803585] ? __sys_sendmsg+0xe5/0x1b0 [ 2848.804480] ? do_syscall_64+0x33/0x40 [ 2848.805342] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2848.806518] ? lock_acquire+0x197/0x470 [ 2848.807395] ? create_object.isra.0+0x3ad/0xa20 [ 2848.808443] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2848.809394] hwsim_new_radio_nl+0x991/0x1080 [ 2848.810273] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2848.811316] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2848.812625] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2848.813916] genl_family_rcv_msg_doit+0x22d/0x330 [ 2848.814877] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2848.816191] ? cap_capable+0x1d6/0x240 [ 2848.817024] ? ns_capable+0xe2/0x110 [ 2848.817855] genl_rcv_msg+0x33c/0x5a0 [ 2848.818704] ? genl_get_cmd+0x480/0x480 [ 2848.819591] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2848.820764] ? lock_release+0x680/0x680 [ 2848.821655] ? netlink_deliver_tap+0xf4/0xcd0 [ 2848.822664] netlink_rcv_skb+0x14b/0x430 [ 2848.823563] ? genl_get_cmd+0x480/0x480 [ 2848.824457] ? netlink_ack+0xab0/0xab0 [ 2848.825330] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2848.826263] ? is_vmalloc_addr+0x7b/0xb0 [ 2848.827071] genl_rcv+0x24/0x40 [ 2848.827729] netlink_unicast+0x549/0x7f0 [ 2848.828579] ? netlink_attachskb+0x870/0x870 [ 2848.829451] ? __virt_addr_valid+0x128/0x350 [ 2848.830338] netlink_sendmsg+0x90f/0xdf0 [ 2848.831153] ? netlink_unicast+0x7f0/0x7f0 [ 2848.832004] ? netlink_unicast+0x7f0/0x7f0 [ 2848.832850] sock_sendmsg+0x154/0x190 [ 2848.833617] ____sys_sendmsg+0x70d/0x870 [ 2848.834525] ? kernel_sendmsg+0x50/0x50 [ 2848.835400] ? do_recvmmsg+0x6d0/0x6d0 [ 2848.836273] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2848.837436] ? lock_downgrade+0x6d0/0x6d0 [ 2848.838359] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2848.839522] ___sys_sendmsg+0xf3/0x170 [ 2848.840407] ? sendmsg_copy_msghdr+0x160/0x160 [ 2848.841424] ? lock_downgrade+0x6d0/0x6d0 [ 2848.842346] ? find_held_lock+0x2c/0x110 [ 2848.843259] ? __fget_files+0x296/0x4c0 [ 2848.844160] ? __fget_light+0xea/0x290 [ 2848.845031] __sys_sendmsg+0xe5/0x1b0 [ 2848.845875] ? __sys_sendmsg_sock+0x40/0x40 [ 2848.846832] ? rcu_read_lock_any_held+0x75/0xa0 [ 2848.847885] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2848.849065] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2848.850205] ? trace_hardirqs_on+0x5b/0x180 [ 2848.851165] do_syscall_64+0x33/0x40 [ 2848.851990] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2848.853129] RIP: 0033:0x7f09254a5b19 [ 2848.853955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2848.858016] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2848.859701] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2848.861293] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2848.862869] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2848.864454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2848.866029] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:06 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 65) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:06 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x52030000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:06 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1e, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:06 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1269, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:06 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481270, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:06 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x97ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="ea3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2865.604858] FAULT_INJECTION: forcing a failure. [ 2865.604858] name failslab, interval 1, probability 0, space 0, times 0 [ 2865.607915] CPU: 0 PID: 15248 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2865.609493] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2865.611333] Call Trace: [ 2865.611928] dump_stack+0x107/0x167 [ 2865.612750] should_fail.cold+0x5/0xa [ 2865.613608] ? create_object.isra.0+0x3a/0xa20 [ 2865.614629] should_failslab+0x5/0x20 [ 2865.615482] kmem_cache_alloc+0x5b/0x310 [ 2865.616412] create_object.isra.0+0x3a/0xa20 [ 2865.617384] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2865.618514] kmem_cache_alloc_node+0x169/0x330 [ 2865.619528] __alloc_skb+0x6d/0x5b0 [ 2865.620352] alloc_uevent_skb+0x7b/0x210 [ 2865.621253] kobject_uevent_env+0x99a/0xf90 [ 2865.622223] device_add+0xaaf/0x1bc0 [ 2865.623050] ? devlink_add_symlinks+0x970/0x970 [ 2865.624087] device_create_groups_vargs+0x207/0x280 [ 2865.625196] device_create+0xdc/0x120 [ 2865.626042] ? device_create_groups_vargs+0x280/0x280 [ 2865.627169] ? init_timer_key+0x12a/0x240 [ 2865.628099] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2865.629188] mac80211_hwsim_new_radio+0x352/0x4250 [ 2865.630253] ? ____sys_sendmsg+0x70d/0x870 [ 2865.631175] ? ___sys_sendmsg+0xf3/0x170 [ 2865.632052] ? __sys_sendmsg+0xe5/0x1b0 [ 2865.632932] ? do_syscall_64+0x33/0x40 [ 2865.633779] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2865.634947] ? lock_acquire+0x197/0x470 [ 2865.635820] ? create_object.isra.0+0x3ad/0xa20 [ 2865.636873] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2865.637911] hwsim_new_radio_nl+0x991/0x1080 [ 2865.638883] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2865.640033] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2865.641496] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2865.642932] genl_family_rcv_msg_doit+0x22d/0x330 [ 2865.643996] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2865.645444] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2865.646600] ? cap_capable+0x1d6/0x240 [ 2865.647479] ? ns_capable+0xe2/0x110 [ 2865.648347] genl_rcv_msg+0x33c/0x5a0 [ 2865.649213] ? genl_get_cmd+0x480/0x480 [ 2865.650101] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2865.651244] ? lock_release+0x680/0x680 [ 2865.652122] ? netlink_deliver_tap+0xf4/0xcd0 [ 2865.653120] netlink_rcv_skb+0x14b/0x430 [ 2865.654015] ? genl_get_cmd+0x480/0x480 [ 2865.654892] ? netlink_ack+0xab0/0xab0 [ 2865.655763] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2865.656795] ? is_vmalloc_addr+0x7b/0xb0 [ 2865.657707] genl_rcv+0x24/0x40 [ 2865.658452] netlink_unicast+0x549/0x7f0 [ 2865.659378] ? netlink_attachskb+0x870/0x870 [ 2865.660388] ? __virt_addr_valid+0x128/0x350 [ 2865.661397] netlink_sendmsg+0x90f/0xdf0 [ 2865.662326] ? netlink_unicast+0x7f0/0x7f0 [ 2865.663302] ? netlink_unicast+0x7f0/0x7f0 [ 2865.664263] sock_sendmsg+0x154/0x190 [ 2865.665126] ____sys_sendmsg+0x70d/0x870 [ 2865.666048] ? kernel_sendmsg+0x50/0x50 [ 2865.666942] ? do_recvmmsg+0x6d0/0x6d0 [ 2865.667824] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2865.669030] ? lock_downgrade+0x6d0/0x6d0 [ 2865.669974] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2865.671160] ___sys_sendmsg+0xf3/0x170 [ 2865.672040] ? sendmsg_copy_msghdr+0x160/0x160 [ 2865.673084] ? lock_downgrade+0x6d0/0x6d0 [ 2865.674024] ? find_held_lock+0x2c/0x110 [ 2865.674960] ? __fget_files+0x296/0x4c0 [ 2865.675871] ? __fget_light+0xea/0x290 [ 2865.676785] __sys_sendmsg+0xe5/0x1b0 [ 2865.677651] ? __sys_sendmsg_sock+0x40/0x40 [ 2865.678627] ? rcu_read_lock_any_held+0x75/0xa0 [ 2865.679699] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2865.680894] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2865.682066] ? trace_hardirqs_on+0x5b/0x180 [ 2865.683038] do_syscall_64+0x33/0x40 [ 2865.683871] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2865.685038] RIP: 0033:0x7f09254a5b19 [ 2865.685875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2865.689986] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2865.691682] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2865.693290] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2865.694877] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2865.696481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2865.698068] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:06 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x68000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:06 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481275, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="ec3c90000000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:06 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1274, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:06 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x21, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240), 0x0, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:06 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481278, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000080000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:07 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 66) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2866.192893] FAULT_INJECTION: forcing a failure. [ 2866.192893] name failslab, interval 1, probability 0, space 0, times 0 [ 2866.195637] CPU: 0 PID: 15297 Comm: syz-executor.5 Not tainted 5.10.176 #1 07:57:07 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) [ 2866.197097] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2866.199016] Call Trace: [ 2866.199572] dump_stack+0x107/0x167 [ 2866.200359] should_fail.cold+0x5/0xa [ 2866.201146] ? skb_clone+0x14f/0x3d0 [ 2866.201914] should_failslab+0x5/0x20 [ 2866.202707] kmem_cache_alloc+0x5b/0x310 [ 2866.203535] skb_clone+0x14f/0x3d0 [ 2866.204291] netlink_broadcast_filtered+0xa08/0xdc0 [ 2866.205326] netlink_broadcast+0x35/0x50 [ 2866.206182] kobject_uevent_env+0x93d/0xf90 [ 2866.207073] device_add+0xaaf/0x1bc0 [ 2866.207848] ? devlink_add_symlinks+0x970/0x970 [ 2866.208832] device_create_groups_vargs+0x207/0x280 [ 2866.209873] device_create+0xdc/0x120 [ 2866.210665] ? device_create_groups_vargs+0x280/0x280 [ 2866.211709] ? init_timer_key+0x12a/0x240 [ 2866.212585] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2866.213582] mac80211_hwsim_new_radio+0x352/0x4250 [ 2866.214569] ? ____sys_sendmsg+0x70d/0x870 [ 2866.215435] ? ___sys_sendmsg+0xf3/0x170 [ 2866.216277] ? __sys_sendmsg+0xe5/0x1b0 [ 2866.217080] ? do_syscall_64+0x33/0x40 [ 2866.217864] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2866.218938] ? lock_acquire+0x197/0x470 [ 2866.219744] ? create_object.isra.0+0x3ad/0xa20 [ 2866.220715] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2866.221679] hwsim_new_radio_nl+0x991/0x1080 [ 2866.222586] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2866.223657] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2866.225050] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2866.226405] genl_family_rcv_msg_doit+0x22d/0x330 [ 2866.227395] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2866.228760] ? cap_capable+0x1d6/0x240 [ 2866.229569] ? ns_capable+0xe2/0x110 [ 2866.230346] genl_rcv_msg+0x33c/0x5a0 [ 2866.231134] ? genl_get_cmd+0x480/0x480 [ 2866.231957] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2866.233033] ? lock_release+0x680/0x680 [ 2866.233853] ? netlink_deliver_tap+0xf4/0xcd0 [ 2866.234795] netlink_rcv_skb+0x14b/0x430 [ 2866.235635] ? genl_get_cmd+0x480/0x480 [ 2866.236467] ? netlink_ack+0xab0/0xab0 [ 2866.237267] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2866.238190] ? is_vmalloc_addr+0x7b/0xb0 [ 2866.239005] genl_rcv+0x24/0x40 [ 2866.239666] netlink_unicast+0x549/0x7f0 [ 2866.240492] ? netlink_attachskb+0x870/0x870 [ 2866.241368] ? __virt_addr_valid+0x128/0x350 [ 2866.242258] netlink_sendmsg+0x90f/0xdf0 [ 2866.243085] ? netlink_unicast+0x7f0/0x7f0 [ 2866.243945] ? netlink_unicast+0x7f0/0x7f0 [ 2866.244794] sock_sendmsg+0x154/0x190 [ 2866.245553] ____sys_sendmsg+0x70d/0x870 [ 2866.246379] ? kernel_sendmsg+0x50/0x50 [ 2866.247179] ? do_recvmmsg+0x6d0/0x6d0 [ 2866.247954] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2866.249022] ? lock_downgrade+0x6d0/0x6d0 [ 2866.249862] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2866.250907] ___sys_sendmsg+0xf3/0x170 [ 2866.251686] ? sendmsg_copy_msghdr+0x160/0x160 [ 2866.252613] ? lock_downgrade+0x6d0/0x6d0 [ 2866.253445] ? find_held_lock+0x2c/0x110 [ 2866.254265] ? __fget_files+0x296/0x4c0 [ 2866.255072] ? __fget_light+0xea/0x290 [ 2866.255860] __sys_sendmsg+0xe5/0x1b0 [ 2866.256636] ? __sys_sendmsg_sock+0x40/0x40 [ 2866.257492] ? rcu_read_lock_any_held+0x75/0xa0 [ 2866.258438] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2866.259482] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2866.260518] ? trace_hardirqs_on+0x5b/0x180 [ 2866.261388] do_syscall_64+0x33/0x40 [ 2866.262135] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2866.263155] RIP: 0033:0x7f09254a5b19 [ 2866.263899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2866.267576] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2866.269126] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2866.270546] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2866.271958] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2866.273383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2866.274798] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:07 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x6c000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:07 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc04812ba, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:22 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1275, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x74000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:22 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x22, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:22 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x98860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000000090000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:22 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:22 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 67) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{0x0}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90020000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2881.516579] FAULT_INJECTION: forcing a failure. [ 2881.516579] name failslab, interval 1, probability 0, space 0, times 0 [ 2881.519384] CPU: 0 PID: 15331 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2881.520925] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2881.522626] Call Trace: [ 2881.523204] dump_stack+0x107/0x167 [ 2881.523966] should_fail.cold+0x5/0xa [ 2881.524837] ? create_object.isra.0+0x3a/0xa20 [ 2881.525779] should_failslab+0x5/0x20 [ 2881.526557] kmem_cache_alloc+0x5b/0x310 [ 2881.527411] ? find_held_lock+0x2c/0x110 [ 2881.528271] create_object.isra.0+0x3a/0xa20 [ 2881.529239] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2881.530275] kmem_cache_alloc+0x159/0x310 [ 2881.531119] skb_clone+0x14f/0x3d0 [ 2881.531873] netlink_broadcast_filtered+0xa08/0xdc0 [ 2881.533017] netlink_broadcast+0x35/0x50 [ 2881.533847] kobject_uevent_env+0x93d/0xf90 [ 2881.534732] device_add+0xaaf/0x1bc0 [ 2881.535495] ? devlink_add_symlinks+0x970/0x970 [ 2881.536525] device_create_groups_vargs+0x207/0x280 [ 2881.537585] device_create+0xdc/0x120 [ 2881.538361] ? device_create_groups_vargs+0x280/0x280 [ 2881.539401] ? init_timer_key+0x12a/0x240 [ 2881.540281] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2881.541367] mac80211_hwsim_new_radio+0x352/0x4250 [ 2881.542355] ? ____sys_sendmsg+0x70d/0x870 [ 2881.543204] ? ___sys_sendmsg+0xf3/0x170 [ 2881.544020] ? __sys_sendmsg+0xe5/0x1b0 [ 2881.544915] ? do_syscall_64+0x33/0x40 [ 2881.545730] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2881.546806] ? lock_acquire+0x197/0x470 [ 2881.547631] ? create_object.isra.0+0x3ad/0xa20 [ 2881.548683] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2881.549643] hwsim_new_radio_nl+0x991/0x1080 [ 2881.550545] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2881.551634] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2881.553079] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2881.554410] genl_family_rcv_msg_doit+0x22d/0x330 [ 2881.555393] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2881.556821] ? cap_capable+0x1d6/0x240 [ 2881.557643] ? ns_capable+0xe2/0x110 [ 2881.558377] genl_rcv_msg+0x33c/0x5a0 [ 2881.559169] ? genl_get_cmd+0x480/0x480 [ 2881.559978] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2881.561104] ? lock_release+0x680/0x680 [ 2881.561899] ? netlink_deliver_tap+0xf4/0xcd0 [ 2881.562802] netlink_rcv_skb+0x14b/0x430 [ 2881.563645] ? genl_get_cmd+0x480/0x480 [ 2881.564546] ? netlink_ack+0xab0/0xab0 [ 2881.565336] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2881.566247] ? is_vmalloc_addr+0x7b/0xb0 [ 2881.567073] genl_rcv+0x24/0x40 [ 2881.567763] netlink_unicast+0x549/0x7f0 [ 2881.568686] ? netlink_attachskb+0x870/0x870 [ 2881.569563] ? __virt_addr_valid+0x128/0x350 [ 2881.570452] netlink_sendmsg+0x90f/0xdf0 [ 2881.571272] ? netlink_unicast+0x7f0/0x7f0 [ 2881.572225] ? netlink_unicast+0x7f0/0x7f0 [ 2881.573127] sock_sendmsg+0x154/0x190 [ 2881.573892] ____sys_sendmsg+0x70d/0x870 [ 2881.574709] ? kernel_sendmsg+0x50/0x50 [ 2881.575533] ? do_recvmmsg+0x6d0/0x6d0 [ 2881.576395] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2881.577455] ? lock_downgrade+0x6d0/0x6d0 [ 2881.578293] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2881.579376] ___sys_sendmsg+0xf3/0x170 [ 2881.580246] ? sendmsg_copy_msghdr+0x160/0x160 [ 2881.581200] ? lock_downgrade+0x6d0/0x6d0 [ 2881.582032] ? find_held_lock+0x2c/0x110 [ 2881.582856] ? __fget_files+0x296/0x4c0 [ 2881.583744] ? __fget_light+0xea/0x290 [ 2881.584599] __sys_sendmsg+0xe5/0x1b0 [ 2881.585362] ? __sys_sendmsg_sock+0x40/0x40 [ 2881.586226] ? rcu_read_lock_any_held+0x75/0xa0 [ 2881.587175] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2881.588314] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2881.589382] ? trace_hardirqs_on+0x5b/0x180 [ 2881.590247] do_syscall_64+0x33/0x40 [ 2881.590993] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2881.592034] RIP: 0033:0x7f09254a5b19 [ 2881.592799] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2881.596458] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2881.597988] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2881.599486] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2881.600997] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2881.602426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2881.603939] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:22 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x1276, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x7a000000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:36 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4b47, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:36 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x2, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90030000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:36 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 68) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:36 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:36 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x99860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:36 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x23, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) [ 2895.592937] FAULT_INJECTION: forcing a failure. [ 2895.592937] name failslab, interval 1, probability 0, space 0, times 0 [ 2895.595761] CPU: 1 PID: 15373 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2895.597432] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2895.599127] Call Trace: [ 2895.599769] dump_stack+0x107/0x167 [ 2895.600522] should_fail.cold+0x5/0xa [ 2895.601463] ? __alloc_skb+0x6d/0x5b0 [ 2895.602267] should_failslab+0x5/0x20 [ 2895.603053] kmem_cache_alloc_node+0x55/0x330 [ 2895.603974] __alloc_skb+0x6d/0x5b0 [ 2895.604740] alloc_uevent_skb+0x7b/0x210 [ 2895.605574] kobject_uevent_env+0x99a/0xf90 [ 2895.606472] device_add+0xaaf/0x1bc0 [ 2895.607238] ? devlink_add_symlinks+0x970/0x970 [ 2895.608199] device_create_groups_vargs+0x207/0x280 [ 2895.609226] device_create+0xdc/0x120 [ 2895.610009] ? device_create_groups_vargs+0x280/0x280 [ 2895.611066] ? init_timer_key+0x12a/0x240 [ 2895.611927] ? ieee80211_alloc_hw_nm+0x1e5/0x2320 [ 2895.612934] mac80211_hwsim_new_radio+0x352/0x4250 [ 2895.613928] ? ____sys_sendmsg+0x70d/0x870 [ 2895.614784] ? ___sys_sendmsg+0xf3/0x170 [ 2895.615609] ? __sys_sendmsg+0xe5/0x1b0 [ 2895.616417] ? do_syscall_64+0x33/0x40 [ 2895.617222] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2895.618307] ? lock_acquire+0x197/0x470 [ 2895.619120] ? create_object.isra.0+0x3ad/0xa20 [ 2895.620079] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2895.621059] hwsim_new_radio_nl+0x991/0x1080 [ 2895.621964] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2895.623033] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2895.624371] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2895.625710] genl_family_rcv_msg_doit+0x22d/0x330 [ 2895.626696] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2895.628033] ? cap_capable+0x1d6/0x240 [ 2895.628850] ? ns_capable+0xe2/0x110 [ 2895.629617] genl_rcv_msg+0x33c/0x5a0 [ 2895.630400] ? genl_get_cmd+0x480/0x480 [ 2895.631217] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2895.632272] ? lock_release+0x680/0x680 [ 2895.633101] ? netlink_deliver_tap+0xf4/0xcd0 [ 2895.634033] netlink_rcv_skb+0x14b/0x430 [ 2895.634871] ? genl_get_cmd+0x480/0x480 [ 2895.635690] ? netlink_ack+0xab0/0xab0 [ 2895.636492] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2895.637435] ? is_vmalloc_addr+0x7b/0xb0 [ 2895.638269] genl_rcv+0x24/0x40 [ 2895.638946] netlink_unicast+0x549/0x7f0 [ 2895.639785] ? netlink_attachskb+0x870/0x870 [ 2895.640699] ? __virt_addr_valid+0x128/0x350 [ 2895.641624] netlink_sendmsg+0x90f/0xdf0 [ 2895.642462] ? netlink_unicast+0x7f0/0x7f0 [ 2895.643337] ? netlink_unicast+0x7f0/0x7f0 [ 2895.644200] sock_sendmsg+0x154/0x190 [ 2895.644991] ____sys_sendmsg+0x70d/0x870 [ 2895.645823] ? kernel_sendmsg+0x50/0x50 [ 2895.646633] ? do_recvmmsg+0x6d0/0x6d0 [ 2895.647431] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2895.648494] ? lock_downgrade+0x6d0/0x6d0 [ 2895.649352] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2895.650418] ___sys_sendmsg+0xf3/0x170 [ 2895.651212] ? sendmsg_copy_msghdr+0x160/0x160 [ 2895.652143] ? lock_downgrade+0x6d0/0x6d0 [ 2895.653006] ? find_held_lock+0x2c/0x110 [ 2895.653841] ? __fget_files+0x296/0x4c0 [ 2895.654660] ? __fget_light+0xea/0x290 [ 2895.655459] __sys_sendmsg+0xe5/0x1b0 [ 2895.656234] ? __sys_sendmsg_sock+0x40/0x40 [ 2895.657119] ? rcu_read_lock_any_held+0x75/0xa0 [ 2895.658081] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2895.659147] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2895.660189] ? trace_hardirqs_on+0x5b/0x180 [ 2895.661078] do_syscall_64+0x33/0x40 [ 2895.661840] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2895.662895] RIP: 0033:0x7f09254a5b19 [ 2895.663797] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2895.667518] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2895.669353] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2895.670781] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2895.672229] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2895.673690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2895.675140] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:36 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb3", 0x2}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90040000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:36 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb3", 0x2}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x84400000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:36 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4b49, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:36 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x4, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:36 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x24, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90050000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:50 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb3", 0x2}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:50 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x8, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:57:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90060000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:50 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9a860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:57:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x8ae2ea2a, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:50 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x541b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:50 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x102, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 69) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2910.105777] FAULT_INJECTION: forcing a failure. [ 2910.105777] name failslab, interval 1, probability 0, space 0, times 0 [ 2910.107002] CPU: 0 PID: 15438 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2910.107749] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2910.108651] Call Trace: [ 2910.108948] dump_stack+0x107/0x167 [ 2910.109351] should_fail.cold+0x5/0xa [ 2910.109763] ? __kernfs_new_node+0xd4/0x850 [ 2910.110228] should_failslab+0x5/0x20 [ 2910.110650] kmem_cache_alloc+0x5b/0x310 [ 2910.111093] __kernfs_new_node+0xd4/0x850 [ 2910.111551] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2910.112055] ? device_add+0x464/0x1bc0 [ 2910.112479] ? lock_acquire+0x197/0x470 [ 2910.112918] ? find_held_lock+0x2c/0x110 [ 2910.113362] ? sysfs_do_create_link_sd+0x82/0x140 [ 2910.113878] kernfs_new_node+0x93/0x120 [ 2910.114311] kernfs_create_link+0xcb/0x230 [ 2910.114766] sysfs_do_create_link_sd+0x90/0x140 [ 2910.115268] sysfs_create_link+0x5f/0xc0 [ 2910.115702] driver_sysfs_add+0xf5/0x290 [ 2910.116135] device_bind_driver+0x15/0xd0 [ 2910.116586] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2910.117124] ? ____sys_sendmsg+0x70d/0x870 [ 2910.117595] ? ___sys_sendmsg+0xf3/0x170 [ 2910.118034] ? __sys_sendmsg+0xe5/0x1b0 [ 2910.118461] ? do_syscall_64+0x33/0x40 [ 2910.118894] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2910.119497] ? lock_acquire+0x197/0x470 [ 2910.119941] ? create_object.isra.0+0x3ad/0xa20 [ 2910.120447] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2910.120980] hwsim_new_radio_nl+0x991/0x1080 [ 2910.121477] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2910.122067] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2910.122818] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2910.123520] genl_family_rcv_msg_doit+0x22d/0x330 [ 2910.124068] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2910.124800] ? cap_capable+0x1d6/0x240 [ 2910.125265] ? ns_capable+0xe2/0x110 [ 2910.125684] genl_rcv_msg+0x33c/0x5a0 [ 2910.126114] ? genl_get_cmd+0x480/0x480 [ 2910.126575] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2910.127182] ? lock_release+0x680/0x680 [ 2910.127638] ? netlink_deliver_tap+0xf4/0xcd0 [ 2910.128144] netlink_rcv_skb+0x14b/0x430 [ 2910.128607] ? genl_get_cmd+0x480/0x480 [ 2910.129068] ? netlink_ack+0xab0/0xab0 [ 2910.129513] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2910.130042] ? is_vmalloc_addr+0x7b/0xb0 [ 2910.130497] genl_rcv+0x24/0x40 [ 2910.130868] netlink_unicast+0x549/0x7f0 [ 2910.131331] ? netlink_attachskb+0x870/0x870 [ 2910.131829] ? __virt_addr_valid+0x128/0x350 [ 2910.132337] netlink_sendmsg+0x90f/0xdf0 [ 2910.132797] ? netlink_unicast+0x7f0/0x7f0 [ 2910.133311] ? netlink_unicast+0x7f0/0x7f0 [ 2910.133774] sock_sendmsg+0x154/0x190 [ 2910.134210] ____sys_sendmsg+0x70d/0x870 [ 2910.134675] ? kernel_sendmsg+0x50/0x50 [ 2910.135122] ? do_recvmmsg+0x6d0/0x6d0 [ 2910.135566] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2910.136159] ? lock_downgrade+0x6d0/0x6d0 [ 2910.136631] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2910.137246] ___sys_sendmsg+0xf3/0x170 [ 2910.137690] ? sendmsg_copy_msghdr+0x160/0x160 [ 2910.138208] ? lock_downgrade+0x6d0/0x6d0 [ 2910.138683] ? find_held_lock+0x2c/0x110 [ 2910.139144] ? __fget_files+0x296/0x4c0 [ 2910.139594] ? __fget_light+0xea/0x290 [ 2910.140040] __sys_sendmsg+0xe5/0x1b0 [ 2910.140475] ? __sys_sendmsg_sock+0x40/0x40 [ 2910.140945] ? rcu_read_lock_any_held+0x75/0xa0 [ 2910.141482] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2910.142088] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2910.142676] ? trace_hardirqs_on+0x5b/0x180 [ 2910.143168] do_syscall_64+0x33/0x40 [ 2910.143592] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2910.144148] RIP: 0033:0x7f09254a5b19 [ 2910.144567] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2910.146561] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2910.147400] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2910.148156] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2910.148981] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2910.149741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2910.150546] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:57:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90070000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:51 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d", 0x3}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:51 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5421, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:57:51 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d", 0x3}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:57:51 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x97ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:57:51 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90080000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:57:51 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x10a, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:57:51 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d", 0x3}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:04 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x148, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:58:04 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9b860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90090000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:04 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 70) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9effffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:04 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xa, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:04 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5450, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2923.993109] FAULT_INJECTION: forcing a failure. [ 2923.993109] name failslab, interval 1, probability 0, space 0, times 0 [ 2923.994599] CPU: 0 PID: 15495 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2923.995292] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2923.996115] Call Trace: [ 2923.996386] dump_stack+0x107/0x167 [ 2923.996754] should_fail.cold+0x5/0xa [ 2923.997166] ? __kernfs_new_node+0xd4/0x850 [ 2923.997606] should_failslab+0x5/0x20 [ 2923.997986] kmem_cache_alloc+0x5b/0x310 [ 2923.998400] __kernfs_new_node+0xd4/0x850 [ 2923.998857] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2923.999363] ? device_add+0x464/0x1bc0 [ 2923.999788] ? lock_acquire+0x197/0x470 [ 2924.000211] ? find_held_lock+0x2c/0x110 [ 2924.000648] ? sysfs_do_create_link_sd+0x82/0x140 [ 2924.001175] kernfs_new_node+0x93/0x120 [ 2924.001604] kernfs_create_link+0xcb/0x230 [ 2924.002058] sysfs_do_create_link_sd+0x90/0x140 [ 2924.002525] sysfs_create_link+0x5f/0xc0 [ 2924.002964] driver_sysfs_add+0xf5/0x290 [ 2924.003397] device_bind_driver+0x15/0xd0 [ 2924.003849] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2924.004384] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2924.004891] hwsim_new_radio_nl+0x991/0x1080 [ 2924.005398] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2924.005959] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2924.006660] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2924.007351] genl_family_rcv_msg_doit+0x22d/0x330 [ 2924.007869] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2924.008570] ? cap_capable+0x1d6/0x240 [ 2924.008990] ? ns_capable+0xe2/0x110 [ 2924.009397] genl_rcv_msg+0x33c/0x5a0 [ 2924.009807] ? genl_get_cmd+0x480/0x480 [ 2924.010234] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2924.010782] ? lock_release+0x680/0x680 [ 2924.011206] ? netlink_deliver_tap+0xf4/0xcd0 [ 2924.011686] netlink_rcv_skb+0x14b/0x430 [ 2924.012120] ? genl_get_cmd+0x480/0x480 [ 2924.012542] ? netlink_ack+0xab0/0xab0 [ 2924.012961] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2924.013467] ? is_vmalloc_addr+0x7b/0xb0 [ 2924.013904] genl_rcv+0x24/0x40 [ 2924.014255] netlink_unicast+0x549/0x7f0 [ 2924.014690] ? netlink_attachskb+0x870/0x870 [ 2924.015158] ? __virt_addr_valid+0x128/0x350 [ 2924.015632] netlink_sendmsg+0x90f/0xdf0 [ 2924.016038] ? netlink_unicast+0x7f0/0x7f0 [ 2924.016495] ? netlink_unicast+0x7f0/0x7f0 [ 2924.016946] sock_sendmsg+0x154/0x190 [ 2924.017369] ____sys_sendmsg+0x70d/0x870 [ 2924.017803] ? kernel_sendmsg+0x50/0x50 [ 2924.018223] ? do_recvmmsg+0x6d0/0x6d0 [ 2924.018639] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2924.019194] ? lock_downgrade+0x6d0/0x6d0 [ 2924.019634] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2924.020192] ___sys_sendmsg+0xf3/0x170 [ 2924.020609] ? sendmsg_copy_msghdr+0x160/0x160 [ 2924.021099] ? lock_downgrade+0x6d0/0x6d0 [ 2924.021542] ? find_held_lock+0x2c/0x110 [ 2924.021981] ? __fget_files+0x296/0x4c0 [ 2924.022407] ? __fget_light+0xea/0x290 [ 2924.022823] __sys_sendmsg+0xe5/0x1b0 [ 2924.023230] ? __sys_sendmsg_sock+0x40/0x40 [ 2924.023695] ? rcu_read_lock_any_held+0x75/0xa0 [ 2924.024200] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2924.024769] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2924.025336] ? trace_hardirqs_on+0x5b/0x180 [ 2924.025796] do_syscall_64+0x33/0x40 [ 2924.026191] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2924.026735] RIP: 0033:0x7f09254a5b19 [ 2924.027132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2924.029097] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2924.029902] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2924.030660] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2924.031417] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2924.032174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2924.032929] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:58:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900a0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:04 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5451, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:05 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xe4ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:05 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:05 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xc, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:20 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 71) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:20 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x1a, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:20 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5452, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:20 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xe7f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:20 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900b0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:20 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x14c, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:58:20 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:20 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9c860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2940.027952] FAULT_INJECTION: forcing a failure. [ 2940.027952] name failslab, interval 1, probability 0, space 0, times 0 [ 2940.030564] CPU: 0 PID: 15539 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2940.032005] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2940.033690] Call Trace: [ 2940.034225] dump_stack+0x107/0x167 [ 2940.034963] should_fail.cold+0x5/0xa [ 2940.035728] ? create_object.isra.0+0x3a/0xa20 [ 2940.036642] should_failslab+0x5/0x20 [ 2940.037431] kmem_cache_alloc+0x5b/0x310 [ 2940.038249] create_object.isra.0+0x3a/0xa20 [ 2940.039124] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2940.040139] __kmalloc_track_caller+0x177/0x370 [ 2940.041063] ? kstrdup_const+0x53/0x80 [ 2940.041850] kstrdup+0x36/0x70 [ 2940.042485] kstrdup_const+0x53/0x80 [ 2940.043232] __kernfs_new_node+0x9d/0x850 [ 2940.044063] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 2940.045040] ? device_add+0x464/0x1bc0 [ 2940.045845] ? lock_acquire+0x197/0x470 [ 2940.046685] ? find_held_lock+0x2c/0x110 [ 2940.047501] ? sysfs_do_create_link_sd+0x82/0x140 [ 2940.048462] kernfs_new_node+0x93/0x120 [ 2940.049304] kernfs_create_link+0xcb/0x230 [ 2940.050150] sysfs_do_create_link_sd+0x90/0x140 [ 2940.051076] sysfs_create_link+0x5f/0xc0 [ 2940.051887] driver_sysfs_add+0xf5/0x290 [ 2940.052697] device_bind_driver+0x15/0xd0 [ 2940.053539] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2940.054520] ? ____sys_sendmsg+0x70d/0x870 [ 2940.055386] ? ___sys_sendmsg+0xf3/0x170 [ 2940.056228] ? __sys_sendmsg+0xe5/0x1b0 [ 2940.057055] ? do_syscall_64+0x33/0x40 [ 2940.057887] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2940.058977] ? lock_acquire+0x197/0x470 [ 2940.059785] ? create_object.isra.0+0x3ad/0xa20 [ 2940.060749] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2940.061721] hwsim_new_radio_nl+0x991/0x1080 [ 2940.062626] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2940.063697] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2940.065038] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2940.066357] genl_family_rcv_msg_doit+0x22d/0x330 [ 2940.067343] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2940.068680] ? cap_capable+0x1d6/0x240 [ 2940.069493] ? ns_capable+0xe2/0x110 [ 2940.070255] genl_rcv_msg+0x33c/0x5a0 [ 2940.071033] ? genl_get_cmd+0x480/0x480 [ 2940.071848] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2940.072908] ? lock_release+0x680/0x680 [ 2940.073729] ? netlink_deliver_tap+0xf4/0xcd0 [ 2940.074648] netlink_rcv_skb+0x14b/0x430 [ 2940.075481] ? genl_get_cmd+0x480/0x480 [ 2940.076295] ? netlink_ack+0xab0/0xab0 [ 2940.077100] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2940.078043] ? is_vmalloc_addr+0x7b/0xb0 [ 2940.078881] genl_rcv+0x24/0x40 [ 2940.079555] netlink_unicast+0x549/0x7f0 [ 2940.080382] ? netlink_attachskb+0x870/0x870 [ 2940.081249] ? __virt_addr_valid+0x128/0x350 [ 2940.082128] netlink_sendmsg+0x90f/0xdf0 [ 2940.082934] ? netlink_unicast+0x7f0/0x7f0 [ 2940.083783] ? netlink_unicast+0x7f0/0x7f0 [ 2940.084607] sock_sendmsg+0x154/0x190 [ 2940.085376] ____sys_sendmsg+0x70d/0x870 [ 2940.086166] ? kernel_sendmsg+0x50/0x50 [ 2940.086935] ? do_recvmmsg+0x6d0/0x6d0 [ 2940.087699] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2940.088718] ? lock_downgrade+0x6d0/0x6d0 [ 2940.089541] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2940.090571] ___sys_sendmsg+0xf3/0x170 [ 2940.091334] ? sendmsg_copy_msghdr+0x160/0x160 [ 2940.092227] ? lock_downgrade+0x6d0/0x6d0 [ 2940.093040] ? find_held_lock+0x2c/0x110 [ 2940.093858] ? __fget_files+0x296/0x4c0 [ 2940.094650] ? __fget_light+0xea/0x290 [ 2940.095424] __sys_sendmsg+0xe5/0x1b0 [ 2940.096170] ? __sys_sendmsg_sock+0x40/0x40 [ 2940.097016] ? rcu_read_lock_any_held+0x75/0xa0 [ 2940.097966] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2940.098993] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2940.100008] ? trace_hardirqs_on+0x5b/0x180 [ 2940.100877] do_syscall_64+0x33/0x40 [ 2940.101627] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2940.102625] RIP: 0033:0x7f09254a5b19 [ 2940.103364] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2940.106932] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2940.108419] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2940.109815] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2940.111213] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2940.112616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2940.114018] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:58:21 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900d0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:21 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:21 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x5460, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:21 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xe8f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:21 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x168, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:58:21 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:21 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900e0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:21 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9d860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:21 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 72) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:21 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x48, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:21 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:21 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xe9f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:21 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40049409, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 2940.619371] FAULT_INJECTION: forcing a failure. [ 2940.619371] name failslab, interval 1, probability 0, space 0, times 0 [ 2940.622003] CPU: 1 PID: 15591 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2940.623421] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2940.625126] Call Trace: [ 2940.625694] dump_stack+0x107/0x167 [ 2940.626449] should_fail.cold+0x5/0xa [ 2940.627239] ? kobject_uevent_env+0x22b/0xf90 [ 2940.628162] ? kobject_uevent_env+0x22b/0xf90 [ 2940.629075] ? dev_uevent_filter+0xd0/0xd0 [ 2940.629936] should_failslab+0x5/0x20 [ 2940.630711] kmem_cache_alloc_trace+0x55/0x320 [ 2940.631641] ? dev_uevent_filter+0xd0/0xd0 [ 2940.632498] kobject_uevent_env+0x22b/0xf90 [ 2940.633383] driver_bound+0x19d/0x1f0 [ 2940.634153] device_bind_driver+0xae/0xd0 [ 2940.634986] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2940.635974] ? ____sys_sendmsg+0x70d/0x870 [ 2940.636818] ? ___sys_sendmsg+0xf3/0x170 [ 2940.637653] ? __sys_sendmsg+0xe5/0x1b0 [ 2940.638460] ? do_syscall_64+0x33/0x40 [ 2940.639254] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2940.640336] ? lock_acquire+0x197/0x470 [ 2940.641137] ? create_object.isra.0+0x3ad/0xa20 [ 2940.642094] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2940.643047] hwsim_new_radio_nl+0x991/0x1080 [ 2940.643943] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2940.645006] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2940.646356] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2940.647687] genl_family_rcv_msg_doit+0x22d/0x330 [ 2940.648669] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2940.650006] ? cap_capable+0x1d6/0x240 [ 2940.650810] ? ns_capable+0xe2/0x110 [ 2940.651573] genl_rcv_msg+0x33c/0x5a0 [ 2940.652352] ? genl_get_cmd+0x480/0x480 [ 2940.653163] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2940.654226] ? lock_release+0x680/0x680 [ 2940.655028] ? netlink_deliver_tap+0xf4/0xcd0 [ 2940.655941] netlink_rcv_skb+0x14b/0x430 [ 2940.656767] ? genl_get_cmd+0x480/0x480 [ 2940.657587] ? netlink_ack+0xab0/0xab0 [ 2940.658385] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2940.659308] ? is_vmalloc_addr+0x7b/0xb0 [ 2940.660140] genl_rcv+0x24/0x40 [ 2940.660814] netlink_unicast+0x549/0x7f0 [ 2940.661654] ? netlink_attachskb+0x870/0x870 [ 2940.662549] ? __virt_addr_valid+0x128/0x350 [ 2940.663450] netlink_sendmsg+0x90f/0xdf0 [ 2940.664280] ? netlink_unicast+0x7f0/0x7f0 [ 2940.665155] ? netlink_unicast+0x7f0/0x7f0 [ 2940.666020] sock_sendmsg+0x154/0x190 [ 2940.666791] ____sys_sendmsg+0x70d/0x870 [ 2940.667614] ? kernel_sendmsg+0x50/0x50 [ 2940.668417] ? do_recvmmsg+0x6d0/0x6d0 [ 2940.669204] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2940.670284] ___sys_sendmsg+0xf3/0x170 [ 2940.671069] ? sendmsg_copy_msghdr+0x160/0x160 [ 2940.671996] ? lock_downgrade+0x6d0/0x6d0 [ 2940.672833] ? find_held_lock+0x2c/0x110 [ 2940.673686] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2940.674745] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2940.675838] ? trace_hardirqs_on+0x5b/0x180 [ 2940.676714] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 2940.677827] ? sockfd_lookup_light+0x73/0x180 [ 2940.678735] ? sockfd_lookup_light+0x9c/0x180 [ 2940.679658] __sys_sendmsg+0xe5/0x1b0 [ 2940.680442] ? __sys_sendmsg_sock+0x40/0x40 [ 2940.681351] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2940.682436] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2940.683493] ? trace_hardirqs_on+0x5b/0x180 [ 2940.684385] do_syscall_64+0x33/0x40 [ 2940.685154] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2940.686199] RIP: 0033:0x7f09254a5b19 [ 2940.686963] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2940.690634] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2940.692175] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2940.693634] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2940.695106] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2940.696600] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2940.698086] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:58:21 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900f0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:36 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9e860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:36 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x16c, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:58:36 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x4c, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90110000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2955.944312] FAULT_INJECTION: forcing a failure. [ 2955.944312] name failslab, interval 1, probability 0, space 0, times 0 [ 2955.946777] CPU: 1 PID: 15630 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2955.948186] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2955.949907] Call Trace: 07:58:36 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:36 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40081271, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:36 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xeaf20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:36 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 73) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2955.950606] dump_stack+0x107/0x167 [ 2955.951512] should_fail.cold+0x5/0xa [ 2955.952426] ? kobject_uevent_env+0x22b/0xf90 [ 2955.953349] ? kobject_uevent_env+0x22b/0xf90 [ 2955.954298] ? dev_uevent_filter+0xd0/0xd0 [ 2955.955165] should_failslab+0x5/0x20 [ 2955.955949] kmem_cache_alloc_trace+0x55/0x320 [ 2955.956891] ? dev_uevent_filter+0xd0/0xd0 [ 2955.957787] kobject_uevent_env+0x22b/0xf90 [ 2955.958678] driver_bound+0x19d/0x1f0 [ 2955.959489] device_bind_driver+0xae/0xd0 [ 2955.960348] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2955.961357] ? ____sys_sendmsg+0x70d/0x870 [ 2955.962243] ? ___sys_sendmsg+0xf3/0x170 [ 2955.963095] ? __sys_sendmsg+0xe5/0x1b0 [ 2955.963918] ? do_syscall_64+0x33/0x40 [ 2955.964725] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2955.965833] ? lock_acquire+0x197/0x470 [ 2955.966654] ? create_object.isra.0+0x3ad/0xa20 [ 2955.967636] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2955.968617] hwsim_new_radio_nl+0x991/0x1080 [ 2955.969550] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2955.970634] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2955.972002] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2955.973370] genl_family_rcv_msg_doit+0x22d/0x330 [ 2955.974382] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2955.975767] ? cap_capable+0x1d6/0x240 [ 2955.976577] ? ns_capable+0xe2/0x110 [ 2955.977364] genl_rcv_msg+0x33c/0x5a0 [ 2955.978168] ? genl_get_cmd+0x480/0x480 [ 2955.978998] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2955.980082] ? lock_release+0x680/0x680 [ 2955.980910] ? netlink_deliver_tap+0xf4/0xcd0 [ 2955.981976] netlink_rcv_skb+0x14b/0x430 [ 2955.983034] ? genl_get_cmd+0x480/0x480 [ 2955.983998] ? netlink_ack+0xab0/0xab0 [ 2955.984822] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2955.985792] ? is_vmalloc_addr+0x7b/0xb0 [ 2955.986629] genl_rcv+0x24/0x40 [ 2955.987312] netlink_unicast+0x549/0x7f0 [ 2955.988167] ? netlink_attachskb+0x870/0x870 [ 2955.989092] ? __virt_addr_valid+0x128/0x350 [ 2955.990006] netlink_sendmsg+0x90f/0xdf0 [ 2955.990875] ? netlink_unicast+0x7f0/0x7f0 [ 2955.991775] ? netlink_unicast+0x7f0/0x7f0 [ 2955.992629] sock_sendmsg+0x154/0x190 [ 2955.993411] ____sys_sendmsg+0x70d/0x870 [ 2955.994265] ? kernel_sendmsg+0x50/0x50 [ 2955.995071] ? do_recvmmsg+0x6d0/0x6d0 [ 2955.995901] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2955.996979] ? lock_downgrade+0x6d0/0x6d0 [ 2955.997839] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2955.998921] ___sys_sendmsg+0xf3/0x170 [ 2955.999722] ? sendmsg_copy_msghdr+0x160/0x160 [ 2956.000674] ? lock_downgrade+0x6d0/0x6d0 [ 2956.001548] ? find_held_lock+0x2c/0x110 [ 2956.002402] ? __fget_files+0x296/0x4c0 [ 2956.003235] ? __fget_light+0xea/0x290 [ 2956.004049] __sys_sendmsg+0xe5/0x1b0 [ 2956.004849] ? __sys_sendmsg_sock+0x40/0x40 [ 2956.005768] ? rcu_read_lock_any_held+0x75/0xa0 [ 2956.006743] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2956.007828] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2956.008898] ? trace_hardirqs_on+0x5b/0x180 [ 2956.009819] do_syscall_64+0x33/0x40 [ 2956.010581] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2956.011638] RIP: 0033:0x7f09254a5b19 [ 2956.012415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2956.016298] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2956.017898] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2956.019360] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2956.020832] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2956.022308] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2956.023779] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:58:37 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:37 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90160000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:37 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40086602, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xebf20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:50 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9effffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:50 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x68, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90180000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 74) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:50 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x174, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:58:50 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x0, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:50 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x40087602, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:50 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x0, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) [ 2969.339203] FAULT_INJECTION: forcing a failure. [ 2969.339203] name failslab, interval 1, probability 0, space 0, times 0 [ 2969.341848] CPU: 1 PID: 15679 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2969.343271] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2969.344941] Call Trace: [ 2969.345484] dump_stack+0x107/0x167 [ 2969.346234] should_fail.cold+0x5/0xa [ 2969.346999] ? kobject_uevent_env+0x22b/0xf90 [ 2969.347919] ? kobject_uevent_env+0x22b/0xf90 [ 2969.348821] ? dev_uevent_filter+0xd0/0xd0 [ 2969.349707] should_failslab+0x5/0x20 [ 2969.350472] kmem_cache_alloc_trace+0x55/0x320 [ 2969.351412] ? dev_uevent_filter+0xd0/0xd0 [ 2969.352264] kobject_uevent_env+0x22b/0xf90 [ 2969.353166] driver_bound+0x19d/0x1f0 [ 2969.353954] device_bind_driver+0xae/0xd0 [ 2969.354812] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2969.355798] ? ____sys_sendmsg+0x70d/0x870 [ 2969.356668] ? ___sys_sendmsg+0xf3/0x170 [ 2969.357484] ? __sys_sendmsg+0xe5/0x1b0 [ 2969.358302] ? do_syscall_64+0x33/0x40 [ 2969.359110] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2969.360205] ? lock_acquire+0x197/0x470 [ 2969.361016] ? create_object.isra.0+0x3ad/0xa20 [ 2969.361987] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2969.362948] hwsim_new_radio_nl+0x991/0x1080 [ 2969.363848] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2969.364918] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2969.366261] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2969.367587] genl_family_rcv_msg_doit+0x22d/0x330 [ 2969.368558] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2969.369898] ? cap_capable+0x1d6/0x240 [ 2969.370694] ? ns_capable+0xe2/0x110 [ 2969.371458] genl_rcv_msg+0x33c/0x5a0 [ 2969.372225] ? genl_get_cmd+0x480/0x480 [ 2969.373036] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2969.374082] ? lock_release+0x680/0x680 [ 2969.374887] ? netlink_deliver_tap+0xf4/0xcd0 [ 2969.375801] netlink_rcv_skb+0x14b/0x430 [ 2969.376614] ? genl_get_cmd+0x480/0x480 [ 2969.377419] ? netlink_ack+0xab0/0xab0 [ 2969.378240] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2969.379162] ? is_vmalloc_addr+0x7b/0xb0 [ 2969.379980] genl_rcv+0x24/0x40 [ 2969.380648] netlink_unicast+0x549/0x7f0 [ 2969.381475] ? netlink_attachskb+0x870/0x870 [ 2969.382361] ? __virt_addr_valid+0x128/0x350 [ 2969.383261] netlink_sendmsg+0x90f/0xdf0 [ 2969.384087] ? netlink_unicast+0x7f0/0x7f0 [ 2969.384953] ? netlink_unicast+0x7f0/0x7f0 [ 2969.385812] sock_sendmsg+0x154/0x190 [ 2969.386586] ____sys_sendmsg+0x70d/0x870 [ 2969.387406] ? kernel_sendmsg+0x50/0x50 [ 2969.388208] ? do_recvmmsg+0x6d0/0x6d0 [ 2969.388994] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2969.390060] ? lock_downgrade+0x6d0/0x6d0 [ 2969.390900] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2969.391980] ___sys_sendmsg+0xf3/0x170 [ 2969.392768] ? sendmsg_copy_msghdr+0x160/0x160 [ 2969.393708] ? lock_downgrade+0x6d0/0x6d0 [ 2969.394550] ? find_held_lock+0x2c/0x110 [ 2969.395383] ? __fget_files+0x296/0x4c0 [ 2969.396194] ? __fget_light+0xea/0x290 [ 2969.396992] __sys_sendmsg+0xe5/0x1b0 [ 2969.397778] ? __sys_sendmsg_sock+0x40/0x40 [ 2969.398650] ? rcu_read_lock_any_held+0x75/0xa0 [ 2969.399605] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2969.400662] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.401706] ? trace_hardirqs_on+0x5b/0x180 [ 2969.402583] do_syscall_64+0x33/0x40 [ 2969.403337] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2969.404372] RIP: 0033:0x7f09254a5b19 [ 2969.405124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2969.408844] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2969.410387] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2969.411821] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2969.413258] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2969.414699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2969.416133] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:58:50 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x4020940d, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90230000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:58:50 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x0, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:58:50 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xecf20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:58:50 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 75) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:58:50 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80081270, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:58:50 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x6c, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:58:50 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c902e0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2969.833540] FAULT_INJECTION: forcing a failure. [ 2969.833540] name failslab, interval 1, probability 0, space 0, times 0 [ 2969.836206] CPU: 0 PID: 15713 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2969.837634] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2969.839330] Call Trace: [ 2969.839871] dump_stack+0x107/0x167 [ 2969.840611] should_fail.cold+0x5/0xa [ 2969.841386] ? kobject_uevent_env+0x22b/0xf90 [ 2969.842301] ? kobject_uevent_env+0x22b/0xf90 [ 2969.843210] ? dev_uevent_filter+0xd0/0xd0 [ 2969.844060] should_failslab+0x5/0x20 [ 2969.844826] kmem_cache_alloc_trace+0x55/0x320 [ 2969.845767] ? dev_uevent_filter+0xd0/0xd0 [ 2969.846612] kobject_uevent_env+0x22b/0xf90 [ 2969.847492] driver_bound+0x19d/0x1f0 [ 2969.848254] device_bind_driver+0xae/0xd0 [ 2969.849092] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2969.850080] ? ____sys_sendmsg+0x70d/0x870 [ 2969.850928] ? ___sys_sendmsg+0xf3/0x170 [ 2969.851740] ? __sys_sendmsg+0xe5/0x1b0 [ 2969.852536] ? do_syscall_64+0x33/0x40 [ 2969.853305] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2969.854388] ? lock_acquire+0x197/0x470 [ 2969.855173] ? create_object.isra.0+0x3ad/0xa20 [ 2969.856114] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2969.857033] hwsim_new_radio_nl+0x991/0x1080 [ 2969.857927] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2969.858980] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2969.860270] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2969.861579] genl_family_rcv_msg_doit+0x22d/0x330 [ 2969.862536] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2969.863855] ? cap_capable+0x1d6/0x240 [ 2969.864649] ? ns_capable+0xe2/0x110 [ 2969.865403] genl_rcv_msg+0x33c/0x5a0 [ 2969.866194] ? genl_get_cmd+0x480/0x480 [ 2969.866991] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2969.868028] ? lock_release+0x680/0x680 [ 2969.868825] ? netlink_deliver_tap+0xf4/0xcd0 [ 2969.869734] netlink_rcv_skb+0x14b/0x430 [ 2969.870551] ? genl_get_cmd+0x480/0x480 [ 2969.871336] ? netlink_ack+0xab0/0xab0 [ 2969.872128] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2969.873042] ? is_vmalloc_addr+0x7b/0xb0 [ 2969.873867] genl_rcv+0x24/0x40 [ 2969.874529] netlink_unicast+0x549/0x7f0 [ 2969.875372] ? netlink_attachskb+0x870/0x870 [ 2969.876239] ? __virt_addr_valid+0x128/0x350 [ 2969.877127] netlink_sendmsg+0x90f/0xdf0 [ 2969.877956] ? netlink_unicast+0x7f0/0x7f0 [ 2969.878827] ? netlink_unicast+0x7f0/0x7f0 [ 2969.879654] sock_sendmsg+0x154/0x190 [ 2969.880413] ____sys_sendmsg+0x70d/0x870 [ 2969.881210] ? kernel_sendmsg+0x50/0x50 [ 2969.882019] ? do_recvmmsg+0x6d0/0x6d0 [ 2969.882783] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2969.883832] ? lock_downgrade+0x6d0/0x6d0 [ 2969.884648] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2969.885705] ___sys_sendmsg+0xf3/0x170 [ 2969.886484] ? sendmsg_copy_msghdr+0x160/0x160 [ 2969.887406] ? lock_downgrade+0x6d0/0x6d0 [ 2969.888236] ? find_held_lock+0x2c/0x110 [ 2969.889056] ? __fget_files+0x296/0x4c0 [ 2969.889876] ? __fget_light+0xea/0x290 [ 2969.890661] __sys_sendmsg+0xe5/0x1b0 [ 2969.891422] ? __sys_sendmsg_sock+0x40/0x40 [ 2969.892283] ? rcu_read_lock_any_held+0x75/0xa0 [ 2969.893231] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2969.894287] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2969.895317] ? trace_hardirqs_on+0x5b/0x180 [ 2969.896183] do_syscall_64+0x33/0x40 [ 2969.896928] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2969.897965] RIP: 0033:0x7f09254a5b19 [ 2969.898711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2969.902379] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2969.903899] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2969.905318] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2969.906751] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2969.908172] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2969.909593] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:59:04 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 76) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:59:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c902f0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:04 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x74, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:04 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x17a, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:04 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xedf20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:04 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80081272, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:04 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x9f860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2983.654860] FAULT_INJECTION: forcing a failure. [ 2983.654860] name failslab, interval 1, probability 0, space 0, times 0 [ 2983.656160] CPU: 1 PID: 15735 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2983.656919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2983.657816] Call Trace: [ 2983.658119] dump_stack+0x107/0x167 [ 2983.658516] should_fail.cold+0x5/0xa [ 2983.658922] ? __alloc_skb+0x6d/0x5b0 [ 2983.659330] should_failslab+0x5/0x20 [ 2983.659740] kmem_cache_alloc_node+0x55/0x330 [ 2983.660228] __alloc_skb+0x6d/0x5b0 [ 2983.660628] alloc_uevent_skb+0x7b/0x210 [ 2983.661071] kobject_uevent_env+0x99a/0xf90 [ 2983.661555] driver_bound+0x19d/0x1f0 [ 2983.661976] device_bind_driver+0xae/0xd0 [ 2983.662427] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2983.662963] ? ____sys_sendmsg+0x70d/0x870 [ 2983.663410] ? ___sys_sendmsg+0xf3/0x170 [ 2983.663849] ? __sys_sendmsg+0xe5/0x1b0 [ 2983.664284] ? do_syscall_64+0x33/0x40 [ 2983.664699] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2983.665266] ? lock_acquire+0x197/0x470 [ 2983.665686] ? create_object.isra.0+0x3ad/0xa20 [ 2983.666196] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2983.666693] hwsim_new_radio_nl+0x991/0x1080 [ 2983.667167] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2983.667725] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2983.668421] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2983.669115] genl_family_rcv_msg_doit+0x22d/0x330 [ 2983.669625] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2983.670318] ? cap_capable+0x1d6/0x240 [ 2983.670763] ? ns_capable+0xe2/0x110 [ 2983.671155] genl_rcv_msg+0x33c/0x5a0 [ 2983.671559] ? genl_get_cmd+0x480/0x480 [ 2983.671977] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2983.672521] ? lock_release+0x680/0x680 [ 2983.672941] ? netlink_deliver_tap+0xf4/0xcd0 [ 2983.673418] netlink_rcv_skb+0x14b/0x430 [ 2983.673865] ? genl_get_cmd+0x480/0x480 [ 2983.674298] ? netlink_ack+0xab0/0xab0 [ 2983.674719] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2983.675201] ? is_vmalloc_addr+0x7b/0xb0 [ 2983.675637] genl_rcv+0x24/0x40 [ 2983.676005] netlink_unicast+0x549/0x7f0 07:59:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90480000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) [ 2983.676439] ? netlink_attachskb+0x870/0x870 [ 2983.677062] ? __virt_addr_valid+0x128/0x350 [ 2983.677530] netlink_sendmsg+0x90f/0xdf0 [ 2983.677974] ? netlink_unicast+0x7f0/0x7f0 [ 2983.678429] ? netlink_unicast+0x7f0/0x7f0 [ 2983.678875] sock_sendmsg+0x154/0x190 [ 2983.679287] ____sys_sendmsg+0x70d/0x870 [ 2983.679715] ? kernel_sendmsg+0x50/0x50 [ 2983.680129] ? do_recvmmsg+0x6d0/0x6d0 [ 2983.680533] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2983.681081] ? lock_downgrade+0x6d0/0x6d0 [ 2983.681549] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2983.682159] ___sys_sendmsg+0xf3/0x170 [ 2983.682570] ? sendmsg_copy_msghdr+0x160/0x160 [ 2983.683093] ? lock_downgrade+0x6d0/0x6d0 [ 2983.683522] ? find_held_lock+0x2c/0x110 [ 2983.683983] ? __fget_files+0x296/0x4c0 [ 2983.684409] ? __fget_light+0xea/0x290 [ 2983.684826] __sys_sendmsg+0xe5/0x1b0 [ 2983.685228] ? __sys_sendmsg_sock+0x40/0x40 [ 2983.685683] ? rcu_read_lock_any_held+0x75/0xa0 [ 2983.686207] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2983.686771] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2983.687321] ? trace_hardirqs_on+0x5b/0x180 [ 2983.687812] do_syscall_64+0x33/0x40 [ 2983.688201] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2983.688773] RIP: 0033:0x7f09254a5b19 [ 2983.689166] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2983.691252] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2983.692106] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2983.692916] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2983.693715] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2983.694512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2983.695313] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:59:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:59:04 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80086601, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r1}) 07:59:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:59:04 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c904c0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:04 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x300, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:04 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:59:19 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xeef20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:19 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0x80087601, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:19 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x7a, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:19 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x500, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:19 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20}) 07:59:19 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 77) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:19 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90680000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:19 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xa0860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 2999.045834] FAULT_INJECTION: forcing a failure. [ 2999.045834] name failslab, interval 1, probability 0, space 0, times 0 [ 2999.048742] CPU: 1 PID: 15791 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 2999.050321] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 2999.052173] Call Trace: [ 2999.052775] dump_stack+0x107/0x167 [ 2999.053595] should_fail.cold+0x5/0xa [ 2999.054460] ? create_object.isra.0+0x3a/0xa20 [ 2999.055488] should_failslab+0x5/0x20 [ 2999.056343] kmem_cache_alloc+0x5b/0x310 [ 2999.057255] create_object.isra.0+0x3a/0xa20 [ 2999.058244] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 2999.059381] kmem_cache_alloc_node+0x169/0x330 [ 2999.060405] __alloc_skb+0x6d/0x5b0 [ 2999.061224] alloc_uevent_skb+0x7b/0x210 [ 2999.062156] kobject_uevent_env+0x99a/0xf90 [ 2999.063137] driver_bound+0x19d/0x1f0 [ 2999.063989] device_bind_driver+0xae/0xd0 [ 2999.064919] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 2999.066006] ? ____sys_sendmsg+0x70d/0x870 [ 2999.066951] ? ___sys_sendmsg+0xf3/0x170 [ 2999.067851] ? __sys_sendmsg+0xe5/0x1b0 [ 2999.068735] ? do_syscall_64+0x33/0x40 [ 2999.069606] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2999.070814] ? lock_acquire+0x197/0x470 [ 2999.071695] ? create_object.isra.0+0x3ad/0xa20 [ 2999.072745] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 2999.073796] hwsim_new_radio_nl+0x991/0x1080 [ 2999.074788] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2999.075968] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 2999.077439] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 2999.078901] genl_family_rcv_msg_doit+0x22d/0x330 [ 2999.079985] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 2999.081451] ? cap_capable+0x1d6/0x240 [ 2999.082347] ? ns_capable+0xe2/0x110 [ 2999.083187] genl_rcv_msg+0x33c/0x5a0 [ 2999.084043] ? genl_get_cmd+0x480/0x480 [ 2999.084932] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 2999.086095] ? lock_release+0x680/0x680 [ 2999.086982] ? netlink_deliver_tap+0xf4/0xcd0 [ 2999.087988] netlink_rcv_skb+0x14b/0x430 [ 2999.088895] ? genl_get_cmd+0x480/0x480 [ 2999.089780] ? netlink_ack+0xab0/0xab0 [ 2999.090676] ? netlink_deliver_tap+0x1c4/0xcd0 [ 2999.091684] ? is_vmalloc_addr+0x7b/0xb0 [ 2999.092598] genl_rcv+0x24/0x40 [ 2999.093332] netlink_unicast+0x549/0x7f0 [ 2999.094253] ? netlink_attachskb+0x870/0x870 [ 2999.095225] ? __virt_addr_valid+0x128/0x350 [ 2999.096220] netlink_sendmsg+0x90f/0xdf0 [ 2999.097126] ? netlink_unicast+0x7f0/0x7f0 [ 2999.098103] ? netlink_unicast+0x7f0/0x7f0 [ 2999.099039] sock_sendmsg+0x154/0x190 [ 2999.099888] ____sys_sendmsg+0x70d/0x870 [ 2999.100789] ? kernel_sendmsg+0x50/0x50 [ 2999.101676] ? do_recvmmsg+0x6d0/0x6d0 [ 2999.102547] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2999.103717] ? lock_downgrade+0x6d0/0x6d0 [ 2999.104646] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 2999.105808] ___sys_sendmsg+0xf3/0x170 [ 2999.106695] ? sendmsg_copy_msghdr+0x160/0x160 [ 2999.107709] ? lock_downgrade+0x6d0/0x6d0 [ 2999.108631] ? find_held_lock+0x2c/0x110 [ 2999.109533] ? __fget_files+0x296/0x4c0 [ 2999.110433] ? __fget_light+0xea/0x290 [ 2999.111299] __sys_sendmsg+0xe5/0x1b0 [ 2999.112143] ? __sys_sendmsg_sock+0x40/0x40 [ 2999.113094] ? rcu_read_lock_any_held+0x75/0xa0 [ 2999.114139] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 2999.115298] ? syscall_enter_from_user_mode+0x1d/0x50 [ 2999.116430] ? trace_hardirqs_on+0x5b/0x180 [ 2999.117387] do_syscall_64+0x33/0x40 [ 2999.118221] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 2999.119355] RIP: 0033:0x7f09254a5b19 [ 2999.120178] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 2999.124241] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2999.125907] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 2999.127497] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 2999.129074] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 2999.130654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2999.132233] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:59:20 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:59:20 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c906c0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:20 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xeff20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:20 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0045878, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:20 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:59:20 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0xa00, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:20 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90740000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:20 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x219, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:20 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0045878, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:35 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0xb91, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:35 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x275, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:35 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf0f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:35 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90780000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:35 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 78) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:35 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:59:35 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xa1860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:35 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0189436, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 3014.885721] FAULT_INJECTION: forcing a failure. [ 3014.885721] name failslab, interval 1, probability 0, space 0, times 0 [ 3014.888525] CPU: 0 PID: 15854 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3014.889928] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3014.891654] Call Trace: [ 3014.892199] dump_stack+0x107/0x167 [ 3014.892963] should_fail.cold+0x5/0xa [ 3014.893760] ? create_object.isra.0+0x3a/0xa20 [ 3014.894725] should_failslab+0x5/0x20 [ 3014.895504] kmem_cache_alloc+0x5b/0x310 [ 3014.896326] ? kmem_cache_alloc_trace+0x151/0x320 [ 3014.897315] create_object.isra.0+0x3a/0xa20 [ 3014.898211] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3014.899262] __kmalloc+0x16e/0x390 [ 3014.899992] ? trace_hardirqs_on+0x5b/0x180 [ 3014.900869] kobject_get_path+0xc4/0x1d0 [ 3014.901704] kobject_uevent_env+0x251/0xf90 [ 3014.902618] driver_bound+0x19d/0x1f0 [ 3014.903396] device_bind_driver+0xae/0xd0 [ 3014.904250] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 3014.905245] ? ____sys_sendmsg+0x70d/0x870 [ 3014.906104] ? ___sys_sendmsg+0xf3/0x170 [ 3014.906943] ? __sys_sendmsg+0xe5/0x1b0 [ 3014.907747] ? do_syscall_64+0x33/0x40 [ 3014.908532] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3014.909615] ? lock_acquire+0x197/0x470 [ 3014.910437] ? create_object.isra.0+0x3ad/0xa20 [ 3014.911394] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3014.912347] hwsim_new_radio_nl+0x991/0x1080 [ 3014.913244] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3014.914333] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3014.915669] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3014.917009] genl_family_rcv_msg_doit+0x22d/0x330 [ 3014.917995] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3014.919338] ? cap_capable+0x1d6/0x240 [ 3014.920143] ? ns_capable+0xe2/0x110 [ 3014.920904] genl_rcv_msg+0x33c/0x5a0 [ 3014.921701] ? genl_get_cmd+0x480/0x480 [ 3014.922519] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3014.923566] ? lock_release+0x680/0x680 [ 3014.924371] ? netlink_deliver_tap+0xf4/0xcd0 [ 3014.925285] netlink_rcv_skb+0x14b/0x430 [ 3014.926112] ? genl_get_cmd+0x480/0x480 [ 3014.926935] ? netlink_ack+0xab0/0xab0 [ 3014.927734] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3014.928657] ? is_vmalloc_addr+0x7b/0xb0 [ 3014.929487] genl_rcv+0x24/0x40 [ 3014.930161] netlink_unicast+0x549/0x7f0 [ 3014.931004] ? netlink_attachskb+0x870/0x870 [ 3014.931898] ? __virt_addr_valid+0x128/0x350 [ 3014.932798] netlink_sendmsg+0x90f/0xdf0 [ 3014.933629] ? netlink_unicast+0x7f0/0x7f0 [ 3014.934518] ? netlink_unicast+0x7f0/0x7f0 [ 3014.935372] sock_sendmsg+0x154/0x190 [ 3014.936155] ____sys_sendmsg+0x70d/0x870 [ 3014.936986] ? kernel_sendmsg+0x50/0x50 [ 3014.937793] ? do_recvmmsg+0x6d0/0x6d0 [ 3014.938592] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3014.939657] ? lock_downgrade+0x6d0/0x6d0 [ 3014.940499] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3014.941556] ___sys_sendmsg+0xf3/0x170 [ 3014.942369] ? sendmsg_copy_msghdr+0x160/0x160 [ 3014.943302] ? lock_downgrade+0x6d0/0x6d0 [ 3014.944149] ? find_held_lock+0x2c/0x110 [ 3014.944971] ? __fget_files+0x296/0x4c0 [ 3014.945790] ? __fget_light+0xea/0x290 [ 3014.946598] __sys_sendmsg+0xe5/0x1b0 [ 3014.947376] ? __sys_sendmsg_sock+0x40/0x40 [ 3014.948256] ? rcu_read_lock_any_held+0x75/0xa0 [ 3014.949220] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3014.950302] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3014.951353] ? trace_hardirqs_on+0x5b/0x180 [ 3014.952235] do_syscall_64+0x33/0x40 [ 3014.952990] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3014.954031] RIP: 0033:0x7f09254a5b19 [ 3014.954800] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3014.958534] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3014.960072] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3014.961523] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3014.962979] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3014.964423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3014.965870] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:59:35 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, 0x0) 07:59:35 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc020660b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:35 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c907a0000200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:35 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf0ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:36 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, 0x0) 07:59:36 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x1400, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:36 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x2ce, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:36 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90120100200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:52 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90810200200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:52 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0401273, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:52 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x2000, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 07:59:52 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x3d9, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 07:59:52 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 79) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:52 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf1f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 07:59:52 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xa2860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 07:59:52 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00'}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, 0x0) [ 3031.830941] FAULT_INJECTION: forcing a failure. [ 3031.830941] name failslab, interval 1, probability 0, space 0, times 0 [ 3031.833563] CPU: 1 PID: 15921 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3031.834971] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3031.836634] Call Trace: [ 3031.837169] dump_stack+0x107/0x167 [ 3031.837914] should_fail.cold+0x5/0xa [ 3031.838707] ? create_object.isra.0+0x3a/0xa20 [ 3031.839628] should_failslab+0x5/0x20 [ 3031.840389] kmem_cache_alloc+0x5b/0x310 [ 3031.841207] create_object.isra.0+0x3a/0xa20 [ 3031.842083] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3031.843114] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3031.844151] ? alloc_uevent_skb+0x7b/0x210 [ 3031.845015] __alloc_skb+0xb1/0x5b0 [ 3031.845768] alloc_uevent_skb+0x7b/0x210 [ 3031.846613] kobject_uevent_env+0x99a/0xf90 [ 3031.847510] driver_bound+0x19d/0x1f0 [ 3031.848283] device_bind_driver+0xae/0xd0 [ 3031.849123] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 3031.850110] ? ____sys_sendmsg+0x70d/0x870 [ 3031.850976] ? ___sys_sendmsg+0xf3/0x170 [ 3031.851793] ? __sys_sendmsg+0xe5/0x1b0 [ 3031.852598] ? do_syscall_64+0x33/0x40 [ 3031.853399] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3031.854471] ? lock_acquire+0x197/0x470 [ 3031.855289] ? create_object.isra.0+0x3ad/0xa20 [ 3031.856238] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3031.857185] hwsim_new_radio_nl+0x991/0x1080 [ 3031.858073] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3031.859145] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3031.860470] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3031.861785] genl_family_rcv_msg_doit+0x22d/0x330 [ 3031.862772] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3031.864095] ? cap_capable+0x1d6/0x240 [ 3031.864893] ? ns_capable+0xe2/0x110 [ 3031.865669] genl_rcv_msg+0x33c/0x5a0 [ 3031.866440] ? genl_get_cmd+0x480/0x480 [ 3031.867260] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3031.868302] ? lock_release+0x680/0x680 [ 3031.869116] ? netlink_deliver_tap+0xf4/0xcd0 [ 3031.870022] netlink_rcv_skb+0x14b/0x430 [ 3031.870858] ? genl_get_cmd+0x480/0x480 [ 3031.871665] ? netlink_ack+0xab0/0xab0 [ 3031.872463] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3031.873383] ? is_vmalloc_addr+0x7b/0xb0 [ 3031.874206] genl_rcv+0x24/0x40 [ 3031.874889] netlink_unicast+0x549/0x7f0 [ 3031.875716] ? netlink_attachskb+0x870/0x870 [ 3031.876602] ? __virt_addr_valid+0x128/0x350 [ 3031.877499] netlink_sendmsg+0x90f/0xdf0 [ 3031.878328] ? netlink_unicast+0x7f0/0x7f0 [ 3031.879198] ? netlink_unicast+0x7f0/0x7f0 [ 3031.880045] sock_sendmsg+0x154/0x190 [ 3031.880817] ____sys_sendmsg+0x70d/0x870 [ 3031.881640] ? kernel_sendmsg+0x50/0x50 [ 3031.882438] ? do_recvmmsg+0x6d0/0x6d0 [ 3031.883241] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3031.884295] ? lock_downgrade+0x6d0/0x6d0 [ 3031.885128] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3031.886191] ___sys_sendmsg+0xf3/0x170 [ 3031.886989] ? sendmsg_copy_msghdr+0x160/0x160 [ 3031.887911] ? lock_downgrade+0x6d0/0x6d0 [ 3031.888746] ? find_held_lock+0x2c/0x110 [ 3031.889574] ? __fget_files+0x296/0x4c0 [ 3031.890389] ? __fget_light+0xea/0x290 [ 3031.891194] __sys_sendmsg+0xe5/0x1b0 [ 3031.891956] ? __sys_sendmsg_sock+0x40/0x40 [ 3031.892820] ? rcu_read_lock_any_held+0x75/0xa0 [ 3031.893775] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3031.894843] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3031.895877] ? trace_hardirqs_on+0x5b/0x180 [ 3031.896753] do_syscall_64+0x33/0x40 [ 3031.897503] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3031.898561] RIP: 0033:0x7f09254a5b19 [ 3031.899313] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3031.903005] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3031.904533] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3031.905970] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3031.907466] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3031.908900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3031.910357] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 07:59:52 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 07:59:52 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000300200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 07:59:52 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481223, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 07:59:52 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf2f20100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:06 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xa3860100, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90f10300200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:06 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x4000, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 08:00:06 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xfdffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 08:00:06 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481225, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:06 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 80) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:06 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xa00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) [ 3045.196748] FAULT_INJECTION: forcing a failure. [ 3045.196748] name failslab, interval 1, probability 0, space 0, times 0 [ 3045.198100] CPU: 0 PID: 15965 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3045.198899] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3045.199865] Call Trace: [ 3045.200171] dump_stack+0x107/0x167 [ 3045.200597] should_fail.cold+0x5/0xa [ 3045.201033] ? skb_clone+0x14f/0x3d0 [ 3045.201471] should_failslab+0x5/0x20 [ 3045.201914] kmem_cache_alloc+0x5b/0x310 [ 3045.202393] skb_clone+0x14f/0x3d0 [ 3045.202809] netlink_broadcast_filtered+0xa08/0xdc0 [ 3045.203400] netlink_broadcast+0x35/0x50 [ 3045.203847] kobject_uevent_env+0x93d/0xf90 [ 3045.204341] driver_bound+0x19d/0x1f0 [ 3045.204774] device_bind_driver+0xae/0xd0 [ 3045.205253] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 3045.205816] ? mark_held_locks+0x9e/0xe0 [ 3045.206280] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3045.206898] ? __entry_text_end+0xd1e7/0x1fe8e4 [ 3045.207435] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3045.207979] hwsim_new_radio_nl+0x991/0x1080 [ 3045.208487] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3045.209091] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3045.209808] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3045.210552] genl_family_rcv_msg_doit+0x22d/0x330 [ 3045.211091] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3045.211836] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3045.212447] ? trace_hardirqs_on+0x5b/0x180 [ 3045.212938] ? cap_capable+0x1d6/0x240 [ 3045.213403] ? ns_capable+0xe2/0x110 [ 3045.213843] genl_rcv_msg+0x33c/0x5a0 [ 3045.214280] ? genl_get_cmd+0x480/0x480 [ 3045.214741] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3045.215328] ? lock_release+0x680/0x680 [ 3045.215782] ? netlink_deliver_tap+0xf4/0xcd0 [ 3045.216294] netlink_rcv_skb+0x14b/0x430 [ 3045.216758] ? genl_get_cmd+0x480/0x480 [ 3045.217211] ? netlink_ack+0xab0/0xab0 [ 3045.217658] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3045.218190] ? is_vmalloc_addr+0x7b/0xb0 [ 3045.218654] genl_rcv+0x24/0x40 [ 3045.219041] netlink_unicast+0x549/0x7f0 [ 3045.219496] ? netlink_attachskb+0x870/0x870 [ 3045.219989] ? __virt_addr_valid+0x128/0x350 [ 3045.220501] netlink_sendmsg+0x90f/0xdf0 [ 3045.220968] ? netlink_unicast+0x7f0/0x7f0 [ 3045.221462] ? netlink_unicast+0x7f0/0x7f0 [ 3045.221945] sock_sendmsg+0x154/0x190 [ 3045.222367] ____sys_sendmsg+0x70d/0x870 [ 3045.222826] ? kernel_sendmsg+0x50/0x50 [ 3045.223271] ? do_recvmmsg+0x6d0/0x6d0 [ 3045.223702] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3045.224295] ? lock_downgrade+0x6d0/0x6d0 [ 3045.224757] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3045.225361] ___sys_sendmsg+0xf3/0x170 [ 3045.225804] ? sendmsg_copy_msghdr+0x160/0x160 [ 3045.226328] ? lock_downgrade+0x6d0/0x6d0 [ 3045.226805] ? find_held_lock+0x2c/0x110 [ 3045.227260] ? __fget_files+0x296/0x4c0 [ 3045.227710] ? __fget_light+0xea/0x290 [ 3045.228161] __sys_sendmsg+0xe5/0x1b0 [ 3045.228590] ? __sys_sendmsg_sock+0x40/0x40 [ 3045.229077] ? rcu_read_lock_any_held+0x75/0xa0 [ 3045.229601] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3045.230178] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3045.230797] ? trace_hardirqs_on+0x5b/0x180 [ 3045.231281] do_syscall_64+0x33/0x40 [ 3045.231690] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3045.232253] RIP: 0033:0x7f09254a5b19 [ 3045.232665] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3045.234684] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3045.235528] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3045.236310] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3045.237108] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3045.237897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3045.238682] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 08:00:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0x0, 0x8, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 08:00:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x0, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 08:00:06 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122a, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:06 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x0, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 08:00:06 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90050500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:06 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xfeffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:06 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122b, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:22 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xb91, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 08:00:22 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90060500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:22 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 81) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x0, 0x1fd1, 0x100, 0x1d, 0x20, r2}) 08:00:22 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x910b, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 08:00:22 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xfffff000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:22 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xbf010000, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:22 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122d, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 3061.873569] FAULT_INJECTION: forcing a failure. [ 3061.873569] name failslab, interval 1, probability 0, space 0, times 0 [ 3061.876596] CPU: 0 PID: 16021 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3061.878226] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3061.880173] Call Trace: [ 3061.880839] dump_stack+0x107/0x167 [ 3061.881715] should_fail.cold+0x5/0xa [ 3061.882613] ? create_object.isra.0+0x3a/0xa20 [ 3061.883802] should_failslab+0x5/0x20 [ 3061.884693] kmem_cache_alloc+0x5b/0x310 [ 3061.885653] create_object.isra.0+0x3a/0xa20 [ 3061.886683] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3061.887900] kmem_cache_alloc_node+0x169/0x330 [ 3061.888979] __alloc_skb+0x6d/0x5b0 [ 3061.889851] alloc_uevent_skb+0x7b/0x210 [ 3061.890823] kobject_uevent_env+0x99a/0xf90 [ 3061.891916] driver_bound+0x19d/0x1f0 [ 3061.892801] device_bind_driver+0xae/0xd0 [ 3061.893764] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 3061.894938] ? ____sys_sendmsg+0x70d/0x870 [ 3061.895916] ? ___sys_sendmsg+0xf3/0x170 [ 3061.896894] ? __sys_sendmsg+0xe5/0x1b0 [ 3061.897852] ? do_syscall_64+0x33/0x40 [ 3061.898760] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3061.900112] ? lock_acquire+0x197/0x470 [ 3061.901214] ? create_object.isra.0+0x3ad/0xa20 [ 3061.902474] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3061.903577] hwsim_new_radio_nl+0x991/0x1080 [ 3061.904633] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3061.905857] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3061.907506] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3061.909037] genl_family_rcv_msg_doit+0x22d/0x330 [ 3061.910171] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3061.911866] ? cap_capable+0x1d6/0x240 [ 3061.912844] ? ns_capable+0xe2/0x110 [ 3061.913727] genl_rcv_msg+0x33c/0x5a0 [ 3061.914652] ? genl_get_cmd+0x480/0x480 [ 3061.915610] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3061.916807] ? lock_release+0x680/0x680 [ 3061.917729] ? netlink_deliver_tap+0xf4/0xcd0 [ 3061.918937] netlink_rcv_skb+0x14b/0x430 [ 3061.919896] ? genl_get_cmd+0x480/0x480 [ 3061.920826] ? netlink_ack+0xab0/0xab0 [ 3061.921740] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3061.922969] ? is_vmalloc_addr+0x7b/0xb0 [ 3061.924014] genl_rcv+0x24/0x40 [ 3061.924774] netlink_unicast+0x549/0x7f0 [ 3061.925800] ? netlink_attachskb+0x870/0x870 [ 3061.926846] ? __virt_addr_valid+0x128/0x350 [ 3061.927913] netlink_sendmsg+0x90f/0xdf0 [ 3061.928998] ? netlink_unicast+0x7f0/0x7f0 [ 3061.930021] ? netlink_unicast+0x7f0/0x7f0 [ 3061.931015] sock_sendmsg+0x154/0x190 [ 3061.931912] ____sys_sendmsg+0x70d/0x870 [ 3061.932931] ? kernel_sendmsg+0x50/0x50 [ 3061.933890] ? do_recvmmsg+0x6d0/0x6d0 [ 3061.934792] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3061.936093] ? lock_downgrade+0x6d0/0x6d0 [ 3061.937057] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3061.938360] ___sys_sendmsg+0xf3/0x170 [ 3061.939269] ? sendmsg_copy_msghdr+0x160/0x160 [ 3061.940433] ? lock_downgrade+0x6d0/0x6d0 [ 3061.941384] ? find_held_lock+0x2c/0x110 [ 3061.942362] ? __fget_files+0x296/0x4c0 [ 3061.943305] ? __fget_light+0xea/0x290 [ 3061.944264] __sys_sendmsg+0xe5/0x1b0 [ 3061.945153] ? __sys_sendmsg_sock+0x40/0x40 [ 3061.946200] ? rcu_read_lock_any_held+0x75/0xa0 [ 3061.947311] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3061.948621] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3061.949852] ? trace_hardirqs_on+0x5b/0x180 [ 3061.950850] do_syscall_64+0x33/0x40 [ 3061.951828] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3061.953105] RIP: 0033:0x7f09254a5b19 [ 3061.953974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3061.958244] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3061.960033] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3061.961642] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3061.963250] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3061.964953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3061.966770] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 08:00:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x0, 0x100, 0x1d, 0x20, r2}) 08:00:22 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x0, 0x100, 0x1d, 0x20, r2}) 08:00:22 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122e, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:23 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90070500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:23 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xffffff7f, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:23 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 82) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 3062.279546] FAULT_INJECTION: forcing a failure. [ 3062.279546] name failslab, interval 1, probability 0, space 0, times 0 [ 3062.282372] CPU: 0 PID: 16056 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3062.283765] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3062.285453] Call Trace: [ 3062.286032] dump_stack+0x107/0x167 [ 3062.286819] should_fail.cold+0x5/0xa [ 3062.287680] ? kobject_uevent_env+0x22b/0xf90 [ 3062.288581] ? dev_uevent_filter+0xd0/0xd0 [ 3062.289429] should_failslab+0x5/0x20 [ 3062.290191] kmem_cache_alloc_trace+0x55/0x320 [ 3062.291116] ? __device_release_driver+0x555/0x770 [ 3062.292141] ? dev_uevent_filter+0xd0/0xd0 [ 3062.293041] kobject_uevent_env+0x22b/0xf90 [ 3062.293913] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3062.294981] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3062.296021] ? trace_hardirqs_on+0x5b/0x180 [ 3062.296930] __device_release_driver+0x5cd/0x770 [ 3062.297926] device_release_driver+0x26/0x40 [ 3062.298846] mac80211_hwsim_new_radio+0x29a2/0x4250 [ 3062.299868] ? ____sys_sendmsg+0x70d/0x870 [ 3062.300714] ? ___sys_sendmsg+0xf3/0x170 [ 3062.301564] ? __sys_sendmsg+0xe5/0x1b0 [ 3062.302381] ? do_syscall_64+0x33/0x40 [ 3062.303183] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3062.304348] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3062.305285] hwsim_new_radio_nl+0x991/0x1080 [ 3062.306161] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3062.307309] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3062.308613] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3062.310009] genl_family_rcv_msg_doit+0x22d/0x330 [ 3062.310993] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3062.312302] ? cap_capable+0x1d6/0x240 [ 3062.313088] ? ns_capable+0xe2/0x110 [ 3062.313840] genl_rcv_msg+0x33c/0x5a0 [ 3062.314615] ? genl_get_cmd+0x480/0x480 [ 3062.315497] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3062.316548] ? lock_release+0x680/0x680 [ 3062.317350] ? netlink_deliver_tap+0xf4/0xcd0 [ 3062.318257] netlink_rcv_skb+0x14b/0x430 [ 3062.319098] ? genl_get_cmd+0x480/0x480 [ 3062.319897] ? netlink_ack+0xab0/0xab0 [ 3062.320690] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3062.321606] ? is_vmalloc_addr+0x7b/0xb0 [ 3062.322430] genl_rcv+0x24/0x40 [ 3062.323103] netlink_unicast+0x549/0x7f0 [ 3062.323925] ? netlink_attachskb+0x870/0x870 [ 3062.324802] ? __virt_addr_valid+0x128/0x350 [ 3062.325689] netlink_sendmsg+0x90f/0xdf0 [ 3062.326506] ? netlink_unicast+0x7f0/0x7f0 [ 3062.327436] ? netlink_unicast+0x7f0/0x7f0 [ 3062.328283] sock_sendmsg+0x154/0x190 [ 3062.329044] ____sys_sendmsg+0x70d/0x870 [ 3062.329884] ? kernel_sendmsg+0x50/0x50 [ 3062.330681] ? do_recvmmsg+0x6d0/0x6d0 [ 3062.331466] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3062.332553] ? trace_hardirqs_on+0x5b/0x180 [ 3062.333417] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3062.334507] ___sys_sendmsg+0xf3/0x170 [ 3062.335342] ? sendmsg_copy_msghdr+0x160/0x160 [ 3062.336285] ? lock_downgrade+0x6d0/0x6d0 [ 3062.337130] ? find_held_lock+0x2c/0x110 [ 3062.337957] ? __fget_files+0x296/0x4c0 [ 3062.338758] ? __fget_light+0xea/0x290 [ 3062.339550] __sys_sendmsg+0xe5/0x1b0 [ 3062.340290] ? __sys_sendmsg_sock+0x40/0x40 [ 3062.341177] ? rcu_read_lock_any_held+0x75/0xa0 [ 3062.342317] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3062.343392] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3062.344405] ? trace_hardirqs_on+0x5b/0x180 [ 3062.345253] do_syscall_64+0x33/0x40 [ 3062.345988] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3062.346989] RIP: 0033:0x7f09254a5b19 [ 3062.347721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3062.351375] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3062.352917] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3062.354313] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3062.355728] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3062.357141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3062.358671] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 08:00:23 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90080500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:23 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x0, 0x100, 0x1d, 0x20, r2}) 08:00:39 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc048122f, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:39 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0xba00, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 08:00:39 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0xc00, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 08:00:39 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x0, 0x1d, 0x20, r2}) 08:00:39 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xe4ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90090500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xffffff97, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:39 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 83) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 3078.203353] FAULT_INJECTION: forcing a failure. [ 3078.203353] name failslab, interval 1, probability 0, space 0, times 0 [ 3078.204950] CPU: 0 PID: 16091 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3078.205836] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3078.206902] Call Trace: [ 3078.207269] dump_stack+0x107/0x167 [ 3078.207741] should_fail.cold+0x5/0xa [ 3078.208237] ? create_object.isra.0+0x3a/0xa20 [ 3078.208833] should_failslab+0x5/0x20 [ 3078.209324] kmem_cache_alloc+0x5b/0x310 [ 3078.209847] create_object.isra.0+0x3a/0xa20 [ 3078.210411] ? __kasan_kmalloc.constprop.0+0xc9/0xd0 [ 3078.211066] __kmalloc_node_track_caller+0x1a6/0x3b0 [ 3078.211727] ? alloc_uevent_skb+0x7b/0x210 [ 3078.212272] __alloc_skb+0xb1/0x5b0 [ 3078.212702] alloc_uevent_skb+0x7b/0x210 [ 3078.213106] kobject_uevent_env+0x99a/0xf90 [ 3078.213572] driver_bound+0x19d/0x1f0 [ 3078.213959] device_bind_driver+0xae/0xd0 [ 3078.214398] mac80211_hwsim_new_radio+0x3d2/0x4250 [ 3078.214916] ? ____sys_sendmsg+0x70d/0x870 [ 3078.215379] ? ___sys_sendmsg+0xf3/0x170 [ 3078.215806] ? __sys_sendmsg+0xe5/0x1b0 [ 3078.216204] ? do_syscall_64+0x33/0x40 [ 3078.216617] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3078.217182] ? lock_acquire+0x197/0x470 [ 3078.217604] ? create_object.isra.0+0x3ad/0xa20 [ 3078.218068] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3078.218564] hwsim_new_radio_nl+0x991/0x1080 [ 3078.219005] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3078.219574] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3078.220227] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3078.220918] genl_family_rcv_msg_doit+0x22d/0x330 [ 3078.221401] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3078.222096] ? cap_capable+0x1d6/0x240 [ 3078.222498] ? ns_capable+0xe2/0x110 [ 3078.222871] genl_rcv_msg+0x33c/0x5a0 [ 3078.223261] ? genl_get_cmd+0x480/0x480 [ 3078.223655] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3078.224168] ? lock_release+0x680/0x680 [ 3078.224561] ? netlink_deliver_tap+0xf4/0xcd0 [ 3078.225007] netlink_rcv_skb+0x14b/0x430 [ 3078.225413] ? genl_get_cmd+0x480/0x480 [ 3078.225809] ? netlink_ack+0xab0/0xab0 [ 3078.226223] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3078.226691] ? is_vmalloc_addr+0x7b/0xb0 [ 3078.227121] genl_rcv+0x24/0x40 [ 3078.227490] netlink_unicast+0x549/0x7f0 [ 3078.227917] ? netlink_attachskb+0x870/0x870 [ 3078.228367] ? __virt_addr_valid+0x128/0x350 [ 3078.228829] netlink_sendmsg+0x90f/0xdf0 [ 3078.229252] ? netlink_unicast+0x7f0/0x7f0 [ 3078.229694] ? netlink_unicast+0x7f0/0x7f0 [ 3078.230124] sock_sendmsg+0x154/0x190 [ 3078.230512] ____sys_sendmsg+0x70d/0x870 [ 3078.230935] ? kernel_sendmsg+0x50/0x50 [ 3078.231357] ? do_recvmmsg+0x6d0/0x6d0 [ 3078.231762] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3078.232298] ? lock_downgrade+0x6d0/0x6d0 [ 3078.232718] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3078.233253] ___sys_sendmsg+0xf3/0x170 [ 3078.233665] ? sendmsg_copy_msghdr+0x160/0x160 [ 3078.234137] ? lock_downgrade+0x6d0/0x6d0 [ 3078.234570] ? find_held_lock+0x2c/0x110 [ 3078.234994] ? __fget_files+0x296/0x4c0 [ 3078.235427] ? __fget_light+0xea/0x290 [ 3078.235827] __sys_sendmsg+0xe5/0x1b0 [ 3078.236219] ? __sys_sendmsg_sock+0x40/0x40 [ 3078.236669] ? rcu_read_lock_any_held+0x75/0xa0 [ 3078.237156] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3078.237699] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3078.238227] ? trace_hardirqs_on+0x5b/0x180 [ 3078.238678] do_syscall_64+0x33/0x40 [ 3078.239069] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3078.239606] RIP: 0033:0x7f09254a5b19 [ 3078.239993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3078.241861] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3078.242656] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3078.243404] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3078.244138] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3078.244865] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3078.245596] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 08:00:39 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x0, 0x1d, 0x20, r2}) 08:00:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xffffff9e, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:39 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481230, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c900a0500200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:39 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x0, 0x1d, 0x20, r2}) 08:00:39 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xffffffe4, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:39 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x0, 0x20, r2}) 08:00:39 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481258, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:39 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90000600200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:56 executing program 0: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x0, 0x162210, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1000002, 0x12, 0xffffffffffffffff, 0x0) copy_file_range(r2, 0x0, 0xffffffffffffffff, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r3, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, 0xffffffffffffffff, 0x0) fsync(0xffffffffffffffff) 08:00:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xfffffff0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:56 executing program 1: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000440)={'\x00', 0x1902, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018", @ANYRES32, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$BLKTRACETEARDOWN(0xffffffffffffffff, 0x1276, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r2, &(0x7f0000000140)=0x9, r3, &(0x7f0000000180)=0x9, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, 0x0) syz_io_uring_submit(r4, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r3, 0x0) fsync(r5) 08:00:56 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x0, 0x20, r2}) 08:00:56 executing program 2: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xf0ffffff, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) pidfd_getfd(0xffffffffffffffff, r2, 0x0) r4 = fsmount(r3, 0x1, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) close_range(r4, r5, 0x2) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) 08:00:56 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90050600200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:56 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481263, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) 08:00:56 executing program 5: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0x0, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) (fail_nth: 84) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) unshare(0x48020200) [ 3095.755882] FAULT_INJECTION: forcing a failure. [ 3095.755882] name failslab, interval 1, probability 0, space 0, times 0 [ 3095.758768] CPU: 1 PID: 16143 Comm: syz-executor.5 Not tainted 5.10.176 #1 [ 3095.760317] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3095.762147] Call Trace: [ 3095.762739] dump_stack+0x107/0x167 [ 3095.763556] should_fail.cold+0x5/0xa [ 3095.764391] ? kobject_get_path+0xc4/0x1d0 [ 3095.765319] should_failslab+0x5/0x20 [ 3095.766151] __kmalloc+0x72/0x390 [ 3095.766912] ? trace_hardirqs_on+0x5b/0x180 [ 3095.767865] kobject_get_path+0xc4/0x1d0 [ 3095.768757] kobject_uevent_env+0x251/0xf90 [ 3095.769705] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3095.770851] ? _raw_spin_unlock_irqrestore+0x38/0x40 [ 3095.771969] ? trace_hardirqs_on+0x5b/0x180 [ 3095.772918] __device_release_driver+0x5cd/0x770 [ 3095.773957] device_release_driver+0x26/0x40 [ 3095.774921] mac80211_hwsim_new_radio+0x29a2/0x4250 [ 3095.776018] ? ____sys_sendmsg+0x70d/0x870 [ 3095.776936] ? ___sys_sendmsg+0xf3/0x170 [ 3095.777811] ? __sys_sendmsg+0xe5/0x1b0 [ 3095.778666] ? do_syscall_64+0x33/0x40 [ 3095.779534] ? entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3095.780698] ? hwsim_send_nullfunc_ps+0x80/0x80 [ 3095.781723] hwsim_new_radio_nl+0x991/0x1080 [ 3095.782678] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3095.783825] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1bb/0x280 [ 3095.785244] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xaf/0x280 [ 3095.786649] genl_family_rcv_msg_doit+0x22d/0x330 [ 3095.787706] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x280/0x280 [ 3095.789116] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3095.790239] ? cap_capable+0x1d6/0x240 [ 3095.791086] ? ns_capable+0xe2/0x110 [ 3095.791906] genl_rcv_msg+0x33c/0x5a0 [ 3095.792727] ? genl_get_cmd+0x480/0x480 [ 3095.793589] ? mac80211_hwsim_new_radio+0x4250/0x4250 [ 3095.794696] ? lock_release+0x680/0x680 [ 3095.795559] ? netlink_deliver_tap+0xf4/0xcd0 [ 3095.796522] netlink_rcv_skb+0x14b/0x430 [ 3095.797396] ? genl_get_cmd+0x480/0x480 [ 3095.798246] ? netlink_ack+0xab0/0xab0 [ 3095.799093] ? netlink_deliver_tap+0x1c4/0xcd0 [ 3095.800110] ? is_vmalloc_addr+0x7b/0xb0 [ 3095.800986] genl_rcv+0x24/0x40 [ 3095.801693] netlink_unicast+0x549/0x7f0 [ 3095.802575] ? netlink_attachskb+0x870/0x870 [ 3095.803527] ? __virt_addr_valid+0x128/0x350 [ 3095.804487] netlink_sendmsg+0x90f/0xdf0 [ 3095.805353] ? netlink_unicast+0x7f0/0x7f0 [ 3095.806267] ? netlink_unicast+0x7f0/0x7f0 [ 3095.807153] sock_sendmsg+0x154/0x190 [ 3095.807973] ____sys_sendmsg+0x70d/0x870 [ 3095.808829] ? kernel_sendmsg+0x50/0x50 [ 3095.809669] ? do_recvmmsg+0x6d0/0x6d0 [ 3095.810487] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3095.811613] ? lock_downgrade+0x6d0/0x6d0 [ 3095.812490] ? lockdep_hardirqs_on_prepare+0x3e0/0x3e0 [ 3095.813606] ___sys_sendmsg+0xf3/0x170 [ 3095.814432] ? sendmsg_copy_msghdr+0x160/0x160 [ 3095.815421] ? lock_downgrade+0x6d0/0x6d0 [ 3095.816304] ? find_held_lock+0x2c/0x110 [ 3095.817177] ? __fget_files+0x296/0x4c0 [ 3095.818031] ? __fget_light+0xea/0x290 [ 3095.818867] __sys_sendmsg+0xe5/0x1b0 [ 3095.819694] ? __sys_sendmsg_sock+0x40/0x40 [ 3095.820604] ? rcu_read_lock_any_held+0x75/0xa0 [ 3095.821608] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3095.822714] ? syscall_enter_from_user_mode+0x1d/0x50 [ 3095.823810] ? trace_hardirqs_on+0x5b/0x180 [ 3095.824728] do_syscall_64+0x33/0x40 [ 3095.825516] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3095.826614] RIP: 0033:0x7f09254a5b19 [ 3095.827422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 [ 3095.831259] RSP: 002b:00007f0922a1b188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 3095.832813] RAX: ffffffffffffffda RBX: 00007f09255b8f60 RCX: 00007f09254a5b19 [ 3095.834290] RDX: 0000000000040000 RSI: 0000000020000000 RDI: 0000000000000004 [ 3095.835763] RBP: 00007f0922a1b1d0 R08: 0000000000000000 R09: 0000000000000000 [ 3095.837225] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 3095.838710] R13: 00007ffdc8bbb60f R14: 00007f0922a1b300 R15: 0000000000022000 08:00:56 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x0, 0x20, r2}) 08:00:56 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x0, r2}) 08:00:56 executing program 6: syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000000140)="eb3c90300600200000000000020801000470001200f801", 0x17}, {0x0, 0x0, 0x1000a00}], 0x0, &(0x7f0000000340)=ANY=[]) 08:00:56 executing program 7: perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x34000, &(0x7f0000000480)={&(0x7f0000000080)={0x1c, 0x1d, 0xc21, 0xfffffffd, 0x0, {0x4, 0x0, 0x2}, [@typed={0x8, 0x17, 0x0, 0x0, @u32}]}, 0x1c}}, 0x40000) pread64(r0, &(0x7f0000000340)=""/181, 0xb5, 0x8) ioctl$TUNGETDEVNETNS(0xffffffffffffffff, 0x54e3, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000000c0), 0x7, 0x4002) r2 = dup2(r0, r1) r3 = openat2(0xffffffffffffffff, 0x0, &(0x7f0000000100)={0x2b0100, 0x1c}, 0x18) ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r2, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r2, {0xfffffc71}}, './file0\x00'}) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040), 0x404700, 0x0) pidfd_getfd(r4, r2, 0x0) fsmount(r3, 0x1, 0xf9) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000004200210e0000000000000000000000001ec1510446ad9e06b57f9c686fa912ba3b2328a522ec336899b707fdfa07e4b086424a077c8b1bf0464349f5bab057d519066ed1d98d6e5fd1c5fa0cf73e0c2d"], 0x14}}, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000001740)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000001c0)=ANY=[], 0xfdef) 08:00:56 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @remote, 0x2}, 0x1c) sendmsg$inet6(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000080)="3bb31d6a", 0x4}], 0x1, &(0x7f0000000280)=[@flowinfo={{0x14, 0x29, 0xb, 0x4}}], 0x18}, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'syz_tun\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r0, 0x890c, &(0x7f0000000040)={@mcast1, @ipv4={'\x00', '\xff\xff', @local}, @ipv4={'\x00', '\xff\xff', @loopback}, 0xfab, 0x8, 0x1fd1, 0x100, 0x1d, 0x0, r2}) 08:00:56 executing program 3: mknod$loop(&(0x7f0000000400)='./file0\x00', 0x6000, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0, 0x0) io_setup(0x5, &(0x7f0000000080)) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x8800000) perf_event_open(&(0x7f0000001d80)={0x1, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$BLKTRACESETUP(r0, 0xc0481264, &(0x7f0000000440)={'\x00', 0x0, 0x100, 0xb91, 0x7}) ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000001001e0018000000", @ANYRES32=0xffffffffffffffff, @ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00./file1\x00']) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000001c0)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r1, @ANYBLOB="2000bca8003180b07a001ad4167b740cbe87"]) ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) r5 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x105142, 0x0) copy_file_range(r4, &(0x7f0000000140)=0x9, r5, 0x0, 0x7, 0x0) ioctl$BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_io_uring_setup(0x20ae, &(0x7f0000000280)={0x0, 0x0, 0x20, 0x3, 0x16e, 0x0, r1}, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000000000)=0x0, &(0x7f0000000200)) syz_io_uring_submit(r6, 0x0, &(0x7f0000000300)=@IORING_OP_TIMEOUT_REMOVE={0xc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x2) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x882c2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x2000002, 0x40010, r5, 0x0) [ 3098.693223] syz-fuzzer invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3098.695547] CPU: 1 PID: 255 Comm: syz-fuzzer Not tainted 5.10.176 #1 [ 3098.696740] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3098.698304] Call Trace: [ 3098.698795] dump_stack+0x107/0x167 [ 3098.699496] dump_header+0x106/0x65e [ 3098.700195] oom_kill_process.cold+0x10/0x15 [ 3098.701034] out_of_memory+0x1149/0x1440 [ 3098.701774] ? oom_killer_disable+0x280/0x280 [ 3098.702621] ? mutex_trylock+0x237/0x2b0 [ 3098.703360] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3098.704493] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3098.705593] ? lock_acquire+0x137/0x470 [ 3098.706350] ? warn_alloc+0x190/0x190 [ 3098.707080] __alloc_pages_nodemask+0x51d/0x600 [ 3098.707982] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3098.709134] ? find_get_entry+0x2c8/0x740 [ 3098.709923] alloc_pages_current+0x187/0x280 [ 3098.710749] __page_cache_alloc+0x2d2/0x360 [ 3098.711568] pagecache_get_page+0x2c7/0xc80 [ 3098.712379] filemap_fault+0x177d/0x2210 [ 3098.713149] ? read_cache_page_gfp+0x30/0x30 [ 3098.713976] ? replace_page_cache_page+0x1200/0x1200 [ 3098.714918] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3098.715905] ext4_filemap_fault+0x87/0xc0 [ 3098.716669] __do_fault+0x113/0x410 [ 3098.717341] handle_mm_fault+0x1e72/0x3520 [ 3098.718091] ? find_held_lock+0x2c/0x110 [ 3098.718847] ? __pmd_alloc+0x5e0/0x5e0 [ 3098.719586] ? vmacache_find+0x55/0x2a0 [ 3098.720330] do_user_addr_fault+0x56e/0xc60 [ 3098.721133] exc_page_fault+0xa2/0x1a0 [ 3098.721849] ? asm_exc_page_fault+0x8/0x30 [ 3098.722623] asm_exc_page_fault+0x1e/0x30 [ 3098.723384] RIP: 0033:0x465ef0 [ 3098.723977] Code: Unable to access opcode bytes at RIP 0x465ec6. [ 3098.725085] RSP: 002b:000000c00003ff30 EFLAGS: 00010202 [ 3098.726069] RAX: 0000000000002710 RBX: 0000000000004e20 RCX: 0000000000002710 [ 3098.727343] RDX: 0000000000000000 RSI: 000002d16b1f82fc RDI: 0000000000000000 [ 3098.728658] RBP: 000000c00003ffa0 R08: 000000000005712c R09: 00007ffdf3dcb080 [ 3098.729964] R10: 00007ffdf3dcb090 R11: 0000000000000246 R12: 0000000000438880 [ 3098.731265] R13: 0000000000000000 R14: 0000000000e5de2c R15: 0000000000000000 [ 3098.734195] Mem-Info: [ 3098.734668] active_anon:4782 inactive_anon:52793 isolated_anon:0 [ 3098.734668] active_file:146 inactive_file:62 isolated_file:0 [ 3098.734668] unevictable:0 dirty:0 writeback:0 [ 3098.734668] slab_reclaimable:8675 slab_unreclaimable:63338 [ 3098.734668] mapped:69700 shmem:230 pagetables:1548 bounce:0 [ 3098.734668] free:2999 free_pcp:106 free_cma:0 [ 3098.740993] Node 0 active_anon:19128kB inactive_anon:211172kB active_file:584kB inactive_file:620kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:278884kB dirty:0kB writeback:0kB shmem:920kB writeback_tmp:0kB kernel_stack:4640kB all_unreclaimable? no [ 3098.745317] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3098.750221] lowmem_reserve[]: 0 1616 1616 1616 [ 3098.751086] Node 0 DMA32 free:5500kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:19128kB inactive_anon:211160kB active_file:1044kB inactive_file:420kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:6192kB bounce:0kB free_pcp:560kB local_pcp:0kB free_cma:0kB [ 3098.756833] lowmem_reserve[]: 0 0 0 0 [ 3098.757557] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3098.760513] Node 0 DMA32: 504*4kB (UM) 189*8kB (UM) 68*16kB (UME) 19*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5224kB [ 3098.762913] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3098.764442] 621 total pagecache pages [ 3098.765148] 0 pages in swap cache [ 3098.765743] Swap cache stats: add 0, delete 0, find 0/0 [ 3098.766709] Free swap = 0kB [ 3098.767249] Total swap = 0kB [ 3098.767803] 524158 pages RAM [ 3098.768362] 0 pages HighMem/MovableOnly [ 3098.769087] 105052 pages reserved [ 3098.769775] Unreclaimable slab info: [ 3098.770939] Name Used Total [ 3098.771991] pid_3 7KB 7KB [ 3098.772948] pid_2 43KB 67KB [ 3098.774046] IEEE-802.15.4-MAC 31KB 31KB [ 3098.775146] p9_req_t 8KB 8KB [ 3098.776290] fib6_nodes 28KB 28KB [ 3098.777252] ip6_dst_cache 41KB 41KB [ 3098.778212] PINGv6 63KB 63KB [ 3098.779173] RAWv6 315KB 315KB [ 3098.780142] UDPLITEv6 62KB 62KB [ 3098.781273] UDPv6 62KB 62KB [ 3098.782401] tw_sock_TCPv6 7KB 7KB [ 3098.783509] request_sock_TCPv6 7KB 7KB [ 3098.784442] TCPv6 62KB 62KB [ 3098.785398] scsi_sense_cache 8KB 8KB [ 3098.786365] sd_ext_cdb 3KB 3KB [ 3098.787289] virtio_scsi_cmd 16KB 16KB [ 3098.788254] sgpool-128 59KB 59KB [ 3098.789198] sgpool-64 63KB 63KB [ 3098.790141] sgpool-32 94KB 94KB [ 3098.791086] sgpool-16 45KB 45KB [ 3098.792018] sgpool-8 60KB 60KB [ 3098.792960] io_kiocb 52KB 56KB [ 3098.793904] mqueue_inode_cache 62KB 62KB [ 3098.794858] nfs_commit_data 15KB 15KB [ 3098.795823] nfs_write_data 47KB 47KB [ 3098.796746] jbd2_inode 7KB 7KB [ 3098.797683] ext4_system_zone 7KB 7KB [ 3098.798619] ext4_io_end_vec 7KB 7KB [ 3098.799569] ext4_bio_post_read_ctx 15KB 15KB [ 3098.800577] kioctx 31KB 31KB [ 3098.801514] aio_kiocb 7KB 7KB [ 3098.802477] dio 15KB 15KB [ 3098.803376] bio-2 4KB 4KB [ 3098.804317] fasync_cache 3KB 3KB [ 3098.805268] pid_namespace 7KB 7KB [ 3098.806187] posix_timers_cache 15KB 15KB [ 3098.807155] rpc_buffers 31KB 31KB [ 3098.808078] rpc_tasks 3KB 3KB [ 3098.809007] UNIX 267KB 372KB [ 3098.809938] UDP-Lite 63KB 63KB [ 3098.810870] tcp_bind_bucket 8KB 8KB [ 3098.811816] inet_peer_cache 4KB 4KB [ 3098.812749] xfrm_state 32KB 32KB [ 3098.813679] ip_fib_trie 8KB 8KB [ 3098.814734] ip_fib_alias 15KB 15KB [ 3098.815811] ip_dst_cache 64KB 64KB [ 3098.816745] PING 31KB 31KB [ 3098.817742] RAW 343KB 343KB [ 3098.818667] UDP 224KB 315KB [ 3098.819677] tw_sock_TCP 15KB 15KB [ 3098.820593] request_sock_TCP 7KB 7KB [ 3098.821519] TCP 60KB 60KB [ 3098.822428] hugetlbfs_inode_cache 30KB 30KB [ 3098.823402] bio-1 11KB 11KB [ 3098.824327] eventpoll_pwq 23KB 23KB [ 3098.825249] eventpoll_epi 55KB 55KB [ 3098.826164] inotify_inode_mark 109KB 109KB [ 3098.827095] request_queue 60KB 60KB [ 3098.828020] blkdev_ioc 18KB 18KB [ 3098.828937] bio-0 81KB 88KB [ 3098.829851] biovec-max 896KB 896KB [ 3098.830772] biovec-64 189KB 189KB [ 3098.831696] biovec-16 41KB 41KB [ 3098.832620] user_namespace 31KB 31KB [ 3098.833537] uid_cache 8KB 8KB [ 3098.834440] dmaengine-unmap-2 4KB 4KB [ 3098.835358] audit_buffer 7KB 7KB [ 3098.836278] skbuff_fclone_cache 82KB 82KB [ 3098.837239] skbuff_head_cache 379KB 633KB [ 3098.838151] configfs_dir_cache 4KB 4KB [ 3098.839074] file_lock_cache 21KB 35KB [ 3098.839979] file_lock_ctx 7KB 7KB [ 3098.840894] fsnotify_mark_connector 28KB 28KB [ 3098.841888] net_namespace 176KB 205KB [ 3098.842797] task_delay_info 80KB 88KB [ 3098.843720] taskstats 38KB 38KB [ 3098.844632] proc_dir_entry 400KB 427KB [ 3098.845547] pde_opener 31KB 31KB [ 3098.846454] seq_file 52KB 52KB [ 3098.847364] sigqueue 98KB 98KB [ 3098.848294] shmem_inode_cache 1290KB 1415KB [ 3098.849200] kernfs_iattrs_cache 258KB 258KB [ 3098.850138] kernfs_node_cache 6505KB 6551KB [ 3098.851042] mnt_cache 259KB 259KB [ 3098.851953] filp 1783KB 2085KB [ 3098.852841] names_cache 12108KB 13362KB [ 3098.853723] hashtab_node 278KB 278KB [ 3098.854651] ebitmap_node 1149KB 1149KB [ 3098.855548] avtab_node 4976KB 4976KB [ 3098.856469] avc_node 35KB 35KB [ 3098.857411] lsm_inode_cache 3318KB 3332KB [ 3098.858335] lsm_file_cache 179KB 204KB [ 3098.859270] key_jar 31KB 31KB [ 3098.860211] uts_namespace 15KB 15KB [ 3098.861092] nsproxy 11KB 11KB [ 3098.861991] vm_area_struct 954KB 1116KB [ 3098.862915] mm_struct 346KB 409KB [ 3098.863852] fs_cache 45KB 64KB [ 3098.864801] files_cache 209KB 223KB [ 3098.865741] signal_cache 357KB 463KB [ 3098.866675] sighand_cache 321KB 390KB [ 3098.867632] task_struct 1178KB 1416KB [ 3098.868574] cred_jar 144KB 172KB [ 3098.869502] anon_vma_chain 257KB 271KB [ 3098.870433] anon_vma 280KB 290KB [ 3098.871373] pid 57KB 71KB [ 3098.872311] Acpi-Operand 100KB 138KB [ 3098.873244] Acpi-ParseExt 27KB 27KB [ 3098.874173] Acpi-Parse 154KB 169KB [ 3098.875105] Acpi-State 133KB 149KB [ 3098.876054] Acpi-Namespace 24KB 24KB [ 3098.876971] numa_policy 3KB 3KB [ 3098.877908] trace_event_file 163KB 163KB [ 3098.878833] ftrace_event_field 280KB 280KB [ 3098.879796] pool_workqueue 56KB 56KB [ 3098.880736] task_group 16KB 16KB [ 3098.881642] vmap_area 89KB 122KB [ 3098.882526] page->ptl 190KB 244KB [ 3098.883391] kmemleak_scan_area 48KB 79KB [ 3098.885065] kmemleak_object 143746KB 154973KB [ 3098.885940] kmalloc-8k 4736KB 4864KB [ 3098.886891] kmalloc-4k 7760KB 8992KB [ 3098.888157] kmalloc-2k 5312KB 5888KB [ 3098.889509] kmalloc-1k 2692KB 3648KB [ 3098.890900] kmalloc-512 2997KB 5952KB [ 3098.892276] kmalloc-256 1429KB 1472KB [ 3098.893618] kmalloc-192 593KB 608KB [ 3098.894953] kmalloc-128 508KB 552KB [ 3098.896325] kmalloc-96 469KB 728KB [ 3098.897671] kmalloc-64 996KB 1436KB [ 3098.898988] kmalloc-32 799KB 868KB [ 3098.900318] kmalloc-16 381KB 384KB [ 3098.901650] kmalloc-8 334KB 334KB [ 3098.902962] kmem_cache_node 47KB 47KB [ 3098.904305] kmem_cache 75KB 75KB [ 3098.905487] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=syz-fuzzer,pid=255,uid=0 [ 3098.910898] Out of memory (oom_kill_allocating_task): Killed process 254 (syz-fuzzer) total-vm:1239124kB, anon-rss:190480kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:900kB oom_score_adj:0 [ 3100.181790] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-1000 [ 3100.184100] CPU: 0 PID: 116 Comm: systemd-udevd Not tainted 5.10.176 #1 [ 3100.185440] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3100.187090] Call Trace: [ 3100.187642] dump_stack+0x107/0x167 [ 3100.188375] dump_header+0x106/0x65e [ 3100.189124] oom_kill_process.cold+0x10/0x15 [ 3100.190010] out_of_memory+0x358/0x1440 [ 3100.190830] ? oom_killer_disable+0x280/0x280 [ 3100.191737] ? mutex_trylock+0x237/0x2b0 [ 3100.192550] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3100.193746] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3100.194922] ? lock_acquire+0x137/0x470 [ 3100.195742] ? warn_alloc+0x190/0x190 [ 3100.196527] __alloc_pages_nodemask+0x51d/0x600 [ 3100.197469] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3100.198669] ? find_get_entry+0x2c8/0x740 [ 3100.199507] alloc_pages_current+0x187/0x280 [ 3100.200390] __page_cache_alloc+0x2d2/0x360 [ 3100.201255] pagecache_get_page+0x2c7/0xc80 [ 3100.202119] filemap_fault+0x177d/0x2210 [ 3100.202948] ? read_cache_page_gfp+0x30/0x30 [ 3100.203835] ? handle_mm_fault+0x28d0/0x3520 [ 3100.204737] ? lock_downgrade+0x6d0/0x6d0 [ 3100.205571] ext4_filemap_fault+0x87/0xc0 [ 3100.206394] __do_fault+0x113/0x410 [ 3100.207122] handle_mm_fault+0x1e72/0x3520 [ 3100.207989] ? __pmd_alloc+0x5e0/0x5e0 [ 3100.208789] ? vmacache_find+0x55/0x2a0 [ 3100.209615] do_user_addr_fault+0x56e/0xc60 [ 3100.210492] exc_page_fault+0xa2/0x1a0 [ 3100.211266] ? asm_exc_page_fault+0x8/0x30 [ 3100.212118] asm_exc_page_fault+0x1e/0x30 [ 3100.212956] RIP: 0033:0x7f3070fc2367 [ 3100.213707] Code: Unable to access opcode bytes at RIP 0x7f3070fc233d. [ 3100.215031] RSP: 002b:00007ffd0b79d9c8 EFLAGS: 00010287 [ 3100.216132] RAX: 0000000000000fb7 RBX: 0000000000000003 RCX: 00000000000000ff [ 3100.217577] RDX: 0000000000000000 RSI: 00007ffd0b79dc27 RDI: 0000558417a66392 [ 3100.219019] RBP: 0000558417a96ec0 R08: 0000558417a71926 R09: 00007ffd0b79dc26 [ 3100.220466] R10: 0000000000000030 R11: 0000000000000246 R12: 00000000ffffffee [ 3100.221901] R13: 000055841924a650 R14: 00007ffd0b79dc27 R15: 000055841924a650 [ 3100.223424] Mem-Info: [ 3100.223970] active_anon:48 inactive_anon:9080 isolated_anon:0 [ 3100.223970] active_file:32 inactive_file:104 isolated_file:9 [ 3100.223970] unevictable:0 dirty:0 writeback:0 [ 3100.223970] slab_reclaimable:8671 slab_unreclaimable:61019 [ 3100.223970] mapped:30571 shmem:125 pagetables:771 bounce:0 [ 3100.223970] free:3328 free_pcp:125 free_cma:0 [ 3100.230193] Node 0 active_anon:192kB inactive_anon:36320kB active_file:44kB inactive_file:416kB unevictable:0kB isolated(anon):0kB isolated(file):36kB mapped:122200kB dirty:0kB writeback:0kB shmem:500kB writeback_tmp:0kB kernel_stack:3776kB all_unreclaimable? no [ 3100.234778] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3100.240088] lowmem_reserve[]: 0 1616 1616 1616 [ 3100.241058] Node 0 DMA32 free:6816kB min:5116kB low:6768kB high:8420kB reserved_highatomic:2048KB active_anon:192kB inactive_anon:36308kB active_file:504kB inactive_file:584kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:3084kB bounce:0kB free_pcp:708kB local_pcp:32kB free_cma:0kB [ 3100.246801] lowmem_reserve[]: 0 0 0 0 [ 3100.247662] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3100.250733] Node 0 DMA32: 806*4kB (UM) 264*8kB (UMH) 81*16kB (UME) 9*32kB (M) 2*64kB (UH) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 7048kB [ 3100.253629] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3100.255346] 210 total pagecache pages [ 3100.256152] 0 pages in swap cache [ 3100.256842] Swap cache stats: add 0, delete 0, find 0/0 [ 3100.257925] Free swap = 0kB [ 3100.258553] Total swap = 0kB [ 3100.259191] 524158 pages RAM [ 3100.259806] 0 pages HighMem/MovableOnly [ 3100.260620] 105052 pages reserved [ 3100.261336] Unreclaimable slab info: [ 3100.262112] Name Used Total [ 3100.263260] pid_3 7KB 7KB [ 3100.264386] pid_2 43KB 67KB [ 3100.265489] IEEE-802.15.4-MAC 31KB 31KB [ 3100.266580] p9_req_t 8KB 8KB [ 3100.267689] fib6_nodes 28KB 28KB [ 3100.268779] ip6_dst_cache 41KB 41KB [ 3100.269879] PINGv6 63KB 63KB [ 3100.270991] RAWv6 315KB 315KB [ 3100.272117] UDPLITEv6 62KB 62KB [ 3100.273213] UDPv6 62KB 62KB [ 3100.274312] tw_sock_TCPv6 7KB 7KB [ 3100.275402] request_sock_TCPv6 7KB 7KB [ 3100.276539] TCPv6 62KB 62KB [ 3100.277663] scsi_sense_cache 8KB 8KB [ 3100.278778] sd_ext_cdb 3KB 3KB [ 3100.279917] virtio_scsi_cmd 16KB 16KB [ 3100.281064] sgpool-128 59KB 59KB [ 3100.282186] sgpool-64 63KB 63KB [ 3100.283304] sgpool-32 236KB 236KB [ 3100.284432] sgpool-16 67KB 67KB [ 3100.285549] sgpool-8 60KB 60KB [ 3100.286672] io_kiocb 52KB 56KB [ 3100.287806] mqueue_inode_cache 62KB 62KB [ 3100.288918] nfs_commit_data 15KB 15KB [ 3100.290006] nfs_write_data 47KB 47KB [ 3100.291100] jbd2_inode 7KB 7KB [ 3100.292204] ext4_system_zone 7KB 7KB [ 3100.293293] ext4_io_end_vec 7KB 7KB [ 3100.294382] ext4_bio_post_read_ctx 15KB 15KB [ 3100.295571] kioctx 31KB 31KB [ 3100.296685] aio_kiocb 7KB 7KB [ 3100.297788] dio 15KB 15KB [ 3100.298885] bio-2 4KB 4KB [ 3100.299996] fasync_cache 3KB 3KB [ 3100.301095] pid_namespace 7KB 7KB [ 3100.302182] posix_timers_cache 15KB 15KB [ 3100.303287] rpc_buffers 31KB 31KB [ 3100.304385] rpc_tasks 3KB 3KB [ 3100.305482] UNIX 267KB 372KB [ 3100.306574] UDP-Lite 63KB 63KB [ 3100.307694] tcp_bind_bucket 8KB 8KB [ 3100.308785] inet_peer_cache 4KB 4KB [ 3100.309885] xfrm_state 32KB 32KB [ 3100.310978] ip_fib_trie 8KB 8KB [ 3100.312082] ip_fib_alias 15KB 15KB [ 3100.313196] ip_dst_cache 64KB 64KB [ 3100.314292] PING 31KB 31KB [ 3100.315385] RAW 343KB 343KB [ 3100.316484] UDP 224KB 315KB [ 3100.317590] tw_sock_TCP 15KB 15KB [ 3100.318702] request_sock_TCP 7KB 7KB [ 3100.319832] TCP 60KB 60KB [ 3100.320927] hugetlbfs_inode_cache 30KB 30KB [ 3100.322086] bio-1 11KB 11KB [ 3100.323178] eventpoll_pwq 23KB 23KB [ 3100.324279] eventpoll_epi 55KB 55KB [ 3100.325378] inotify_inode_mark 109KB 109KB [ 3100.326501] request_queue 60KB 60KB [ 3100.327639] blkdev_ioc 18KB 18KB [ 3100.328738] bio-0 200KB 200KB [ 3100.329832] biovec-max 986KB 986KB [ 3100.330959] biovec-64 283KB 283KB [ 3100.332064] biovec-16 48KB 48KB [ 3100.333161] user_namespace 31KB 31KB [ 3100.334271] uid_cache 8KB 8KB [ 3100.335378] dmaengine-unmap-2 4KB 4KB [ 3100.336497] audit_buffer 7KB 7KB [ 3100.337595] skbuff_fclone_cache 82KB 82KB [ 3100.338707] skbuff_head_cache 521KB 573KB [ 3100.339776] configfs_dir_cache 4KB 4KB [ 3100.340857] file_lock_cache 20KB 35KB [ 3100.341939] file_lock_ctx 7KB 7KB [ 3100.343058] fsnotify_mark_connector 28KB 28KB [ 3100.344285] net_namespace 176KB 205KB [ 3100.345404] task_delay_info 80KB 88KB [ 3100.346514] taskstats 38KB 38KB [ 3100.347652] proc_dir_entry 350KB 401KB [ 3100.348772] pde_opener 31KB 31KB [ 3100.349894] seq_file 52KB 52KB [ 3100.351014] sigqueue 98KB 98KB [ 3100.352166] shmem_inode_cache 1290KB 1415KB [ 3100.353256] kernfs_iattrs_cache 258KB 258KB [ 3100.354389] kernfs_node_cache 6418KB 6493KB [ 3100.355487] mnt_cache 259KB 259KB [ 3100.356609] filp 1040KB 1710KB [ 3100.357715] names_cache 5754KB 6608KB [ 3100.358813] hashtab_node 278KB 278KB [ 3100.359926] ebitmap_node 1149KB 1149KB [ 3100.361046] avtab_node 4976KB 4976KB [ 3100.362146] avc_node 35KB 35KB [ 3100.363243] lsm_inode_cache 3316KB 3332KB [ 3100.364351] lsm_file_cache 179KB 204KB [ 3100.365445] key_jar 31KB 31KB [ 3100.366544] uts_namespace 15KB 15KB [ 3100.367672] nsproxy 11KB 11KB [ 3100.368793] vm_area_struct 926KB 1104KB [ 3100.369884] mm_struct 346KB 409KB [ 3100.370965] fs_cache 45KB 64KB [ 3100.372066] files_cache 209KB 223KB [ 3100.373161] signal_cache 357KB 463KB [ 3100.374262] sighand_cache 305KB 390KB [ 3100.375360] task_struct 1042KB 1364KB [ 3100.376473] cred_jar 144KB 172KB [ 3100.377568] anon_vma_chain 257KB 271KB [ 3100.378666] anon_vma 241KB 278KB [ 3100.379769] pid 57KB 71KB [ 3100.380862] Acpi-Operand 100KB 138KB [ 3100.381957] Acpi-ParseExt 27KB 27KB [ 3100.383050] Acpi-Parse 154KB 169KB [ 3100.384168] Acpi-State 133KB 149KB [ 3100.385280] Acpi-Namespace 24KB 24KB [ 3100.386371] numa_policy 3KB 3KB [ 3100.387486] trace_event_file 163KB 163KB [ 3100.388580] ftrace_event_field 280KB 280KB [ 3100.389685] pool_workqueue 56KB 56KB [ 3100.390778] task_group 16KB 16KB [ 3100.391880] vmap_area 89KB 122KB [ 3100.392976] page->ptl 190KB 244KB [ 3100.394071] kmemleak_scan_area 48KB 79KB [ 3100.396195] kmemleak_object 141601KB 154532KB [ 3100.397312] kmalloc-8k 4528KB 4736KB [ 3100.398422] kmalloc-4k 7488KB 8672KB [ 3100.399535] kmalloc-2k 4972KB 5888KB [ 3100.400641] kmalloc-1k 2788KB 3648KB [ 3100.401764] kmalloc-512 3230KB 5760KB [ 3100.402868] kmalloc-256 1413KB 1472KB [ 3100.403936] kmalloc-192 594KB 608KB [ 3100.405061] kmalloc-128 501KB 552KB [ 3100.406156] kmalloc-96 396KB 728KB [ 3100.407290] kmalloc-64 988KB 1416KB [ 3100.408387] kmalloc-32 798KB 868KB [ 3100.409484] kmalloc-16 381KB 384KB [ 3100.410576] kmalloc-8 334KB 334KB [ 3100.411647] kmem_cache_node 47KB 47KB [ 3100.412737] kmem_cache 75KB 75KB [ 3100.413829] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/syz1,task=syz-executor.1,pid=16150,uid=0 [ 3100.416618] Out of memory: Killed process 16155 (syz-executor.1) total-vm:94076kB, anon-rss:464kB, file-rss:34820kB, shmem-rss:0kB, UID:0 pgtables:136kB oom_score_adj:1000 [ 3102.200513] systemd-journal invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=-250 [ 3102.201739] CPU: 1 PID: 103 Comm: systemd-journal Not tainted 5.10.176 #1 [ 3102.202521] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3102.203478] Call Trace: [ 3102.203771] dump_stack+0x107/0x167 [ 3102.204157] dump_header+0x106/0x65e [ 3102.204556] oom_kill_process.cold+0x10/0x15 [ 3102.205161] out_of_memory+0x1149/0x1440 [ 3102.205691] ? oom_killer_disable+0x280/0x280 [ 3102.206250] ? mutex_trylock+0x237/0x2b0 [ 3102.206678] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3102.207301] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3102.207949] ? lock_acquire+0x137/0x470 [ 3102.208370] ? warn_alloc+0x190/0x190 [ 3102.208791] __alloc_pages_nodemask+0x51d/0x600 [ 3102.209278] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3102.209909] ? find_get_entry+0x2c8/0x740 [ 3102.210346] alloc_pages_current+0x187/0x280 [ 3102.210811] __page_cache_alloc+0x2d2/0x360 [ 3102.211273] pagecache_get_page+0x2c7/0xc80 [ 3102.211740] filemap_fault+0x177d/0x2210 [ 3102.212170] ? read_cache_page_gfp+0x30/0x30 [ 3102.212633] ? replace_page_cache_page+0x1200/0x1200 [ 3102.213164] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3102.213714] ext4_filemap_fault+0x87/0xc0 [ 3102.214151] __do_fault+0x113/0x410 [ 3102.214540] handle_mm_fault+0x1e72/0x3520 [ 3102.214985] ? find_held_lock+0x2c/0x110 [ 3102.215416] ? __pmd_alloc+0x5e0/0x5e0 [ 3102.215841] ? vmacache_find+0x55/0x2a0 [ 3102.216266] do_user_addr_fault+0x56e/0xc60 [ 3102.216728] exc_page_fault+0xa2/0x1a0 [ 3102.217140] ? asm_exc_page_fault+0x8/0x30 [ 3102.217580] asm_exc_page_fault+0x1e/0x30 [ 3102.218014] RIP: 0033:0x7f7c1a03a173 [ 3102.218409] Code: Unable to access opcode bytes at RIP 0x7f7c1a03a149. [ 3102.219097] RSP: 002b:00007ffd1db89710 EFLAGS: 00010202 [ 3102.219684] RAX: 0000829120c771f8 RBX: 5837fe9dc1c91f32 RCX: 000000000000acf8 [ 3102.220434] RDX: 00007f7c188b6510 RSI: 0000000000000000 RDI: 0000557de9d822d0 [ 3102.221177] RBP: 0000000000000011 R08: 00007ffd1db897c0 R09: 00007ffd1db897c8 [ 3102.221926] R10: 00007f7c1a0aba00 R11: 000000000000545f R12: 0000557de8924ef6 [ 3102.222670] R13: 5837fe9dc1c91f32 R14: 0000557de9d822d0 R15: 00007ffd1db897c0 [ 3102.223472] Mem-Info: [ 3102.223747] active_anon:40 inactive_anon:8778 isolated_anon:0 [ 3102.223747] active_file:29 inactive_file:45 isolated_file:1 [ 3102.223747] unevictable:0 dirty:2 writeback:0 [ 3102.223747] slab_reclaimable:7540 slab_unreclaimable:59802 [ 3102.223747] mapped:17425 shmem:108 pagetables:461 bounce:0 [ 3102.223747] free:3662 free_pcp:15 free_cma:0 [ 3102.226944] Node 0 active_anon:160kB inactive_anon:35112kB active_file:116kB inactive_file:180kB unevictable:0kB isolated(anon):0kB isolated(file):4kB mapped:69700kB dirty:8kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3392kB all_unreclaimable? no [ 3102.229328] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3102.232206] lowmem_reserve[]: 0 1616 1616 1616 [ 3102.232710] Node 0 DMA32 free:8152kB min:5116kB low:6768kB high:8420kB reserved_highatomic:2048KB active_anon:160kB inactive_anon:35100kB active_file:204kB inactive_file:820kB unevictable:0kB writepending:8kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1844kB bounce:0kB free_pcp:148kB local_pcp:60kB free_cma:0kB [ 3102.235672] lowmem_reserve[]: 0 0 0 0 [ 3102.236104] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3102.237714] Node 0 DMA32: 752*4kB (MEH) 247*8kB (UMEH) 73*16kB (UMEH) 18*32kB (UMEH) 4*64kB (UEH) 1*128kB (U) 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 8136kB [ 3102.239667] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3102.240565] 164 total pagecache pages [ 3102.240963] 0 pages in swap cache [ 3102.241339] Swap cache stats: add 0, delete 0, find 0/0 [ 3102.242047] Free swap = 0kB [ 3102.242358] Total swap = 0kB [ 3102.242676] 524158 pages RAM [ 3102.243002] 0 pages HighMem/MovableOnly [ 3102.243536] 105052 pages reserved [ 3102.243891] Unreclaimable slab info: [ 3102.244292] Name Used Total [ 3102.244969] pid_3 7KB 7KB [ 3102.245599] pid_2 43KB 67KB [ 3102.246319] IEEE-802.15.4-MAC 31KB 31KB [ 3102.246873] p9_req_t 8KB 8KB [ 3102.247446] fib6_nodes 28KB 28KB [ 3102.248008] ip6_dst_cache 41KB 41KB [ 3102.248580] PINGv6 63KB 63KB [ 3102.249151] RAWv6 315KB 315KB [ 3102.249711] UDPLITEv6 62KB 62KB [ 3102.250440] UDPv6 62KB 62KB [ 3102.250993] tw_sock_TCPv6 7KB 7KB [ 3102.251708] request_sock_TCPv6 7KB 7KB [ 3102.252279] TCPv6 62KB 62KB [ 3102.252973] scsi_sense_cache 8KB 8KB [ 3102.253547] sd_ext_cdb 3KB 3KB [ 3102.254263] virtio_scsi_cmd 16KB 16KB [ 3102.254818] sgpool-128 59KB 59KB [ 3102.255389] sgpool-64 63KB 63KB [ 3102.255944] sgpool-32 771KB 771KB [ 3102.256509] sgpool-16 232KB 232KB [ 3102.257077] sgpool-8 138KB 138KB [ 3102.257632] io_kiocb 52KB 56KB [ 3102.258378] mqueue_inode_cache 62KB 62KB [ 3102.258971] nfs_commit_data 15KB 15KB [ 3102.259678] nfs_write_data 47KB 47KB [ 3102.260247] jbd2_inode 7KB 7KB [ 3102.260839] ext4_system_zone 7KB 7KB [ 3102.261547] ext4_io_end_vec 7KB 7KB [ 3102.262122] ext4_bio_post_read_ctx 15KB 15KB [ 3102.262725] kioctx 31KB 31KB [ 3102.263297] aio_kiocb 7KB 7KB [ 3102.263869] dio 15KB 15KB [ 3102.264438] bio-2 4KB 4KB [ 3102.264998] fasync_cache 3KB 3KB [ 3102.265564] pid_namespace 7KB 7KB [ 3102.266172] posix_timers_cache 15KB 15KB [ 3102.266837] rpc_buffers 31KB 31KB [ 3102.267405] rpc_tasks 3KB 3KB [ 3102.267969] UNIX 267KB 372KB [ 3102.268541] UDP-Lite 63KB 63KB [ 3102.269106] tcp_bind_bucket 8KB 8KB [ 3102.269660] inet_peer_cache 4KB 4KB [ 3102.270234] xfrm_state 32KB 32KB [ 3102.270786] ip_fib_trie 8KB 8KB [ 3102.271363] ip_fib_alias 15KB 15KB [ 3102.271929] ip_dst_cache 64KB 64KB [ 3102.272506] PING 31KB 31KB [ 3102.273080] RAW 343KB 343KB [ 3102.273645] UDP 224KB 315KB [ 3102.274213] tw_sock_TCP 15KB 15KB [ 3102.274769] request_sock_TCP 7KB 7KB [ 3102.275332] TCP 60KB 60KB [ 3102.275896] hugetlbfs_inode_cache 30KB 30KB [ 3102.276499] bio-1 11KB 11KB [ 3102.277071] eventpoll_pwq 23KB 23KB [ 3102.277626] eventpoll_epi 55KB 55KB [ 3102.278190] inotify_inode_mark 109KB 109KB [ 3102.278750] request_queue 60KB 60KB [ 3102.279323] blkdev_ioc 22KB 22KB [ 3102.279893] bio-0 580KB 580KB [ 3102.280461] biovec-max 561KB 862KB [ 3102.281032] biovec-64 976KB 976KB [ 3102.281589] biovec-16 157KB 157KB [ 3102.282150] user_namespace 31KB 31KB [ 3102.282703] uid_cache 8KB 8KB [ 3102.283268] dmaengine-unmap-2 4KB 4KB [ 3102.283829] audit_buffer 7KB 7KB [ 3102.284393] skbuff_fclone_cache 82KB 82KB [ 3102.284958] skbuff_head_cache 697KB 697KB [ 3102.285524] configfs_dir_cache 4KB 4KB [ 3102.286457] file_lock_cache 20KB 35KB [ 3102.287165] file_lock_ctx 7KB 7KB [ 3102.287743] fsnotify_mark_connector 28KB 28KB [ 3102.288379] net_namespace 176KB 205KB [ 3102.288946] task_delay_info 80KB 88KB [ 3102.289517] taskstats 38KB 38KB [ 3102.290092] proc_dir_entry 350KB 401KB [ 3102.290644] pde_opener 31KB 31KB [ 3102.291213] seq_file 52KB 52KB [ 3102.291769] sigqueue 98KB 98KB [ 3102.292339] shmem_inode_cache 1282KB 1415KB [ 3102.292892] kernfs_iattrs_cache 258KB 258KB [ 3102.293484] kernfs_node_cache 6418KB 6493KB [ 3102.294055] mnt_cache 259KB 259KB [ 3102.294630] filp 744KB 1462KB [ 3102.295204] names_cache 2545KB 2800KB [ 3102.295768] hashtab_node 278KB 278KB [ 3102.296343] ebitmap_node 1149KB 1149KB [ 3102.296904] avtab_node 4976KB 4976KB [ 3102.297479] avc_node 35KB 35KB [ 3102.298081] lsm_inode_cache 2676KB 3099KB [ 3102.298642] lsm_file_cache 179KB 204KB [ 3102.299215] key_jar 31KB 31KB [ 3102.299785] uts_namespace 15KB 15KB [ 3102.300359] nsproxy 11KB 11KB [ 3102.300928] vm_area_struct 999KB 1104KB [ 3102.301503] mm_struct 346KB 409KB [ 3102.302080] fs_cache 45KB 64KB [ 3102.302637] files_cache 209KB 223KB [ 3102.303214] signal_cache 357KB 463KB [ 3102.303783] sighand_cache 277KB 390KB [ 3102.304361] task_struct 1042KB 1364KB [ 3102.304924] cred_jar 110KB 172KB [ 3102.305497] anon_vma_chain 279KB 279KB [ 3102.306079] anon_vma 253KB 270KB [ 3102.306633] pid 57KB 71KB [ 3102.307210] Acpi-Operand 100KB 138KB [ 3102.307771] Acpi-ParseExt 27KB 27KB [ 3102.308341] Acpi-Parse 154KB 169KB [ 3102.308902] Acpi-State 133KB 149KB [ 3102.309473] Acpi-Namespace 24KB 24KB [ 3102.310039] numa_policy 3KB 3KB [ 3102.310602] trace_event_file 163KB 163KB [ 3102.311174] ftrace_event_field 280KB 280KB [ 3102.311766] pool_workqueue 56KB 56KB [ 3102.312346] task_group 16KB 16KB [ 3102.312908] vmap_area 89KB 122KB [ 3102.313477] page->ptl 190KB 244KB [ 3102.314047] kmemleak_scan_area 48KB 79KB [ 3102.315455] kmemleak_object 135426KB 153902KB [ 3102.316050] kmalloc-8k 4528KB 4736KB [ 3102.316604] kmalloc-4k 9040KB 9040KB [ 3102.317181] kmalloc-2k 5164KB 5888KB [ 3102.317748] kmalloc-1k 3048KB 3648KB [ 3102.318335] kmalloc-512 3548KB 5488KB [ 3102.318894] kmalloc-256 1391KB 1472KB [ 3102.319460] kmalloc-192 616KB 616KB [ 3102.320058] kmalloc-128 498KB 552KB [ 3102.320628] kmalloc-96 403KB 728KB [ 3102.321221] kmalloc-64 969KB 1408KB [ 3102.321782] kmalloc-32 767KB 868KB [ 3102.322351] kmalloc-16 381KB 384KB [ 3102.322902] kmalloc-8 334KB 334KB [ 3102.323482] kmem_cache_node 47KB 47KB [ 3102.324054] kmem_cache 75KB 75KB [ 3102.324621] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-journald.service,task=systemd-journal,pid=103,uid=0 [ 3102.326584] Out of memory (oom_kill_allocating_task): Killed process 103 (systemd-journal) total-vm:40072kB, anon-rss:884kB, file-rss:0kB, shmem-rss:4kB, UID:0 pgtables:100kB oom_score_adj:-250 [ 3102.462816] oom_reaper: reaped process 16155 (syz-executor.1), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3103.158408] in:imklog invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3103.160548] CPU: 0 PID: 179 Comm: in:imklog Not tainted 5.10.176 #1 [ 3103.161889] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3103.163664] Call Trace: [ 3103.164229] dump_stack+0x107/0x167 [ 3103.165002] dump_header+0x106/0x65e [ 3103.165792] oom_kill_process.cold+0x10/0x15 [ 3103.166722] out_of_memory+0x1149/0x1440 [ 3103.167606] ? oom_killer_disable+0x280/0x280 [ 3103.168564] ? mutex_trylock+0x237/0x2b0 [ 3103.169427] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3103.170689] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3103.171947] ? lock_acquire+0x137/0x470 [ 3103.172796] ? warn_alloc+0x190/0x190 [ 3103.173628] __alloc_pages_nodemask+0x51d/0x600 [ 3103.174619] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3103.175931] ? find_get_entry+0x2c8/0x740 [ 3103.176817] alloc_pages_current+0x187/0x280 [ 3103.177753] __page_cache_alloc+0x2d2/0x360 [ 3103.178672] pagecache_get_page+0x2c7/0xc80 [ 3103.179603] filemap_fault+0x177d/0x2210 [ 3103.180476] ? read_cache_page_gfp+0x30/0x30 [ 3103.181413] ? handle_mm_fault+0x28d0/0x3520 [ 3103.182351] ? lock_downgrade+0x6d0/0x6d0 [ 3103.183245] ext4_filemap_fault+0x87/0xc0 [ 3103.184137] __do_fault+0x113/0x410 [ 3103.184922] handle_mm_fault+0x1e72/0x3520 [ 3103.185832] ? irqentry_enter+0x26/0x60 [ 3103.186678] ? find_held_lock+0x2c/0x110 [ 3103.187568] ? __pmd_alloc+0x5e0/0x5e0 [ 3103.188410] ? vmacache_find+0x55/0x2a0 [ 3103.189211] do_user_addr_fault+0x56e/0xc60 [ 3103.190083] exc_page_fault+0xa2/0x1a0 [ 3103.190857] ? asm_exc_page_fault+0x8/0x30 [ 3103.191706] asm_exc_page_fault+0x1e/0x30 [ 3103.192578] RIP: 0033:0x7fec29294a50 [ 3103.193524] Code: Unable to access opcode bytes at RIP 0x7fec29294a26. [ 3103.195118] RSP: 002b:00007fec2897f3c8 EFLAGS: 00010206 [ 3103.196225] RAX: 00007fec24049a90 RBX: 00007fec24004de0 RCX: 0000000000000016 [ 3103.197667] RDX: 0000000000000077 RSI: 00007fec2897fd03 RDI: 00007fec24049a90 [ 3103.199183] RBP: 0000000000000077 R08: 00007fec24049a90 R09: 0000000000000640 [ 3103.200649] R10: a3d70a3d70a3d70b R11: 2ce33e6c02ce33e7 R12: 00007fec24049a90 [ 3103.202376] R13: 00007fec2897fd03 R14: 0000000000000000 R15: 00007fec2897fd7b [ 3103.203932] Mem-Info: [ 3103.204480] active_anon:39 inactive_anon:8441 isolated_anon:0 [ 3103.204480] active_file:21 inactive_file:14 isolated_file:0 [ 3103.204480] unevictable:0 dirty:0 writeback:0 [ 3103.204480] slab_reclaimable:7351 slab_unreclaimable:59961 [ 3103.204480] mapped:17424 shmem:108 pagetables:439 bounce:0 [ 3103.204480] free:3602 free_pcp:2 free_cma:0 [ 3103.210876] Node 0 active_anon:156kB inactive_anon:33764kB active_file:84kB inactive_file:56kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69696kB dirty:0kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3360kB all_unreclaimable? no [ 3103.215433] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3103.220705] lowmem_reserve[]: 0 1616 1616 1616 [ 3103.221743] Node 0 DMA32 free:7912kB min:7164kB low:8816kB high:10468kB reserved_highatomic:2048KB active_anon:156kB inactive_anon:33752kB active_file:336kB inactive_file:396kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1756kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB [ 3103.227812] lowmem_reserve[]: 0 0 0 0 [ 3103.228712] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3103.232122] Node 0 DMA32: 897*4kB (UMEH) 319*8kB (UMEH) 57*16kB (MEH) 4*32kB (UMH) 2*64kB (H) 0*128kB 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 8332kB [ 3103.235528] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3103.237418] 158 total pagecache pages [ 3103.238285] 0 pages in swap cache [ 3103.239076] Swap cache stats: add 0, delete 0, find 0/0 [ 3103.240298] Free swap = 0kB [ 3103.240965] Total swap = 0kB [ 3103.241639] 524158 pages RAM [ 3103.242305] 0 pages HighMem/MovableOnly [ 3103.243167] 105052 pages reserved [ 3103.243908] Unreclaimable slab info: [ 3103.244717] Name Used Total [ 3103.245906] pid_3 7KB 7KB [ 3103.247063] pid_2 43KB 67KB [ 3103.248235] IEEE-802.15.4-MAC 31KB 31KB [ 3103.249385] p9_req_t 8KB 8KB [ 3103.250537] fib6_nodes 28KB 28KB [ 3103.251697] ip6_dst_cache 41KB 41KB [ 3103.252848] PINGv6 63KB 63KB [ 3103.253995] RAWv6 315KB 315KB [ 3103.255144] UDPLITEv6 62KB 62KB [ 3103.256315] UDPv6 62KB 62KB [ 3103.257465] tw_sock_TCPv6 7KB 7KB [ 3103.258616] request_sock_TCPv6 7KB 7KB [ 3103.259795] TCPv6 62KB 62KB [ 3103.260953] scsi_sense_cache 8KB 8KB [ 3103.262102] sd_ext_cdb 3KB 3KB [ 3103.263256] virtio_scsi_cmd 16KB 16KB [ 3103.264652] sgpool-128 59KB 59KB [ 3103.265943] sgpool-64 63KB 63KB [ 3103.267228] sgpool-32 1086KB 1086KB [ 3103.268542] sgpool-16 285KB 285KB [ 3103.269829] sgpool-8 165KB 165KB [ 3103.271111] io_kiocb 52KB 56KB [ 3103.272405] mqueue_inode_cache 62KB 62KB [ 3103.273710] nfs_commit_data 15KB 15KB [ 3103.274994] nfs_write_data 47KB 47KB [ 3103.276288] jbd2_inode 7KB 7KB [ 3103.277573] ext4_system_zone 7KB 7KB [ 3103.278858] ext4_io_end_vec 7KB 7KB [ 3103.280163] ext4_bio_post_read_ctx 15KB 15KB [ 3103.281423] kioctx 31KB 31KB [ 3103.282572] aio_kiocb 7KB 7KB [ 3103.283729] dio 15KB 15KB [ 3103.284879] bio-2 4KB 4KB [ 3103.286046] fasync_cache 3KB 3KB [ 3103.287196] pid_namespace 7KB 7KB [ 3103.288354] posix_timers_cache 15KB 15KB [ 3103.289526] rpc_buffers 31KB 31KB [ 3103.290681] rpc_tasks 3KB 3KB [ 3103.291859] UNIX 267KB 372KB [ 3103.293044] UDP-Lite 63KB 63KB [ 3103.294205] tcp_bind_bucket 8KB 8KB [ 3103.295363] inet_peer_cache 4KB 4KB [ 3103.296533] xfrm_state 32KB 32KB [ 3103.297614] ip_fib_trie 8KB 8KB [ 3103.298694] ip_fib_alias 15KB 15KB [ 3103.299793] ip_dst_cache 64KB 64KB [ 3103.300871] PING 31KB 31KB [ 3103.301952] RAW 343KB 343KB [ 3103.303043] UDP 224KB 315KB [ 3103.304130] tw_sock_TCP 15KB 15KB [ 3103.305208] request_sock_TCP 7KB 7KB [ 3103.306286] TCP 60KB 60KB [ 3103.307364] hugetlbfs_inode_cache 30KB 30KB [ 3103.308523] bio-1 11KB 11KB [ 3103.309606] eventpoll_pwq 23KB 23KB [ 3103.310686] eventpoll_epi 55KB 55KB [ 3103.311771] inotify_inode_mark 109KB 109KB [ 3103.312868] request_queue 60KB 60KB [ 3103.313945] blkdev_ioc 22KB 22KB [ 3103.315044] bio-0 712KB 712KB [ 3103.316136] biovec-max 561KB 862KB [ 3103.317214] biovec-64 1291KB 1291KB [ 3103.318291] biovec-16 195KB 195KB [ 3103.319372] user_namespace 31KB 31KB [ 3103.320469] uid_cache 8KB 8KB [ 3103.321548] dmaengine-unmap-2 4KB 4KB [ 3103.322626] audit_buffer 7KB 7KB [ 3103.323716] skbuff_fclone_cache 82KB 82KB [ 3103.324828] skbuff_head_cache 723KB 723KB [ 3103.325906] configfs_dir_cache 4KB 4KB [ 3103.327002] file_lock_cache 20KB 35KB [ 3103.328100] file_lock_ctx 7KB 7KB [ 3103.329183] fsnotify_mark_connector 28KB 28KB [ 3103.330365] net_namespace 176KB 205KB [ 3103.331443] task_delay_info 80KB 88KB [ 3103.332534] taskstats 38KB 38KB [ 3103.333617] proc_dir_entry 350KB 401KB [ 3103.334696] pde_opener 31KB 31KB [ 3103.335787] seq_file 52KB 52KB [ 3103.336867] sigqueue 98KB 98KB [ 3103.337953] shmem_inode_cache 1282KB 1415KB [ 3103.339045] kernfs_iattrs_cache 258KB 258KB [ 3103.340179] kernfs_node_cache 6418KB 6493KB [ 3103.341266] mnt_cache 259KB 259KB [ 3103.342372] filp 744KB 1462KB [ 3103.343458] names_cache 2562KB 2800KB [ 3103.344575] hashtab_node 278KB 278KB [ 3103.345668] ebitmap_node 1149KB 1149KB [ 3103.346764] avtab_node 4976KB 4976KB [ 3103.347881] avc_node 35KB 35KB [ 3103.349008] lsm_inode_cache 2676KB 3099KB [ 3103.350105] lsm_file_cache 179KB 204KB [ 3103.351190] key_jar 31KB 31KB [ 3103.352274] uts_namespace 15KB 15KB [ 3103.353355] nsproxy 11KB 11KB [ 3103.354442] vm_area_struct 999KB 1104KB [ 3103.355529] mm_struct 346KB 409KB [ 3103.356619] fs_cache 45KB 64KB [ 3103.357698] files_cache 209KB 223KB [ 3103.358782] signal_cache 357KB 463KB [ 3103.359889] sighand_cache 277KB 390KB [ 3103.360979] task_struct 1042KB 1364KB [ 3103.362062] cred_jar 110KB 172KB [ 3103.363147] anon_vma_chain 279KB 279KB [ 3103.364239] anon_vma 250KB 270KB [ 3103.365321] pid 57KB 71KB [ 3103.366611] Acpi-Operand 100KB 138KB [ 3103.367763] Acpi-ParseExt 27KB 27KB [ 3103.368929] Acpi-Parse 154KB 169KB [ 3103.370010] Acpi-State 133KB 149KB [ 3103.371115] Acpi-Namespace 24KB 24KB [ 3103.372205] numa_policy 3KB 3KB [ 3103.373291] trace_event_file 163KB 163KB [ 3103.374378] ftrace_event_field 280KB 280KB [ 3103.375669] pool_workqueue 56KB 56KB [ 3103.376754] task_group 16KB 16KB [ 3103.377833] vmap_area 89KB 122KB [ 3103.378920] page->ptl 190KB 244KB [ 3103.380018] kmemleak_scan_area 48KB 79KB [ 3103.382072] kmemleak_object 134267KB 153636KB [ 3103.383175] kmalloc-8k 4528KB 4736KB [ 3103.384268] kmalloc-4k 9112KB 9112KB [ 3103.385368] kmalloc-2k 5176KB 5888KB [ 3103.386458] kmalloc-1k 3048KB 3648KB [ 3103.387587] kmalloc-512 3583KB 5456KB [ 3103.388682] kmalloc-256 1391KB 1472KB [ 3103.389765] kmalloc-192 616KB 616KB [ 3103.390859] kmalloc-128 498KB 552KB [ 3103.391982] kmalloc-96 403KB 728KB [ 3103.393092] kmalloc-64 969KB 1408KB [ 3103.394184] kmalloc-32 767KB 868KB [ 3103.395274] kmalloc-16 381KB 384KB [ 3103.396368] kmalloc-8 334KB 334KB [ 3103.397451] kmem_cache_node 47KB 47KB [ 3103.398533] kmem_cache 75KB 75KB [ 3103.399636] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/rsyslog.service,task=in:imklog,pid=179,uid=0 [ 3103.403199] Out of memory (oom_kill_allocating_task): Killed process 177 (rsyslogd) total-vm:220876kB, anon-rss:1272kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 3103.520545] systemd-udevd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3103.522703] CPU: 0 PID: 16167 Comm: systemd-udevd Not tainted 5.10.176 #1 [ 3103.524060] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3103.525703] Call Trace: [ 3103.526235] dump_stack+0x107/0x167 [ 3103.526966] dump_header+0x106/0x65e [ 3103.527737] oom_kill_process.cold+0x10/0x15 [ 3103.528617] out_of_memory+0x1149/0x1440 [ 3103.529442] ? oom_killer_disable+0x280/0x280 [ 3103.530337] ? mutex_trylock+0x237/0x2b0 [ 3103.531154] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3103.532352] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3103.533623] ? lock_acquire+0x137/0x470 [ 3103.534426] ? warn_alloc+0x190/0x190 [ 3103.535214] __alloc_pages_nodemask+0x51d/0x600 [ 3103.536169] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3103.537369] ? find_get_entry+0x2c8/0x740 [ 3103.538205] alloc_pages_current+0x187/0x280 [ 3103.539088] __page_cache_alloc+0x2d2/0x360 [ 3103.539965] pagecache_get_page+0x2c7/0xc80 [ 3103.540834] filemap_fault+0x177d/0x2210 [ 3103.541655] ? read_cache_page_gfp+0x30/0x30 [ 3103.542536] ? replace_page_cache_page+0x1200/0x1200 [ 3103.543553] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3103.544612] ext4_filemap_fault+0x87/0xc0 [ 3103.545438] __do_fault+0x113/0x410 [ 3103.546169] handle_mm_fault+0x1e72/0x3520 [ 3103.547021] ? find_held_lock+0x2c/0x110 [ 3103.547853] ? __pmd_alloc+0x5e0/0x5e0 [ 3103.548639] ? vmacache_find+0x55/0x2a0 [ 3103.549437] ? vmacache_update+0xce/0x140 [ 3103.550276] do_user_addr_fault+0x56e/0xc60 [ 3103.551146] exc_page_fault+0xa2/0x1a0 [ 3103.551939] ? asm_exc_page_fault+0x8/0x30 [ 3103.552786] asm_exc_page_fault+0x1e/0x30 [ 3103.553606] RIP: 0033:0x7f3070fc1f49 [ 3103.554350] Code: Unable to access opcode bytes at RIP 0x7f3070fc1f1f. [ 3103.555663] RSP: 002b:00007ffd0b79b148 EFLAGS: 00010206 [ 3103.556727] RAX: 0000000000000008 RBX: 0000000000000001 RCX: 00007f3070fec480 [ 3103.558146] RDX: 0000000000000008 RSI: 0000558417a638f8 RDI: 0000558419256e3c [ 3103.559574] RBP: 000055841924d4e0 R08: 0000558417a638f0 R09: 0073656369766564 [ 3103.560980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000558419256e3c [ 3103.562394] R13: 0000000000000007 R14: 0000000000000007 R15: 000055841924d4e1 [ 3103.563985] Mem-Info: [ 3103.564689] active_anon:39 inactive_anon:8105 isolated_anon:0 [ 3103.564689] active_file:29 inactive_file:37 isolated_file:0 [ 3103.564689] unevictable:0 dirty:0 writeback:0 [ 3103.564689] slab_reclaimable:7225 slab_unreclaimable:59896 [ 3103.564689] mapped:17424 shmem:108 pagetables:439 bounce:0 [ 3103.564689] free:3670 free_pcp:68 free_cma:0 [ 3103.570931] Node 0 active_anon:156kB inactive_anon:32420kB active_file:116kB inactive_file:232kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69696kB dirty:0kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3232kB all_unreclaimable? no [ 3103.575604] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3103.580915] lowmem_reserve[]: 0 1616 1616 1616 [ 3103.582055] Node 0 DMA32 free:8184kB min:5116kB low:6768kB high:8420kB reserved_highatomic:2048KB active_anon:156kB inactive_anon:32744kB active_file:324kB inactive_file:312kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1756kB bounce:0kB free_pcp:372kB local_pcp:0kB free_cma:0kB [ 3103.587841] lowmem_reserve[]: 0 0 0 0 [ 3103.588809] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3103.592075] Node 0 DMA32: 757*4kB (MEH) 266*8kB (UMEH) 84*16kB (UMEH) 19*32kB (UMEH) 2*64kB (H) 0*128kB 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 8260kB [ 3103.595299] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3103.597141] 263 total pagecache pages [ 3103.598071] 0 pages in swap cache [ 3103.598753] Swap cache stats: add 0, delete 0, find 0/0 [ 3103.599970] Free swap = 0kB [ 3103.600597] Total swap = 0kB [ 3103.601218] 524158 pages RAM [ 3103.601819] 0 pages HighMem/MovableOnly [ 3103.602762] 105052 pages reserved [ 3103.603622] Unreclaimable slab info: [ 3103.604379] Name Used Total [ 3103.605486] pid_3 7KB 7KB [ 3103.606557] pid_2 43KB 67KB [ 3103.607652] IEEE-802.15.4-MAC 31KB 31KB [ 3103.608888] p9_req_t 8KB 8KB [ 3103.610120] fib6_nodes 28KB 28KB [ 3103.611340] ip6_dst_cache 41KB 41KB [ 3103.612579] PINGv6 63KB 63KB [ 3103.613797] RAWv6 315KB 315KB [ 3103.615079] UDPLITEv6 62KB 62KB [ 3103.616332] UDPv6 62KB 62KB [ 3103.617425] tw_sock_TCPv6 7KB 7KB [ 3103.618508] request_sock_TCPv6 7KB 7KB [ 3103.619633] TCPv6 62KB 62KB [ 3103.620723] scsi_sense_cache 8KB 8KB [ 3103.621808] sd_ext_cdb 3KB 3KB [ 3103.622894] virtio_scsi_cmd 16KB 16KB [ 3103.623996] sgpool-128 59KB 59KB [ 3103.625080] sgpool-64 63KB 63KB [ 3103.626164] sgpool-32 1134KB 1134KB [ 3103.627244] sgpool-16 292KB 292KB [ 3103.628344] sgpool-8 168KB 168KB [ 3103.629424] io_kiocb 52KB 56KB [ 3103.630562] mqueue_inode_cache 62KB 62KB [ 3103.631691] nfs_commit_data 15KB 15KB [ 3103.632777] nfs_write_data 47KB 47KB [ 3103.633864] jbd2_inode 7KB 7KB [ 3103.634954] ext4_system_zone 7KB 7KB [ 3103.636048] ext4_io_end_vec 7KB 7KB [ 3103.637134] ext4_bio_post_read_ctx 15KB 15KB [ 3103.638300] kioctx 31KB 31KB [ 3103.639385] aio_kiocb 7KB 7KB [ 3103.640482] dio 15KB 15KB [ 3103.641565] bio-2 4KB 4KB [ 3103.642646] fasync_cache 3KB 3KB [ 3103.643749] pid_namespace 7KB 7KB [ 3103.644839] posix_timers_cache 15KB 15KB [ 3103.645925] rpc_buffers 31KB 31KB [ 3103.646994] rpc_tasks 3KB 3KB [ 3103.648090] UNIX 267KB 372KB [ 3103.649168] UDP-Lite 63KB 63KB [ 3103.650238] tcp_bind_bucket 8KB 8KB [ 3103.651306] inet_peer_cache 4KB 4KB [ 3103.652381] xfrm_state 32KB 32KB [ 3103.653451] ip_fib_trie 8KB 8KB [ 3103.654523] ip_fib_alias 15KB 15KB [ 3103.655601] ip_dst_cache 64KB 64KB [ 3103.656673] PING 31KB 31KB [ 3103.657742] RAW 343KB 343KB [ 3103.658812] UDP 224KB 315KB [ 3103.659897] tw_sock_TCP 15KB 15KB [ 3103.660970] request_sock_TCP 7KB 7KB [ 3103.662052] TCP 60KB 60KB [ 3103.663121] hugetlbfs_inode_cache 30KB 30KB [ 3103.664268] bio-1 11KB 11KB [ 3103.665336] eventpoll_pwq 23KB 23KB [ 3103.666403] eventpoll_epi 55KB 55KB [ 3103.667468] inotify_inode_mark 109KB 109KB [ 3103.668567] request_queue 60KB 60KB [ 3103.669661] blkdev_ioc 22KB 22KB [ 3103.670739] bio-0 724KB 724KB [ 3103.671884] biovec-max 561KB 862KB [ 3103.672965] biovec-64 1354KB 1354KB [ 3103.674050] biovec-16 198KB 198KB [ 3103.675126] user_namespace 31KB 31KB [ 3103.676212] uid_cache 8KB 8KB [ 3103.677288] dmaengine-unmap-2 4KB 4KB [ 3103.678362] audit_buffer 7KB 7KB [ 3103.679437] skbuff_fclone_cache 82KB 82KB [ 3103.680549] skbuff_head_cache 723KB 723KB [ 3103.681623] configfs_dir_cache 4KB 4KB [ 3103.682713] file_lock_cache 20KB 35KB [ 3103.683808] file_lock_ctx 7KB 7KB [ 3103.684883] fsnotify_mark_connector 28KB 28KB [ 3103.686054] net_namespace 176KB 205KB [ 3103.687180] task_delay_info 80KB 88KB [ 3103.688267] taskstats 38KB 38KB [ 3103.689344] proc_dir_entry 350KB 401KB [ 3103.690417] pde_opener 31KB 31KB [ 3103.691509] seq_file 52KB 52KB [ 3103.692585] sigqueue 98KB 98KB [ 3103.693663] shmem_inode_cache 1282KB 1415KB [ 3103.694740] kernfs_iattrs_cache 258KB 258KB [ 3103.695861] kernfs_node_cache 6418KB 6493KB [ 3103.696932] mnt_cache 259KB 259KB [ 3103.698046] filp 744KB 1462KB [ 3103.699122] names_cache 2562KB 2800KB [ 3103.700211] hashtab_node 278KB 278KB [ 3103.701281] ebitmap_node 1149KB 1149KB [ 3103.702360] avtab_node 4976KB 4976KB [ 3103.703438] avc_node 35KB 35KB [ 3103.704561] lsm_inode_cache 2676KB 3099KB [ 3103.705635] lsm_file_cache 179KB 204KB [ 3103.706707] key_jar 31KB 31KB [ 3103.707787] uts_namespace 15KB 15KB [ 3103.708869] nsproxy 11KB 11KB [ 3103.709965] vm_area_struct 999KB 1104KB [ 3103.711045] mm_struct 346KB 409KB [ 3103.712129] fs_cache 45KB 64KB [ 3103.713210] files_cache 209KB 223KB [ 3103.714302] signal_cache 357KB 463KB [ 3103.715389] sighand_cache 277KB 390KB [ 3103.716499] task_struct 1042KB 1364KB [ 3103.717575] cred_jar 110KB 172KB [ 3103.718650] anon_vma_chain 279KB 279KB [ 3103.719732] anon_vma 247KB 266KB [ 3103.720810] pid 57KB 71KB [ 3103.721893] Acpi-Operand 100KB 138KB [ 3103.722969] Acpi-ParseExt 27KB 27KB [ 3103.724050] Acpi-Parse 154KB 169KB [ 3103.725128] Acpi-State 133KB 149KB [ 3103.726208] Acpi-Namespace 24KB 24KB [ 3103.727287] numa_policy 3KB 3KB [ 3103.728377] trace_event_file 163KB 163KB [ 3103.729451] ftrace_event_field 280KB 280KB [ 3103.730541] pool_workqueue 56KB 56KB [ 3103.731630] task_group 16KB 16KB [ 3103.732704] vmap_area 89KB 122KB [ 3103.733784] page->ptl 190KB 244KB [ 3103.734866] kmemleak_scan_area 48KB 79KB [ 3103.736981] kmemleak_object 133806KB 153386KB [ 3103.738076] kmalloc-8k 4528KB 4736KB [ 3103.739143] kmalloc-4k 9176KB 9176KB [ 3103.740234] kmalloc-2k 5176KB 5888KB [ 3103.741323] kmalloc-1k 3048KB 3648KB [ 3103.742434] kmalloc-512 3617KB 5440KB [ 3103.743533] kmalloc-256 1391KB 1472KB [ 3103.744620] kmalloc-192 616KB 616KB [ 3103.745716] kmalloc-128 498KB 552KB [ 3103.746808] kmalloc-96 403KB 728KB [ 3103.747917] kmalloc-64 968KB 1404KB [ 3103.749018] kmalloc-32 767KB 868KB [ 3103.750114] kmalloc-16 381KB 384KB [ 3103.751205] kmalloc-8 334KB 334KB [ 3103.752304] kmem_cache_node 47KB 47KB [ 3103.753380] kmem_cache 75KB 75KB [ 3103.754458] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-udevd.service,task=systemd-udevd,pid=16167,uid=0 [ 3103.757774] Out of memory (oom_kill_allocating_task): Killed process 16167 (systemd-udevd) total-vm:35980kB, anon-rss:10456kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:80kB oom_score_adj:0 [ 3103.922797] sshd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3103.924923] CPU: 0 PID: 248 Comm: sshd Not tainted 5.10.176 #1 [ 3103.926120] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3103.927788] Call Trace: [ 3103.928323] dump_stack+0x107/0x167 [ 3103.929059] dump_header+0x106/0x65e [ 3103.929822] oom_kill_process.cold+0x10/0x15 [ 3103.930704] out_of_memory+0x1149/0x1440 [ 3103.931545] ? oom_killer_disable+0x280/0x280 [ 3103.932424] ? mutex_trylock+0x237/0x2b0 [ 3103.933216] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3103.934412] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3103.935603] ? lock_acquire+0x137/0x470 [ 3103.936407] ? warn_alloc+0x190/0x190 [ 3103.937198] __alloc_pages_nodemask+0x51d/0x600 [ 3103.938134] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3103.939334] ? find_get_entry+0x2c8/0x740 [ 3103.940171] alloc_pages_current+0x187/0x280 [ 3103.941033] __page_cache_alloc+0x2d2/0x360 [ 3103.941879] pagecache_get_page+0x2c7/0xc80 [ 3103.942733] filemap_fault+0x177d/0x2210 [ 3103.943569] ? read_cache_page_gfp+0x30/0x30 [ 3103.944454] ? handle_mm_fault+0x28d0/0x3520 [ 3103.945321] ? lock_downgrade+0x6d0/0x6d0 [ 3103.946154] ext4_filemap_fault+0x87/0xc0 [ 3103.946972] __do_fault+0x113/0x410 [ 3103.947720] handle_mm_fault+0x1e72/0x3520 [ 3103.948561] ? irqentry_enter+0x26/0x60 [ 3103.949347] ? find_held_lock+0x2c/0x110 [ 3103.950155] ? __pmd_alloc+0x5e0/0x5e0 [ 3103.950934] ? vmacache_find+0x55/0x2a0 [ 3103.951742] do_user_addr_fault+0x56e/0xc60 [ 3103.952607] exc_page_fault+0xa2/0x1a0 [ 3103.953378] ? asm_exc_page_fault+0x8/0x30 [ 3103.954217] asm_exc_page_fault+0x1e/0x30 [ 3103.955031] RIP: 0033:0x7f78c05fb030 [ 3103.955773] Code: Unable to access opcode bytes at RIP 0x7f78c05fb006. [ 3103.957061] RSP: 002b:00007fff449f1d68 EFLAGS: 00010246 [ 3103.958111] RAX: 0000561615201254 RBX: 00005616152203f0 RCX: 000000000000002e [ 3103.959527] RDX: 00007fff449f1e30 RSI: 0000561615201254 RDI: 0000000000000002 [ 3103.960933] RBP: 000000000000000a R08: 0000561615201220 R09: 0000000000000000 [ 3103.962340] R10: 0000000000000000 R11: 00007f78c002a3c0 R12: 00005616152203f0 [ 3103.963757] R13: 00007fff449f1e30 R14: 0000561615223480 R15: 00007fff449f1e30 [ 3103.965313] Mem-Info: [ 3103.965828] active_anon:38 inactive_anon:7916 isolated_anon:0 [ 3103.965828] active_file:31 inactive_file:8 isolated_file:0 [ 3103.965828] unevictable:0 dirty:0 writeback:0 [ 3103.965828] slab_reclaimable:7225 slab_unreclaimable:59926 [ 3103.965828] mapped:17413 shmem:108 pagetables:423 bounce:0 [ 3103.965828] free:3425 free_pcp:187 free_cma:0 [ 3103.972084] Node 0 active_anon:152kB inactive_anon:31664kB active_file:124kB inactive_file:32kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69652kB dirty:0kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3200kB all_unreclaimable? no [ 3103.976646] Node 0 DMA free:6496kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3103.981872] lowmem_reserve[]: 0 1616 1616 1616 [ 3103.982850] Node 0 DMA32 free:6700kB min:9212kB low:10864kB high:12516kB reserved_highatomic:2048KB active_anon:152kB inactive_anon:31904kB active_file:232kB inactive_file:120kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1692kB bounce:0kB free_pcp:748kB local_pcp:500kB free_cma:0kB [ 3103.988602] lowmem_reserve[]: 0 0 0 0 [ 3103.989411] Node 0 DMA: 2*4kB (UM) 1*8kB (U) 1*16kB (M) 2*32kB (UM) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6496kB [ 3103.992520] Node 0 DMA32: 717*4kB (UMEH) 195*8kB (UMEH) 54*16kB (UMEH) 8*32kB (UMH) 2*64kB (H) 0*128kB 2*256kB (H) 1*512kB (H) 0*1024kB 0*2048kB 0*4096kB = 6700kB [ 3103.995532] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3103.997222] 161 total pagecache pages [ 3103.997961] 0 pages in swap cache [ 3103.998655] Swap cache stats: add 0, delete 0, find 0/0 [ 3103.999720] Free swap = 0kB [ 3104.000333] Total swap = 0kB [ 3104.000940] 524158 pages RAM [ 3104.001565] 0 pages HighMem/MovableOnly [ 3104.002379] 105052 pages reserved [ 3104.003087] Unreclaimable slab info: [ 3104.003851] Name Used Total [ 3104.004970] pid_3 7KB 7KB [ 3104.006059] pid_2 43KB 67KB [ 3104.007143] IEEE-802.15.4-MAC 31KB 31KB [ 3104.008235] p9_req_t 8KB 8KB [ 3104.009317] fib6_nodes 28KB 28KB [ 3104.010409] ip6_dst_cache 41KB 41KB [ 3104.011510] PINGv6 63KB 63KB [ 3104.012598] RAWv6 315KB 315KB [ 3104.013679] UDPLITEv6 62KB 62KB [ 3104.014762] UDPv6 62KB 62KB [ 3104.015855] tw_sock_TCPv6 7KB 7KB [ 3104.016939] request_sock_TCPv6 7KB 7KB [ 3104.018048] TCPv6 62KB 62KB [ 3104.019141] scsi_sense_cache 8KB 8KB [ 3104.020232] sd_ext_cdb 3KB 3KB [ 3104.021317] virtio_scsi_cmd 16KB 16KB [ 3104.022401] sgpool-128 59KB 59KB [ 3104.023483] sgpool-64 63KB 63KB [ 3104.024586] sgpool-32 1134KB 1134KB [ 3104.025664] sgpool-16 292KB 292KB [ 3104.026736] sgpool-8 168KB 168KB [ 3104.028001] io_kiocb 52KB 56KB [ 3104.029124] mqueue_inode_cache 62KB 62KB [ 3104.030225] nfs_commit_data 15KB 15KB [ 3104.031300] nfs_write_data 47KB 47KB [ 3104.032395] jbd2_inode 7KB 7KB [ 3104.033474] ext4_system_zone 7KB 7KB [ 3104.034542] ext4_io_end_vec 7KB 7KB [ 3104.035619] ext4_bio_post_read_ctx 15KB 15KB [ 3104.036768] kioctx 31KB 31KB [ 3104.037835] aio_kiocb 7KB 7KB [ 3104.038904] dio 15KB 15KB [ 3104.039984] bio-2 4KB 4KB [ 3104.041052] fasync_cache 3KB 3KB [ 3104.042121] pid_namespace 7KB 7KB [ 3104.043190] posix_timers_cache 15KB 15KB [ 3104.044295] rpc_buffers 31KB 31KB [ 3104.045366] rpc_tasks 3KB 3KB [ 3104.046436] UNIX 267KB 372KB [ 3104.047517] UDP-Lite 63KB 63KB [ 3104.048591] tcp_bind_bucket 8KB 8KB [ 3104.049662] inet_peer_cache 4KB 4KB [ 3104.050732] xfrm_state 32KB 32KB [ 3104.051822] ip_fib_trie 8KB 8KB [ 3104.052891] ip_fib_alias 15KB 15KB [ 3104.053958] ip_dst_cache 64KB 64KB [ 3104.055042] PING 31KB 31KB [ 3104.056135] RAW 343KB 343KB [ 3104.057216] UDP 224KB 315KB [ 3104.058294] tw_sock_TCP 15KB 15KB [ 3104.059377] request_sock_TCP 7KB 7KB [ 3104.060477] TCP 60KB 60KB [ 3104.061553] hugetlbfs_inode_cache 30KB 30KB [ 3104.062691] bio-1 11KB 11KB [ 3104.063775] eventpoll_pwq 23KB 23KB [ 3104.064849] eventpoll_epi 55KB 55KB [ 3104.065949] inotify_inode_mark 109KB 109KB [ 3104.067058] request_queue 60KB 60KB [ 3104.068175] blkdev_ioc 22KB 22KB [ 3104.069255] bio-0 724KB 724KB [ 3104.070344] biovec-max 561KB 862KB [ 3104.071433] biovec-64 1354KB 1354KB [ 3104.072519] biovec-16 198KB 198KB [ 3104.073586] user_namespace 31KB 31KB [ 3104.074656] uid_cache 8KB 8KB [ 3104.075736] dmaengine-unmap-2 4KB 4KB [ 3104.076802] audit_buffer 7KB 7KB [ 3104.077867] skbuff_fclone_cache 82KB 82KB [ 3104.078966] skbuff_head_cache 742KB 742KB [ 3104.080115] configfs_dir_cache 4KB 4KB [ 3104.081198] file_lock_cache 20KB 35KB [ 3104.082270] file_lock_ctx 7KB 7KB [ 3104.083334] fsnotify_mark_connector 28KB 28KB [ 3104.084507] net_namespace 176KB 205KB [ 3104.085571] task_delay_info 80KB 88KB [ 3104.086642] taskstats 38KB 38KB [ 3104.087722] proc_dir_entry 350KB 401KB [ 3104.088790] pde_opener 31KB 31KB [ 3104.089852] seq_file 52KB 52KB [ 3104.090919] sigqueue 98KB 98KB [ 3104.092015] shmem_inode_cache 1282KB 1415KB [ 3104.093117] kernfs_iattrs_cache 258KB 258KB [ 3104.094234] kernfs_node_cache 6418KB 6493KB [ 3104.095314] mnt_cache 259KB 259KB [ 3104.096404] filp 744KB 1462KB [ 3104.097481] names_cache 2562KB 2800KB [ 3104.098557] hashtab_node 278KB 278KB [ 3104.099646] ebitmap_node 1149KB 1149KB [ 3104.100723] avtab_node 4976KB 4976KB [ 3104.101803] avc_node 35KB 35KB [ 3104.102890] lsm_inode_cache 2676KB 3099KB [ 3104.103988] lsm_file_cache 179KB 204KB [ 3104.105062] key_jar 31KB 31KB [ 3104.106142] uts_namespace 15KB 15KB [ 3104.107218] nsproxy 11KB 11KB [ 3104.108307] vm_area_struct 999KB 1104KB [ 3104.109381] mm_struct 346KB 409KB [ 3104.110456] fs_cache 45KB 64KB [ 3104.111539] files_cache 209KB 223KB [ 3104.112621] signal_cache 357KB 463KB [ 3104.113698] sighand_cache 277KB 390KB [ 3104.114773] task_struct 1042KB 1364KB [ 3104.115878] cred_jar 110KB 172KB [ 3104.116955] anon_vma_chain 279KB 279KB [ 3104.118042] anon_vma 246KB 266KB [ 3104.119120] pid 57KB 71KB [ 3104.120203] Acpi-Operand 100KB 138KB [ 3104.121279] Acpi-ParseExt 27KB 27KB [ 3104.122357] Acpi-Parse 154KB 169KB [ 3104.123434] Acpi-State 133KB 149KB [ 3104.124531] Acpi-Namespace 24KB 24KB [ 3104.125609] numa_policy 3KB 3KB [ 3104.126685] trace_event_file 163KB 163KB [ 3104.127770] ftrace_event_field 280KB 280KB [ 3104.128863] pool_workqueue 56KB 56KB [ 3104.129936] task_group 16KB 16KB [ 3104.131047] vmap_area 89KB 122KB [ 3104.132138] page->ptl 190KB 244KB [ 3104.133215] kmemleak_scan_area 48KB 79KB [ 3104.134633] kmemleak_object 133876KB 153386KB [ 3104.135745] kmalloc-8k 4528KB 4736KB [ 3104.136821] kmalloc-4k 9216KB 9216KB [ 3104.137899] kmalloc-2k 5176KB 5888KB [ 3104.138977] kmalloc-1k 3048KB 3648KB [ 3104.140061] kmalloc-512 3678KB 5440KB [ 3104.141132] kmalloc-256 1391KB 1472KB [ 3104.142201] kmalloc-192 616KB 616KB [ 3104.143271] kmalloc-128 498KB 552KB [ 3104.144365] kmalloc-96 403KB 728KB [ 3104.145441] kmalloc-64 968KB 1404KB [ 3104.146512] kmalloc-32 767KB 868KB [ 3104.147588] kmalloc-16 381KB 384KB [ 3104.148657] kmalloc-8 334KB 334KB [ 3104.149725] kmem_cache_node 47KB 47KB [ 3104.150792] kmem_cache 75KB 75KB [ 3104.151864] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=sshd,pid=248,uid=0 [ 3104.154769] Out of memory (oom_kill_allocating_task): Killed process 248 (sshd) total-vm:13796kB, anon-rss:1260kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 3105.025995] syz-executor.0: page allocation failure: order:0, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0 [ 3105.028333] CPU: 1 PID: 16154 Comm: syz-executor.0 Not tainted 5.10.176 #1 [ 3105.029541] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3105.031001] Call Trace: [ 3105.031467] dump_stack+0x107/0x167 [ 3105.032124] warn_alloc.cold+0x95/0x18a [ 3105.032836] ? zone_watermark_ok_safe+0x260/0x260 [ 3105.033677] ? queue_oom_reaper+0x86/0x1e0 [ 3105.034421] ? wait_for_completion_io+0x270/0x270 [ 3105.035270] __alloc_pages_slowpath.constprop.0+0x1c80/0x2130 [ 3105.036310] ? lock_acquire+0x137/0x470 [ 3105.037007] ? warn_alloc+0x190/0x190 [ 3105.037694] __alloc_pages_nodemask+0x51d/0x600 [ 3105.038504] ? asm_sysvec_apic_timer_interrupt+0x12/0x20 [ 3105.039452] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3105.039804] (d-rfkill) invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3105.040508] ? policy_node+0x14/0x140 [ 3105.040527] ? __sanitizer_cov_trace_pc+0x55/0x60 [ 3105.040550] alloc_pages_current+0x187/0x280 [ 3105.044901] relay_open_buf.part.0+0x2a5/0xc00 [ 3105.045704] relay_open+0x531/0xa10 [ 3105.046348] do_blk_trace_setup+0x4cf/0xc10 [ 3105.047101] ? _copy_from_user+0xfb/0x1b0 [ 3105.047846] __blk_trace_setup+0xca/0x180 [ 3105.048563] ? do_blk_trace_setup+0xc10/0xc10 [ 3105.049342] ? lockdep_hardirqs_on_prepare+0x277/0x3e0 [ 3105.050268] blk_trace_ioctl+0x155/0x290 [ 3105.050972] ? blk_add_trace_bio_remap+0x5d0/0x5d0 [ 3105.051826] ? do_vfs_ioctl+0x283/0x10d0 [ 3105.052529] ? selinux_bprm_creds_for_exec+0xb60/0xb60 [ 3105.053435] ? generic_block_fiemap+0x60/0x60 [ 3105.054219] blkdev_ioctl+0xc1/0x710 [ 3105.054858] ? blkdev_common_ioctl+0x1870/0x1870 [ 3105.055672] ? selinux_file_ioctl+0xb6/0x270 [ 3105.056429] block_ioctl+0xf9/0x140 [ 3105.057049] ? blkdev_read_iter+0x1c0/0x1c0 [ 3105.057788] __x64_sys_ioctl+0x19a/0x210 [ 3105.058487] do_syscall_64+0x33/0x40 [ 3105.059127] entry_SYSCALL_64_after_hwframe+0x61/0xc6 [ 3105.060014] RIP: 0033:0x7fb88af90b19 [ 3105.060656] Code: Unable to access opcode bytes at RIP 0x7fb88af90aef. [ 3105.061775] RSP: 002b:00007fb888506188 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 3105.063077] RAX: ffffffffffffffda RBX: 00007fb88b0a3f60 RCX: 00007fb88af90b19 [ 3105.064307] RDX: 0000000020000440 RSI: 00000000c0481273 RDI: 0000000000000003 [ 3105.065531] RBP: 00007fb88afeaf6d R08: 0000000000000000 R09: 0000000000000000 [ 3105.066758] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 3105.067993] R13: 00007ffd7ac3585f R14: 00007fb888506300 R15: 0000000000022000 [ 3105.069250] CPU: 0 PID: 16194 Comm: (d-rfkill) Not tainted 5.10.176 #1 [ 3105.069866] Mem-Info: [ 3105.070680] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3105.070688] Call Trace: [ 3105.070719] dump_stack+0x107/0x167 [ 3105.070745] dump_header+0x106/0x65e [ 3105.070772] oom_kill_process.cold+0x10/0x15 [ 3105.071223] active_anon:37 inactive_anon:7594 isolated_anon:0 [ 3105.071223] active_file:17 inactive_file:40 isolated_file:0 [ 3105.071223] unevictable:0 dirty:0 writeback:0 [ 3105.071223] slab_reclaimable:7143 slab_unreclaimable:59890 [ 3105.071223] mapped:17410 shmem:108 pagetables:391 bounce:0 [ 3105.071223] free:2801 free_pcp:62 free_cma:0 [ 3105.072986] out_of_memory+0x1149/0x1440 [ 3105.073016] ? oom_killer_disable+0x280/0x280 [ 3105.073471] Node 0 active_anon:148kB inactive_anon:30376kB active_file:68kB inactive_file:160kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69640kB dirty:0kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3168kB all_unreclaimable? no [ 3105.074214] ? mutex_trylock+0x237/0x2b0 [ 3105.074242] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3105.074849] Node 0 [ 3105.075795] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3105.075834] ? lock_acquire+0x137/0x470 [ 3105.081035] DMA free:6488kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3105.081860] ? warn_alloc+0x190/0x190 [ 3105.082609] lowmem_reserve[]: [ 3105.087462] __alloc_pages_nodemask+0x51d/0x600 [ 3105.088142] 0 [ 3105.089397] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3105.089422] ? find_get_entry+0x2c8/0x740 [ 3105.089790] 1616 [ 3105.091040] alloc_pages_current+0x187/0x280 [ 3105.091068] __page_cache_alloc+0x2d2/0x360 [ 3105.091736] 1616 [ 3105.097129] pagecache_get_page+0x2c7/0xc80 [ 3105.097156] filemap_fault+0x177d/0x2210 [ 3105.097762] 1616 [ 3105.098454] ? read_cache_page_gfp+0x30/0x30 [ 3105.098478] ? replace_page_cache_page+0x1200/0x1200 [ 3105.099251] Node 0 [ 3105.099644] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3105.099675] ext4_filemap_fault+0x87/0xc0 [ 3105.100687] DMA32 free:4716kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:148kB inactive_anon:30364kB active_file:552kB inactive_file:336kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1564kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 3105.101525] __do_fault+0x113/0x410 [ 3105.101550] handle_mm_fault+0x1e72/0x3520 [ 3105.101879] lowmem_reserve[]: 0 [ 3105.102831] ? find_held_lock+0x2c/0x110 [ 3105.102853] ? __pmd_alloc+0x5e0/0x5e0 [ 3105.103598] 0 [ 3105.104037] ? vmacache_find+0x55/0x2a0 [ 3105.104824] 0 [ 3105.105675] do_user_addr_fault+0x56e/0xc60 [ 3105.105707] exc_page_fault+0xa2/0x1a0 [ 3105.106080] 0 [ 3105.107000] ? asm_exc_page_fault+0x8/0x30 [ 3105.107941] [ 3105.108408] asm_exc_page_fault+0x1e/0x30 [ 3105.108427] RIP: 0033:0x7f2e9503a404 [ 3105.109387] Node 0 [ 3105.110250] Code: Unable to access opcode bytes at RIP 0x7f2e9503a3da. [ 3105.110267] RSP: 002b:00007ffe289a89a0 EFLAGS: 00010297 [ 3105.115325] DMA: [ 3105.116074] [ 3105.116088] RAX: 00007ffe289a8cd0 RBX: 0000000000000000 RCX: ffffffffffffffff [ 3105.116105] RDX: 0000000000000000 RSI: 00000000000000ff RDI: 00007ffe289a8cd0 [ 3105.116865] 2*4kB [ 3105.117550] RBP: 00007f2e9507fd40 R08: 0000000000000000 R09: 0000558c34651680 [ 3105.117562] R10: 00007f2e9555db80 R11: 0000000000000004 R12: 0000558c3474a300 [ 3105.117579] R13: 0000558c3474a300 R14: 0000558c3474a317 R15: 0000558c3474a317 [ 3105.118324] (UM) [ 3105.119186] Mem-Info: [ 3105.119469] 0*8kB 1*16kB [ 3105.120381] active_anon:37 inactive_anon:7594 isolated_anon:0 [ 3105.120381] active_file:17 inactive_file:40 isolated_file:0 [ 3105.120381] unevictable:0 dirty:0 writeback:0 [ 3105.120381] slab_reclaimable:7143 slab_unreclaimable:59890 [ 3105.120381] mapped:17410 shmem:108 pagetables:391 bounce:0 [ 3105.120381] free:2801 free_pcp:62 free_cma:0 [ 3105.120682] (M) 2*32kB [ 3105.121638] Node 0 active_anon:148kB inactive_anon:30376kB active_file:68kB inactive_file:160kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:69640kB dirty:0kB writeback:0kB shmem:432kB writeback_tmp:0kB kernel_stack:3168kB all_unreclaimable? no [ 3105.121650] Node 0 [ 3105.122378] (UM) [ 3105.122794] DMA free:6488kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:12kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3105.123579] 2*64kB [ 3105.123927] lowmem_reserve[]: [ 3105.124701] (UM) [ 3105.125492] 0 1616 [ 3105.125909] 1*128kB (M) [ 3105.127318] 1616 1616 [ 3105.128333] 2*256kB [ 3105.128769] [ 3105.129088] (UM) 1*512kB [ 3105.130629] Node 0 [ 3105.131964] (M) [ 3105.132475] DMA32 free:4716kB min:5116kB low:6768kB high:8420kB reserved_highatomic:0KB active_anon:148kB inactive_anon:30364kB active_file:552kB inactive_file:336kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:1564kB bounce:0kB free_pcp:248kB local_pcp:0kB free_cma:0kB [ 3105.133773] 1*1024kB [ 3105.135292] lowmem_reserve[]: 0 [ 3105.136649] (M) [ 3105.137109] 0 [ 3105.137547] 0*2048kB 1*4096kB [ 3105.138156] 0 0 [ 3105.143840] (M) [ 3105.144406] [ 3105.148584] = 6488kB [ 3105.149076] Node 0 [ 3105.149451] Node 0 DMA32: [ 3105.154835] DMA: 2*4kB [ 3105.155282] 674*4kB [ 3105.155939] (UM) [ 3105.156346] (UME) [ 3105.156821] 0*8kB [ 3105.157331] 173*8kB [ 3105.157857] 1*16kB [ 3105.158303] (UME) [ 3105.158652] (M) [ 3105.159185] 32*16kB [ 3105.159656] 2*32kB (UM) [ 3105.160053] (ME) 0*32kB [ 3105.165891] 2*64kB [ 3105.166356] 0*64kB [ 3105.167060] (UM) [ 3105.167421] 0*128kB 0*256kB [ 3105.167817] 1*128kB (M) [ 3105.168434] 0*512kB [ 3105.168852] 2*256kB [ 3105.169239] 0*1024kB [ 3105.169584] (UM) [ 3105.170006] 0*2048kB 0*4096kB [ 3105.170508] 1*512kB [ 3105.171006] = 4592kB [ 3105.171029] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3105.171599] (M) [ 3105.172018] 158 total pagecache pages [ 3105.172470] 1*1024kB [ 3105.172851] 0 pages in swap cache [ 3105.173320] (M) 0*2048kB [ 3105.173756] Swap cache stats: add 0, delete 0, find 0/0 [ 3105.173767] Free swap = 0kB [ 3105.174259] 1*4096kB (M) [ 3105.174660] Total swap = 0kB [ 3105.174671] 524158 pages RAM [ 3105.175115] = 6488kB [ 3105.175543] 0 pages HighMem/MovableOnly [ 3105.175555] 105052 pages reserved [ 3105.176134] Node 0 DMA32: 870*4kB (UME) 209*8kB (UME) 63*16kB (UME) 448*32kB (U) 316*64kB (U) 221*128kB (U) 138*256kB (U) 6*512kB (U) 0*1024kB 0*2048kB 0*4096kB = 107408kB [ 3105.196971] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3105.198780] 158 total pagecache pages [ 3105.199615] 0 pages in swap cache [ 3105.200370] Swap cache stats: add 0, delete 0, find 0/0 [ 3105.201517] Free swap = 0kB [ 3105.202181] Total swap = 0kB [ 3105.202822] 524158 pages RAM [ 3105.203488] 0 pages HighMem/MovableOnly [ 3105.204355] 105052 pages reserved [ 3105.205111] Unreclaimable slab info: [ 3105.205899] Name Used Total [ 3105.207090] pid_3 7KB 7KB [ 3105.208260] pid_2 43KB 67KB [ 3105.209411] IEEE-802.15.4-MAC 31KB 31KB [ 3105.210568] p9_req_t 8KB 8KB [ 3105.211767] fib6_nodes 28KB 28KB [ 3105.212918] ip6_dst_cache 41KB 41KB [ 3105.214075] PINGv6 63KB 63KB [ 3105.215229] RAWv6 315KB 315KB [ 3105.216399] UDPLITEv6 62KB 62KB [ 3105.217552] UDPv6 62KB 62KB [ 3105.218705] tw_sock_TCPv6 7KB 7KB [ 3105.219864] request_sock_TCPv6 7KB 7KB [ 3105.221046] TCPv6 62KB 62KB [ 3105.222206] scsi_sense_cache 8KB 8KB [ 3105.223361] sd_ext_cdb 3KB 3KB [ 3105.224519] virtio_scsi_cmd 16KB 16KB [ 3105.225683] sgpool-128 59KB 59KB [ 3105.226836] sgpool-64 63KB 63KB [ 3105.228004] sgpool-32 1212KB 1212KB [ 3105.229159] sgpool-16 307KB 307KB [ 3105.230313] sgpool-8 168KB 168KB [ 3105.231468] io_kiocb 52KB 56KB [ 3105.232626] mqueue_inode_cache 62KB 62KB [ 3105.233796] nfs_commit_data 15KB 15KB [ 3105.234948] nfs_write_data 47KB 47KB [ 3105.236111] jbd2_inode 7KB 7KB [ 3105.237265] ext4_system_zone 7KB 7KB [ 3105.238419] ext4_io_end_vec 7KB 7KB [ 3105.239590] ext4_bio_post_read_ctx 15KB 15KB [ 3105.240832] kioctx 31KB 31KB [ 3105.241982] aio_kiocb 7KB 7KB [ 3105.243136] dio 15KB 15KB [ 3105.244297] bio-2 4KB 4KB [ 3105.245450] fasync_cache 3KB 3KB [ 3105.246605] pid_namespace 7KB 7KB [ 3105.247780] posix_timers_cache 15KB 15KB [ 3105.248955] rpc_buffers 31KB 31KB [ 3105.250109] rpc_tasks 3KB 3KB [ 3105.251264] UNIX 267KB 372KB [ 3105.252428] UDP-Lite 63KB 63KB [ 3105.253581] tcp_bind_bucket 8KB 8KB [ 3105.254734] inet_peer_cache 4KB 4KB [ 3105.255896] xfrm_state 32KB 32KB [ 3105.257051] ip_fib_trie 8KB 8KB [ 3105.258208] ip_fib_alias 15KB 15KB [ 3105.259362] ip_dst_cache 64KB 64KB [ 3105.260533] PING 31KB 31KB [ 3105.261685] RAW 343KB 343KB [ 3105.262837] UDP 224KB 315KB [ 3105.263996] tw_sock_TCP 15KB 15KB [ 3105.265151] request_sock_TCP 7KB 7KB [ 3105.266305] TCP 60KB 60KB [ 3105.267460] hugetlbfs_inode_cache 30KB 30KB [ 3105.268700] bio-1 11KB 11KB [ 3105.269852] eventpoll_pwq 23KB 23KB [ 3105.271005] eventpoll_epi 55KB 55KB [ 3105.272172] inotify_inode_mark 109KB 109KB [ 3105.273345] request_queue 60KB 60KB [ 3105.274499] blkdev_ioc 22KB 22KB [ 3105.275667] bio-0 764KB 764KB [ 3105.276824] biovec-max 561KB 862KB [ 3105.277981] biovec-64 1449KB 1449KB [ 3105.279136] biovec-16 210KB 210KB [ 3105.280303] user_namespace 31KB 31KB [ 3105.281456] uid_cache 8KB 8KB [ 3105.282611] dmaengine-unmap-2 4KB 4KB [ 3105.283769] audit_buffer 7KB 7KB [ 3105.284924] skbuff_fclone_cache 82KB 82KB [ 3105.286117] skbuff_head_cache 765KB 765KB [ 3105.287271] configfs_dir_cache 4KB 4KB [ 3105.288468] file_lock_cache 20KB 35KB [ 3105.289625] file_lock_ctx 7KB 7KB [ 3105.290781] fsnotify_mark_connector 28KB 28KB [ 3105.292052] net_namespace 176KB 205KB [ 3105.293209] task_delay_info 80KB 88KB [ 3105.294364] taskstats 38KB 38KB [ 3105.295528] proc_dir_entry 350KB 401KB [ 3105.296684] pde_opener 31KB 31KB [ 3105.297839] seq_file 52KB 52KB [ 3105.298993] sigqueue 98KB 98KB [ 3105.300167] shmem_inode_cache 1282KB 1415KB [ 3105.301320] kernfs_iattrs_cache 258KB 258KB [ 3105.302518] kernfs_node_cache 6418KB 6493KB [ 3105.303685] mnt_cache 259KB 259KB [ 3105.304863] filp 744KB 1462KB [ 3105.306022] names_cache 2579KB 2800KB [ 3105.307196] hashtab_node 278KB 278KB [ 3105.308368] ebitmap_node 1149KB 1149KB [ 3105.309526] avtab_node 4976KB 4976KB [ 3105.310682] avc_node 35KB 35KB [ 3105.311877] lsm_inode_cache 2670KB 3099KB [ 3105.313049] lsm_file_cache 179KB 204KB [ 3105.314205] key_jar 31KB 31KB [ 3105.315357] uts_namespace 15KB 15KB [ 3105.316516] nsproxy 11KB 11KB [ 3105.317681] vm_area_struct 999KB 1104KB [ 3105.318835] mm_struct 346KB 409KB [ 3105.320007] fs_cache 45KB 64KB [ 3105.321166] files_cache 209KB 223KB [ 3105.322320] signal_cache 357KB 463KB [ 3105.323477] sighand_cache 275KB 390KB [ 3105.324643] task_struct 1042KB 1364KB [ 3105.325798] cred_jar 110KB 172KB [ 3105.326952] anon_vma_chain 279KB 279KB [ 3105.328132] anon_vma 221KB 255KB [ 3105.329286] pid 57KB 71KB [ 3105.330447] Acpi-Operand 100KB 138KB [ 3105.331607] Acpi-ParseExt 27KB 27KB [ 3105.332760] Acpi-Parse 154KB 169KB [ 3105.333912] Acpi-State 133KB 149KB [ 3105.335067] Acpi-Namespace 24KB 24KB [ 3105.336229] numa_policy 3KB 3KB [ 3105.337386] trace_event_file 163KB 163KB [ 3105.338541] ftrace_event_field 280KB 280KB [ 3105.339731] pool_workqueue 56KB 56KB [ 3105.340883] task_group 16KB 16KB [ 3105.342050] vmap_area 89KB 122KB [ 3105.343208] page->ptl 190KB 244KB [ 3105.344369] kmemleak_scan_area 48KB 79KB [ 3105.346711] kmemleak_object 133598KB 153127KB [ 3105.347892] kmalloc-8k 4528KB 4736KB [ 3105.349043] kmalloc-4k 9216KB 9216KB [ 3105.350214] kmalloc-2k 5188KB 5888KB [ 3105.351368] kmalloc-1k 3048KB 3648KB [ 3105.352573] kmalloc-512 3733KB 5424KB [ 3105.353729] kmalloc-256 1390KB 1472KB [ 3105.354862] kmalloc-192 616KB 616KB [ 3105.356019] kmalloc-128 498KB 552KB [ 3105.357193] kmalloc-96 402KB 728KB [ 3105.358366] kmalloc-64 966KB 1404KB [ 3105.359531] kmalloc-32 767KB 868KB [ 3105.360689] kmalloc-16 381KB 384KB [ 3105.361859] kmalloc-8 334KB 334KB [ 3105.363003] kmem_cache_node 47KB 47KB [ 3105.364178] kmem_cache 75KB 75KB [ 3105.365330] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/systemd-rfkill.service,task=(d-rfkill),pid=16194,uid=0 [ 3105.369707] Out of memory (oom_kill_allocating_task): Killed process 16194 ((d-rfkill)) total-vm:179992kB, anon-rss:11120kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:104kB oom_score_adj:0 [ 3105.442646] systemd[1]: systemd-journald.service: Main process exited, code=killed, status=9/KILL [ 3105.447117] systemd[1]: systemd-journald.service: Failed with result 'oom-kill'. [ 3105.484471] systemd[1]: systemd-journald.service: Consumed 9.204s CPU time. [ 3105.494196] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 3105.499607] systemd[1]: rsyslog.service: Failed with result 'oom-kill'. [ 3105.521049] systemd[1]: rsyslog.service: Consumed 1.452s CPU time. [ 3105.544364] systemd[1]: ssh.service: Scheduled restart job, restart counter is at 1. [ 3105.546650] systemd[1]: systemd-journald.service: Scheduled restart job, restart counter is at 1. [ 3105.603379] systemd[1]: Stopped OpenBSD Secure Shell server. [ 3105.608762] systemd[1]: ssh.service: Consumed 43min 51.576s CPU time. [ 3105.712755] systemd[1]: Starting OpenBSD Secure Shell server... [ 3105.780516] systemd[1]: Stopping Flush Journal to Persistent Storage... [ 3105.797545] systemd[1]: systemd-rfkill.service: Main process exited, code=killed, status=9/KILL [ 3105.803755] systemd[1]: systemd-rfkill.service: Failed with result 'oom-kill'. [ 3105.845123] systemd[1]: Failed to start Load/Save RF Kill Switch Status. [ 3105.851165] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 1. [ 3105.852998] systemd[1]: Stopped System Logging Service. [ 3105.863731] systemd[1]: rsyslog.service: Consumed 1.452s CPU time. [ 3105.946025] systemd[1]: Starting System Logging Service... [ 3106.026570] systemd[1]: Starting Load/Save RF Kill Switch Status... [ 3106.038149] systemd[1]: systemd-udevd.service: Failed with result 'oom-kill'. [ 3106.060001] systemd[1]: systemd-udevd.service: Consumed 2min 26.447s CPU time. [ 3106.066512] systemd[1]: systemd-udevd.service: Scheduled restart job, restart counter is at 1. [ 3106.068709] systemd[1]: Stopped Rule-based Manager for Device Events and Files. [ 3106.073454] systemd[1]: systemd-udevd.service: Consumed 2min 26.447s CPU time. [ 3106.119649] systemd[1]: Starting Rule-based Manager for Device Events and Files... [ 3106.267845] systemd[1]: Started System Logging Service. [ 3106.384290] systemd[1]: Started Load/Save RF Kill Switch Status. [ 3106.413983] systemd[1]: systemd-journal-flush.service: Succeeded. [ 3106.552245] sshd invoked oom-killer: gfp_mask=0x100dca(GFP_HIGHUSER_MOVABLE|__GFP_ZERO), order=0, oom_score_adj=0 [ 3106.555191] CPU: 1 PID: 16207 Comm: sshd Not tainted 5.10.176 #1 [ 3106.556427] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3106.558091] Call Trace: [ 3106.558614] dump_stack+0x107/0x167 [ 3106.559331] dump_header+0x106/0x65e [ 3106.560075] oom_kill_process.cold+0x10/0x15 [ 3106.560944] out_of_memory+0x1149/0x1440 [ 3106.561746] ? oom_killer_disable+0x280/0x280 [ 3106.562629] ? mutex_trylock+0x237/0x2b0 [ 3106.563422] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3106.564599] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3106.565755] ? lock_acquire+0x137/0x470 [ 3106.566537] ? warn_alloc+0x190/0x190 [ 3106.567302] __alloc_pages_nodemask+0x51d/0x600 [ 3106.568220] ? fault_dirty_shared_page+0x3f0/0x3f0 [ 3106.569187] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3106.570364] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3106.571386] ? lock_downgrade+0x6d0/0x6d0 [ 3106.572210] ? mark_held_locks+0x9e/0xe0 [ 3106.573007] alloc_pages_vma+0xbb/0x410 [ 3106.573788] handle_mm_fault+0x154b/0x3520 [ 3106.574622] ? trace_hardirqs_on+0x5b/0x180 [ 3106.575463] ? _raw_spin_unlock_irq+0x1f/0x30 [ 3106.576348] ? __pmd_alloc+0x5e0/0x5e0 [ 3106.577115] ? vmacache_find+0x55/0x2a0 [ 3106.577898] ? vmacache_update+0xce/0x140 [ 3106.578713] do_user_addr_fault+0x56e/0xc60 [ 3106.579574] exc_page_fault+0xa2/0x1a0 [ 3106.580330] ? asm_exc_page_fault+0x8/0x30 [ 3106.581154] asm_exc_page_fault+0x1e/0x30 [ 3106.581953] RIP: 0033:0x7f2a0c508205 [ 3106.582681] Code: Unable to access opcode bytes at RIP 0x7f2a0c5081db. [ 3106.583980] RSP: 002b:00007ffde8c6c880 EFLAGS: 00010206 [ 3106.585024] RAX: 0000000000020001 RBX: 0000000000000018 RCX: 00005642eb1ed000 [ 3106.586417] RDX: 0000000000000021 RSI: 0000000000000000 RDI: 0000000000000004 [ 3106.587821] RBP: 0000000000000020 R08: 0000000000000003 R09: 00007f2a0c63dbe0 [ 3106.589203] R10: 0000000000000007 R11: 0000000000000020 R12: 00007f2a0c63db80 [ 3106.590594] R13: 0000000000000002 R14: fffffffffffffe28 R15: 00005642eb1ecfe0 [ 3106.592070] Mem-Info: [ 3106.592579] active_anon:35 inactive_anon:4744 isolated_anon:0 [ 3106.592579] active_file:360 inactive_file:478 isolated_file:15 [ 3106.592579] unevictable:0 dirty:74 writeback:0 [ 3106.592579] slab_reclaimable:6720 slab_unreclaimable:59034 [ 3106.592579] mapped:9420 shmem:106 pagetables:237 bounce:0 [ 3106.592579] free:3793 free_pcp:108 free_cma:0 [ 3106.598711] Node 0 active_anon:140kB inactive_anon:18976kB active_file:1440kB inactive_file:1828kB unevictable:0kB isolated(anon):0kB isolated(file):60kB mapped:37680kB dirty:296kB writeback:0kB shmem:424kB writeback_tmp:0kB kernel_stack:2848kB all_unreclaimable? no [ 3106.603306] Node 0 DMA free:6468kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:36kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:4kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3106.608483] lowmem_reserve[]: 0 1616 1616 1616 [ 3106.609448] Node 0 DMA32 free:8704kB min:17744kB low:19396kB high:21048kB reserved_highatomic:0KB active_anon:140kB inactive_anon:18940kB active_file:1696kB inactive_file:1780kB unevictable:0kB writepending:296kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:944kB bounce:0kB free_pcp:556kB local_pcp:0kB free_cma:0kB [ 3106.615129] lowmem_reserve[]: 0 0 0 0 [ 3106.615931] Node 0 DMA: 1*4kB (M) 2*8kB (UM) 1*16kB (M) 1*32kB (U) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6468kB [ 3106.619083] Node 0 DMA32: 672*4kB (UM) 409*8kB (UME) 133*16kB (UM) 35*32kB (UM) 1*64kB (M) 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 9272kB [ 3106.621946] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3106.623659] 826 total pagecache pages [ 3106.624443] 0 pages in swap cache [ 3106.625163] Swap cache stats: add 0, delete 0, find 0/0 [ 3106.626236] Free swap = 0kB [ 3106.626833] Total swap = 0kB [ 3106.627464] 524158 pages RAM [ 3106.628096] 0 pages HighMem/MovableOnly [ 3106.628872] 105052 pages reserved [ 3106.629622] Unreclaimable slab info: [ 3106.630789] Name Used Total [ 3106.632003] pid_3 7KB 7KB [ 3106.633089] pid_2 34KB 48KB [ 3106.634176] IEEE-802.15.4-MAC 31KB 31KB [ 3106.635254] p9_req_t 8KB 8KB [ 3106.636369] fib6_nodes 28KB 28KB [ 3106.637447] ip6_dst_cache 41KB 41KB [ 3106.638530] PINGv6 63KB 63KB [ 3106.639611] RAWv6 315KB 315KB [ 3106.640697] UDPLITEv6 62KB 62KB [ 3106.641776] UDPv6 62KB 62KB [ 3106.642850] tw_sock_TCPv6 7KB 7KB [ 3106.643944] request_sock_TCPv6 7KB 7KB [ 3106.645046] TCPv6 62KB 62KB [ 3106.646131] scsi_sense_cache 8KB 8KB [ 3106.647224] sd_ext_cdb 3KB 3KB [ 3106.648320] virtio_scsi_cmd 16KB 16KB [ 3106.649404] sgpool-128 59KB 59KB [ 3106.650483] sgpool-64 63KB 63KB [ 3106.651566] sgpool-32 1129KB 1197KB [ 3106.652656] sgpool-16 307KB 307KB [ 3106.653727] sgpool-8 183KB 183KB [ 3106.654797] io_kiocb 52KB 56KB [ 3106.655891] mqueue_inode_cache 62KB 62KB [ 3106.657146] nfs_commit_data 15KB 15KB [ 3106.658235] nfs_write_data 47KB 47KB [ 3106.659321] jbd2_inode 7KB 7KB [ 3106.660411] ext4_system_zone 7KB 7KB [ 3106.661489] ext4_io_end_vec 7KB 7KB [ 3106.662560] ext4_bio_post_read_ctx 15KB 15KB [ 3106.663734] kioctx 31KB 31KB [ 3106.664808] aio_kiocb 7KB 7KB [ 3106.665878] dio 15KB 15KB [ 3106.666959] bio-2 4KB 4KB [ 3106.668054] fasync_cache 3KB 3KB [ 3106.669140] pid_namespace 7KB 7KB [ 3106.670221] posix_timers_cache 15KB 15KB [ 3106.671321] rpc_buffers 31KB 31KB [ 3106.672409] rpc_tasks 3KB 3KB [ 3106.673484] UNIX 263KB 372KB [ 3106.674567] UDP-Lite 63KB 63KB [ 3106.675669] tcp_bind_bucket 8KB 8KB [ 3106.676740] inet_peer_cache 4KB 4KB [ 3106.677814] xfrm_state 32KB 32KB [ 3106.678897] ip_fib_trie 8KB 8KB [ 3106.679974] ip_fib_alias 15KB 15KB [ 3106.681056] ip_dst_cache 64KB 64KB [ 3106.682139] PING 31KB 31KB [ 3106.683225] RAW 343KB 343KB [ 3106.684308] UDP 220KB 315KB [ 3106.685387] tw_sock_TCP 15KB 15KB [ 3106.686473] request_sock_TCP 7KB 7KB [ 3106.687595] TCP 60KB 60KB [ 3106.688709] hugetlbfs_inode_cache 30KB 30KB [ 3106.689846] bio-1 11KB 11KB [ 3106.690913] eventpoll_pwq 23KB 23KB [ 3106.692001] eventpoll_epi 55KB 55KB [ 3106.693088] inotify_inode_mark 109KB 109KB [ 3106.694190] request_queue 60KB 60KB [ 3106.695258] blkdev_ioc 22KB 22KB [ 3106.696335] bio-0 796KB 796KB [ 3106.697409] biovec-max 552KB 833KB [ 3106.698493] biovec-64 1271KB 1338KB [ 3106.699591] biovec-16 213KB 213KB [ 3106.700670] user_namespace 31KB 31KB [ 3106.701749] uid_cache 8KB 8KB [ 3106.702835] dmaengine-unmap-2 4KB 4KB [ 3106.703923] audit_buffer 7KB 7KB [ 3106.704993] skbuff_fclone_cache 82KB 82KB [ 3106.706122] skbuff_head_cache 490KB 663KB [ 3106.707200] configfs_dir_cache 4KB 4KB [ 3106.708303] file_lock_cache 20KB 35KB [ 3106.709373] file_lock_ctx 7KB 7KB [ 3106.710456] fsnotify_mark_connector 28KB 28KB [ 3106.711643] net_namespace 176KB 205KB [ 3106.712714] task_delay_info 79KB 88KB [ 3106.713782] taskstats 38KB 38KB [ 3106.714858] proc_dir_entry 311KB 378KB [ 3106.715939] pde_opener 31KB 31KB [ 3106.717008] seq_file 56KB 56KB [ 3106.718130] sigqueue 98KB 98KB [ 3106.719207] shmem_inode_cache 1242KB 1415KB [ 3106.720295] kernfs_iattrs_cache 270KB 270KB [ 3106.721426] kernfs_node_cache 5572KB 5842KB [ 3106.722497] mnt_cache 150KB 181KB [ 3106.723585] filp 757KB 1177KB [ 3106.724655] names_cache 6222KB 6222KB [ 3106.725728] hashtab_node 278KB 278KB [ 3106.726797] ebitmap_node 1149KB 1149KB [ 3106.727877] avtab_node 4976KB 4976KB [ 3106.728950] avc_node 35KB 35KB [ 3106.730077] lsm_inode_cache 2598KB 3075KB [ 3106.731151] lsm_file_cache 178KB 204KB [ 3106.732246] key_jar 39KB 39KB [ 3106.733320] uts_namespace 15KB 15KB [ 3106.734388] nsproxy 11KB 11KB [ 3106.735458] vm_area_struct 1211KB 1248KB [ 3106.736535] mm_struct 322KB 409KB [ 3106.737612] fs_cache 39KB 56KB [ 3106.738681] files_cache 208KB 223KB [ 3106.739760] signal_cache 336KB 463KB [ 3106.740835] sighand_cache 265KB 390KB [ 3106.741913] task_struct 836KB 1261KB [ 3106.742990] cred_jar 128KB 168KB [ 3106.744078] anon_vma_chain 267KB 271KB [ 3106.745148] anon_vma 139KB 139KB [ 3106.746220] pid 56KB 71KB [ 3106.747292] Acpi-Operand 100KB 138KB [ 3106.748368] Acpi-ParseExt 27KB 27KB [ 3106.749460] Acpi-Parse 154KB 169KB [ 3106.750531] Acpi-State 133KB 149KB [ 3106.751616] Acpi-Namespace 24KB 24KB [ 3106.752686] numa_policy 3KB 3KB [ 3106.753759] trace_event_file 163KB 163KB [ 3106.754826] ftrace_event_field 280KB 280KB [ 3106.755919] pool_workqueue 56KB 56KB [ 3106.756986] task_group 16KB 16KB [ 3106.758059] vmap_area 87KB 102KB [ 3106.759133] page->ptl 145KB 189KB [ 3106.760220] kmemleak_scan_area 44KB 63KB [ 3106.762266] kmemleak_object 129143KB 149832KB [ 3106.763360] kmalloc-8k 3520KB 3872KB [ 3106.764454] kmalloc-4k 8048KB 9128KB [ 3106.765545] kmalloc-2k 4236KB 5792KB [ 3106.766626] kmalloc-1k 2486KB 3616KB [ 3106.767740] kmalloc-512 2867KB 4816KB [ 3106.768820] kmalloc-256 1330KB 1472KB [ 3106.769892] kmalloc-192 595KB 620KB [ 3106.770968] kmalloc-128 472KB 552KB [ 3106.772077] kmalloc-96 372KB 692KB [ 3106.773180] kmalloc-64 849KB 1344KB [ 3106.774255] kmalloc-32 780KB 868KB [ 3106.775330] kmalloc-16 381KB 384KB [ 3106.776404] kmalloc-8 334KB 334KB [ 3106.777477] kmem_cache_node 47KB 47KB [ 3106.778548] kmem_cache 75KB 75KB [ 3106.779626] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/ssh.service,task=sshd,pid=16207,uid=0 [ 3106.784224] Out of memory (oom_kill_allocating_task): Killed process 16207 (sshd) total-vm:13080kB, anon-rss:692kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:64kB oom_score_adj:0 [ 3106.846991] systemd[1]: Stopped Flush Journal to Persistent Storage. [ 3106.943107] oom_reaper: reaped process 16154 (syz-executor.0), now anon-rss:0kB, file-rss:34816kB, shmem-rss:0kB [ 3107.172612] systemd invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 3107.174300] CPU: 1 PID: 1 Comm: systemd Not tainted 5.10.176 #1 [ 3107.175304] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 [ 3107.176702] Call Trace: [ 3107.177159] dump_stack+0x107/0x167 [ 3107.177769] dump_header+0x106/0x65e [ 3107.178396] oom_kill_process.cold+0x10/0x15 [ 3107.179145] out_of_memory+0x358/0x1440 [ 3107.179827] ? oom_killer_disable+0x280/0x280 [ 3107.180560] ? mutex_trylock+0x237/0x2b0 [ 3107.181229] ? __alloc_pages_slowpath.constprop.0+0xb0e/0x2130 [ 3107.182200] __alloc_pages_slowpath.constprop.0+0x1b25/0x2130 [ 3107.183166] ? lock_acquire+0x137/0x470 [ 3107.183839] ? warn_alloc+0x190/0x190 [ 3107.184489] __alloc_pages_nodemask+0x51d/0x600 [ 3107.185254] ? __alloc_pages_slowpath.constprop.0+0x2130/0x2130 [ 3107.186249] ? find_get_entry+0x2c8/0x740 [ 3107.186949] alloc_pages_current+0x187/0x280 [ 3107.187697] __page_cache_alloc+0x2d2/0x360 [ 3107.188420] pagecache_get_page+0x2c7/0xc80 [ 3107.189135] filemap_fault+0x177d/0x2210 [ 3107.189812] ? read_cache_page_gfp+0x30/0x30 [ 3107.190540] ? replace_page_cache_page+0x1200/0x1200 [ 3107.191371] ? count_memcg_event_mm.part.0+0x10f/0x2f0 [ 3107.192262] ext4_filemap_fault+0x87/0xc0 [ 3107.192952] __do_fault+0x113/0x410 [ 3107.193565] handle_mm_fault+0x1e72/0x3520 [ 3107.194278] ? find_held_lock+0x2c/0x110 [ 3107.194957] ? __pmd_alloc+0x5e0/0x5e0 [ 3107.195622] ? vmacache_find+0x55/0x2a0 [ 3107.196288] ? vmacache_update+0xce/0x140 [ 3107.196986] do_user_addr_fault+0x56e/0xc60 [ 3107.197706] exc_page_fault+0xa2/0x1a0 [ 3107.198345] ? asm_exc_page_fault+0x8/0x30 [ 3107.199039] asm_exc_page_fault+0x1e/0x30 [ 3107.199726] RIP: 0033:0x7f2e954fe718 [ 3107.200342] Code: Unable to access opcode bytes at RIP 0x7f2e954fe6ee. [ 3107.201414] RSP: 002b:00007ffe289ad1b8 EFLAGS: 00010283 [ 3107.202290] RAX: 00007ffe289ae390 RBX: 0000000000000000 RCX: 0000000000000000 [ 3107.203459] RDX: 00007ffe289ad960 RSI: 0000000000000025 RDI: 0000558c323114c0 [ 3107.204636] RBP: 00007ffe289ad710 R08: 0000000000000000 R09: 00007ffe289ad820 [ 3107.205811] R10: 00007f2e95510ac0 R11: 00007f2e955113c0 R12: 00007ffe289ad730 [ 3107.206986] R13: 0000558c323114c0 R14: 00007ffe289ad960 R15: 00000000fbad8001 [ 3107.208318] Mem-Info: [ 3107.208747] active_anon:35 inactive_anon:4200 isolated_anon:0 [ 3107.208747] active_file:25 inactive_file:10 isolated_file:0 [ 3107.208747] unevictable:0 dirty:0 writeback:0 [ 3107.208747] slab_reclaimable:6700 slab_unreclaimable:58923 [ 3107.208747] mapped:8723 shmem:106 pagetables:196 bounce:0 [ 3107.208747] free:2916 free_pcp:0 free_cma:0 [ 3107.213792] Node 0 active_anon:140kB inactive_anon:16800kB active_file:100kB inactive_file:40kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:34892kB dirty:0kB writeback:0kB shmem:424kB writeback_tmp:0kB kernel_stack:2816kB all_unreclaimable? no [ 3107.217505] Node 0 DMA free:6484kB min:48kB low:60kB high:72kB reserved_highatomic:0KB active_anon:0kB inactive_anon:8kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB pagetables:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3107.221762] lowmem_reserve[]: 0 1616 1616 1616 [ 3107.222559] Node 0 DMA32 free:5180kB min:11260kB low:12912kB high:14564kB reserved_highatomic:0KB active_anon:140kB inactive_anon:16792kB active_file:108kB inactive_file:0kB unevictable:0kB writepending:0kB present:2080640kB managed:1660516kB mlocked:0kB pagetables:784kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 3107.227129] lowmem_reserve[]: 0 0 0 0 [ 3107.227796] Node 0 DMA: 1*4kB (U) 2*8kB (UM) 2*16kB (UM) 1*32kB (M) 2*64kB (UM) 1*128kB (M) 2*256kB (UM) 1*512kB (M) 1*1024kB (M) 0*2048kB 1*4096kB (M) = 6484kB [ 3107.230283] Node 0 DMA32: 528*4kB (UME) 231*8kB (UME) 77*16kB (UM) 20*32kB (UM) 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 5832kB [ 3107.232552] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 3107.233916] 172 total pagecache pages [ 3107.234545] 0 pages in swap cache [ 3107.235122] Swap cache stats: add 0, delete 0, find 0/0 [ 3107.235991] Free swap = 0kB [ 3107.236495] Total swap = 0kB [ 3107.236978] 524158 pages RAM [ 3107.237486] 0 pages HighMem/MovableOnly [ 3107.238142] 105052 pages reserved [ 3107.238697] Unreclaimable slab info: [ 3107.239315] Name Used Total [ 3107.240229] pid_3 7KB 7KB [ 3107.241099] pid_2 34KB 48KB [ 3107.241953] IEEE-802.15.4-MAC 31KB 31KB [ 3107.242828] p9_req_t 8KB 8KB [ 3107.243719] fib6_nodes 28KB 28KB [ 3107.244596] ip6_dst_cache 41KB 41KB [ 3107.245474] PINGv6 63KB 63KB [ 3107.246349] RAWv6 315KB 315KB [ 3107.247224] UDPLITEv6 62KB 62KB [ 3107.248124] UDPv6 62KB 62KB [ 3107.248992] tw_sock_TCPv6 7KB 7KB [ 3107.249873] request_sock_TCPv6 7KB 7KB [ 3107.250764] TCPv6 62KB 62KB [ 3107.251662] scsi_sense_cache 8KB 8KB [ 3107.252549] sd_ext_cdb 3KB 3KB [ 3107.253434] virtio_scsi_cmd 16KB 16KB [ 3107.254332] sgpool-128 59KB 59KB [ 3107.255243] sgpool-64 63KB 63KB [ 3107.256176] sgpool-32 1129KB 1197KB [ 3107.257070] sgpool-16 307KB 307KB [ 3107.257966] sgpool-8 183KB 183KB [ 3107.258870] io_kiocb 52KB 56KB [ 3107.259780] mqueue_inode_cache 62KB 62KB [ 3107.260695] nfs_commit_data 15KB 15KB [ 3107.261589] nfs_write_data 47KB 47KB [ 3107.262497] jbd2_inode 7KB 7KB [ 3107.263396] ext4_system_zone 7KB 7KB [ 3107.264299] ext4_io_end_vec 7KB 7KB [ 3107.265187] ext4_bio_post_read_ctx 15KB 15KB [ 3107.266137] kioctx 31KB 31KB [ 3107.266996] aio_kiocb 7KB 7KB [ 3107.267901] dio 15KB 15KB [ 3107.268799] bio-2 4KB 4KB [ 3107.269687] fasync_cache 3KB 3KB [ 3107.270595] pid_namespace 7KB 7KB [ 3107.271489] posix_timers_cache 15KB 15KB [ 3107.272401] rpc_buffers 31KB 31KB [ 3107.273285] rpc_tasks 3KB 3KB [ 3107.274182] UNIX 263KB 372KB [ 3107.275068] UDP-Lite 63KB 63KB [ 3107.275956] tcp_bind_bucket 8KB 8KB [ 3107.276855] inet_peer_cache 4KB 4KB [ 3107.277743] xfrm_state 32KB 32KB [ 3107.278641] ip_fib_trie 8KB 8KB [ 3107.279537] ip_fib_alias 15KB 15KB [ 3107.280414] ip_dst_cache 64KB 64KB [ 3107.281281] PING 31KB 31KB [ 3107.282150] RAW 343KB 343KB [ 3107.282956] UDP 220KB 315KB [ 3107.283833] tw_sock_TCP 15KB 15KB [ 3107.284668] request_sock_TCP 7KB 7KB [ 3107.285498] TCP 60KB 60KB [ 3107.286369] hugetlbfs_inode_cache 30KB 30KB [ 3107.287270] bio-1 11KB 11KB [ 3107.288133] eventpoll_pwq 23KB 23KB [ 3107.288970] eventpoll_epi 55KB 55KB [ 3107.289811] inotify_inode_mark 109KB 109KB [ 3107.290667] request_queue 60KB 60KB [ 3107.291516] blkdev_ioc 22KB 22KB [ 3107.292396] bio-0 852KB 852KB [ 3107.293257] biovec-max 484KB 803KB [ 3107.294116] biovec-64 1302KB 1338KB [ 3107.294955] biovec-16 217KB 217KB [ 3107.295835] user_namespace 31KB 31KB [ 3107.296692] uid_cache 8KB 8KB [ 3107.297540] dmaengine-unmap-2 4KB 4KB [ 3107.298386] audit_buffer 7KB 7KB [ 3107.299234] skbuff_fclone_cache 82KB 82KB [ 3107.300125] skbuff_head_cache 474KB 645KB [ 3107.300950] configfs_dir_cache 4KB 4KB [ 3107.301815] file_lock_cache 20KB 35KB [ 3107.302663] file_lock_ctx 7KB 7KB [ 3107.303516] fsnotify_mark_connector 28KB 28KB [ 3107.304582] net_namespace 176KB 205KB [ 3107.305447] task_delay_info 79KB 88KB [ 3107.306297] taskstats 38KB 38KB [ 3107.307148] proc_dir_entry 311KB 378KB [ 3107.308003] pde_opener 31KB 31KB [ 3107.308863] seq_file 56KB 56KB [ 3107.309727] sigqueue 98KB 98KB [ 3107.310587] shmem_inode_cache 1230KB 1415KB [ 3107.311436] kernfs_iattrs_cache 270KB 270KB [ 3107.312334] kernfs_node_cache 5572KB 5842KB [ 3107.313187] mnt_cache 150KB 181KB [ 3107.314045] filp 745KB 1177KB [ 3107.314881] names_cache 5822KB 6251KB [ 3107.315751] hashtab_node 278KB 278KB [ 3107.316614] ebitmap_node 1149KB 1149KB [ 3107.317472] avtab_node 4976KB 4976KB [ 3107.318335] avc_node 35KB 35KB [ 3107.319207] lsm_inode_cache 2595KB 3071KB [ 3107.320072] lsm_file_cache 178KB 204KB [ 3107.320915] key_jar 39KB 39KB [ 3107.321771] uts_namespace 15KB 15KB [ 3107.322633] nsproxy 11KB 11KB [ 3107.323488] vm_area_struct 1216KB 1248KB [ 3107.324356] mm_struct 322KB 409KB [ 3107.325213] fs_cache 39KB 56KB [ 3107.326050] files_cache 208KB 223KB [ 3107.326868] signal_cache 336KB 463KB [ 3107.327726] sighand_cache 265KB 390KB [ 3107.328571] task_struct 836KB 1261KB [ 3107.329418] cred_jar 128KB 168KB [ 3107.330260] anon_vma_chain 267KB 271KB [ 3107.331106] anon_vma 104KB 135KB [ 3107.331933] pid 56KB 71KB [ 3107.332784] Acpi-Operand 100KB 138KB [ 3107.333624] Acpi-ParseExt 27KB 27KB [ 3107.334493] Acpi-Parse 154KB 169KB [ 3107.335345] Acpi-State 133KB 149KB [ 3107.336204] Acpi-Namespace 24KB 24KB [ 3107.337045] numa_policy 3KB 3KB [ 3107.337866] trace_event_file 163KB 163KB [ 3107.338705] ftrace_event_field 280KB 280KB [ 3107.339575] pool_workqueue 56KB 56KB [ 3107.340418] task_group 16KB 16KB [ 3107.341256] vmap_area 87KB 102KB [ 3107.342090] page->ptl 145KB 189KB [ 3107.342912] kmemleak_scan_area 44KB 63KB [ 3107.344229] kmemleak_object 129405KB 149558KB [ 3107.345080] kmalloc-8k 3360KB 3744KB [ 3107.345902] kmalloc-4k 7864KB 9064KB [ 3107.346750] kmalloc-2k 4204KB 5792KB [ 3107.347604] kmalloc-1k 2496KB 3616KB [ 3107.348462] kmalloc-512 2814KB 4800KB [ 3107.349302] kmalloc-256 1330KB 1472KB [ 3107.350141] kmalloc-192 585KB 620KB [ 3107.350962] kmalloc-128 456KB 552KB [ 3107.351812] kmalloc-96 370KB 692KB [ 3107.352665] kmalloc-64 848KB 1344KB [ 3107.353502] kmalloc-32 778KB 868KB [ 3107.354334] kmalloc-16 381KB 384KB [ 3107.355160] kmalloc-8 334KB 334KB [ 3107.355985] kmem_cache_node 47KB 47KB [ 3107.356811] kmem_cache 75KB 75KB [ 3107.357641] oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/system.slice/rsyslog.service,task=rsyslogd,pid=16201,uid=0 [ 3107.360066] Out of memory: Killed process 16201 (rsyslogd) total-vm:220876kB, anon-rss:1368kB, file-rss:0kB, shmem-rss:0kB, UID:0 pgtables:72kB oom_score_adj:0 [ 3107.399277] systemd[1]: ssh.service: A process of this unit has been killed by the OOM killer. [ 3107.431554] systemd[1]: rsyslog.service: Main process exited, code=killed, status=9/KILL [ 3107.436805] systemd[1]: rsyslog.service: Failed with result 'signal'. [ 3107.461863] systemd[1]: ssh.service: Main process exited, code=killed, status=9/KILL [ 3107.464299] systemd[1]: ssh.service: Failed with result 'oom-kill'. [ 3107.485423] systemd[1]: Failed to start OpenBSD Secure Shell server. [ 3107.488836] systemd[1]: Stopped Journal Service. [ 3107.489762] systemd[1]: systemd-journald.service: Consumed 9.204s CPU time. [ 3107.535764] systemd[1]: Starting Journal Service... [ 3107.590900] systemd[1]: ssh.service: Scheduled restart job, restart counter is at 2. [ 3107.592082] systemd[1]: rsyslog.service: Scheduled restart job, restart counter is at 2. [ 3107.593216] systemd[1]: Stopped System Logging Service. [ 3107.639586] systemd[1]: Starting System Logging Service... [ 3107.640479] systemd[1]: Stopped OpenBSD Secure Shell server. [ 3107.668396] systemd[1]: Starting OpenBSD Secure Shell server... [ 3107.865671] systemd[1]: Started System Logging Service. [ 3107.886650] systemd-journald[16208]: File /var/log/journal/7e681e5076844de4a5cfa8606a84b008/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 3107.903591] systemd[1]: Started Rule-based Manager for Device Events and Files. [ 3108.135733] systemd[1]: Stopped target Bluetooth. [ 3108.172864] systemd[1]: Started OpenBSD Secure Shell server. [ 3108.756357] systemd[1]: Started Journal Service. [ 3108.867022] systemd-journald[16208]: Received client request to flush runtime journal. VM DIAGNOSIS: 08:01:01 Registers: info registers vcpu 0 RAX=0000000000000001 RBX=3b86a2757c2fa5a2 RCX=ffffffff81269fae RDX=1ffff110099acabe RSI=ffff88804cd655f8 RDI=ffffffff8685d6e0 RBP=0000000000000003 RSP=ffff88801ebdf388 R8 =0000000000000000 R9 =ffffffff8685d6e7 R10=fffffbfff0d0badc R11=0000000000000001 R12=ffff88804cd64d40 R13=ffff88804cd65620 R14=0000000000000001 R15=0000000000000000 RIP=ffffffff8126990d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 00007f3070aa68c0 00000000 00000000 GS =0000 ffff88806ce00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f2e951ae2c8 CR3=000000001e568000 CR4=00350ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=000000000000002f002f2e2e2f002e2e XMM01=0000000000000000696c61766e49002f XMM02=ffffffffffffff0f0e0d0c0b0a090807 XMM03=696e656420737365636341002f737973 XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000558419237fa0000055841924c3d0 XMM06=00005584189cfa400000000000000000 XMM07=00000000000000000000000000000000 XMM08=7269762f736563697665642f7379732f XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000 info registers vcpu 1 RAX=0000000000000000 RBX=ffff88801e3d3ff8 RCX=ffffffff8111340d RDX=ffff88800be94d40 RSI=ffffffff81113417 RDI=0000000000000005 RBP=ffff8880178a6f00 RSP=ffff88800c2b74b8 R8 =0000000000000001 R9 =0000000000000003 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=dffffc0000000000 R14=ffffed1002f14dea R15=00007f3070fff000 RIP=ffffffff8111341a RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 00000000 00000000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 00000000 00000000 FS =0000 0000000000000000 00000000 00000000 GS =0000 ffff88806cf00000 00000000 00000000 LDT=0000 fffffe0000000000 00000000 00000000 TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 00000fff CR0=80050033 CR2=00007f3070b01c30 CR3=0000000004e26000 CR4=00350ee0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 XMM00=ffffffffffffffffffffffff00000000 XMM01=0000343a372f6b636f6c622f7665642f XMM02=00ffff00000000000000000000000000 XMM03=0000000000ff0000000000ff000000ff XMM04=2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f2f XMM05=0000558419218820000055841924bdc0 XMM06=0000000000000000ffffffff00000004 XMM07=00000000000000000000000000000000 XMM08=200000343a372f6b636f6c622f766564 XMM09=00000000000000000000000000000000 XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000 XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000 XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000